Security hotspot count is spiking periodically with no apparent reason

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

  • what are you trying to achieve

  • what have you tried so far to achieve this

  • Enterprise Edition

  • Version 8.9.1 (build 44547)
    The security hotspot count is spiking periodically with no apparent reason.
    Between 3 consecutive scans the count will go from around 130 to around 580, then back to ~130 again. I am pretty sure no one is resolving 450 or so in between scans.


Thanks for the report.

This is going to be difficult to diagnose without more details.

The next time it spikes, and you attempt to characterize (by file or rule or language or…) the ephemeral Security Hotspots?


While trying to characterize by the security Hotspots, have seen that spike.


When you look at the added Security Hotspots themselves, do you see any patterns?


Hi Ann,

Below listed are the details of security hotspots shown for that project


Under the security hotspots, we can’t see the previous randomly spiked 574 security hotspots. can you please tell me how to retrieve those data to find the pattern details ?

I can see only the current scan result with 107 security hotspots.


I’m afraid we’ll have to wait for the next spike and look then.