Security Hotspot decoration in Azure DevOps pull requests

SonarCloud properly decorates bugs, vulnerabilities, and code smells in Azure DevOps pull requests. But it doesn’t add any comments about security hotspots.
Is there a way to configure SonarCloud to also decorate security hotspots?

If there isn’t then can some security hotspots be saved as vulnerabilities as a workaround? This question raised because we used to have the S1525 rule (“debugger” vulnerability in TypeScript) that has been marked as deprecated and became a part of a security hotspot now which is not decorated in pull requests.

Hi @kron,

No this is not currently possible.
We will assess the need to bring them back onto PR since they live their own life now.

You can try to convert them as vulnerability yes, but that’s not something we support in terms of best practice for sure.

HTH,
Mickaël