Connected to SonarCloud or SonarQube (and which version): SonarQube community 9.9
And a thorough description of the problem / question:
After connecting and binding successful, not showing the vulnerabilities or security hotspots for PHP and JS files, but can see few hotspots for HTML files. The same code was scanned in the sonarscanner that reported vulnerabilities and security hotspots
SonarLint for VS does not currently detect either hotspots or taint vulnerabilities live in the IDE.
If you are using Connected Mode, it will display taint issues that have been found on the server. See this wiki page for more information.
Hotspots that have been detected during batch analysis and reported to the Sonar server can be seen in the IDE, but you have to explicitly ask to open them in the IDE. See this wiki page for more information.