- SonarQube Enterprise Edition - 9.4
- Scanner - 188.8.131.5247
We have C,CPP project which is configured to run PR and develop (main) branch Sonar scans via Jenkins CI pipeline.
Recently in one of the PR Sonar detected 11 new Security HotSpots out of which 10 marked as
SAFE and 1 marked as
FIXED (100% reviewed).
Meanwhile on the main branch there was 0 total security hotspots (100% reviewed).
After merging the PR into main branch we have 5 new Security hotspots on new code. These are exactly the same ones which are marked as
SAFE in the PR.
Any idea why are these hotspots again being created on main branch ?
(please note after PR merge during the main branch build there were no other changes than the changes from PR)