Security Hotspot count is wrong

SonarQube Version 8.9.9 (build 56886).

about two weeks ago the percentage of reviewed Hotspots was not 100% but no Hotspots to review where found. We then updated to the version 8.9.9 (before we were on a older LTS Version). As new security hotspots where deteced now we have fixed and review them. But still the percentage was not correct.

On the Overall tab Here you see 10 Security Hotspots only 54.5% Reviewed

On the Security Hotspots Tab you see there are no Hotsport to review but only 54.5% Reviewed.

When selecting the reviewed as fixed : There are 5 Security Hotspots reviewed as fixed
I have to omit the screen shot

When selecting the reviewed as safe : There are 7!! Security Hotspots reviewed as safe, but actually only 5 are shown - when you press show more it does not show more.

and on the Measures Tab there are even more doubtful figures ( 10 security hotspots , 28,6 %)

And one more (kind of funny) thing - I’m writing this the second time because when I wrote it the first time about an hour age, I switech back to the sonarcube to look up some numbers and to take another screenshot as just in that moment the newest result from the CI came in and everything looked good all green A ratings on the overview. So I was puzzeled but If its now good - why bother anyone so I deleted the topic (and stupid as I am did not save it a as draft) . You guess it when I then get back and looked up some code smells that are reported - the bogus count and E rating came back…
Additionally these new codesmells are also not displayed :

Hey there.

It sounds like something might be wrong with the Elasticsearch index backing your SonarQube instance. I can suggest:

  1. Shutting down your SonarQube instance
  2. Deleting the data/es7 folder from your SonarQube installation
  3. Starting your SonarQube server

If it happens again, it would be important to pay attention to the logs, specifically es.log.


Thanks for your advice. We did the deleting of the data/es7 . But it did not help. the es.log does also not show anything.

When a new analysis is published it looks fine (all green no codesmells) but on the issues tab are 9 codesmells that can’t be displayed. When I reopen a issued that has been resolved as won’t fix. The Overview shows the 9 Codesmells and 10 security hotspots 54.5% reviewed again.