Security Hotspot in SonarLint connected mode with SonarQube 9.9 community edition

Please provide

  • Operating system: Windows 11
  • SonarLint plugin version:
  • Programming language you’re coding in: PHP
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): SonarQube community 9.9

And a thorough description of the problem / question:

After connecting and binding successful, not showing the vulnerabilities or security hotspots for PHP and JS files, but can see few hotspots for HTML files. The same code was scanned in the sonarscanner that reported vulnerabilities and security hotspots

SonarLint for VS does not currently detect either hotspots or taint vulnerabilities live in the IDE.

If you are using Connected Mode, it will display taint issues that have been found on the server. See this wiki page for more information.

Hotspots that have been detected during batch analysis and reported to the Sonar server can be seen in the IDE, but you have to explicitly ask to open them in the IDE. See this wiki page for more information.

Thanks I will go through it and try again