Security hotspot reviewed metric is either 0% or - (Blank) in go code analysis

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : 8.4
    I scanned 900+ go service and found that security hotspot reviewed metric is either 0 % (E) or - (A).
    I am doubtful on this. There should be at least few security hotspot. Looks like something is wrong here. Is there any other way to cross check this ? LOC range for services are between 10K - 128K.

Just noticed in rules menu that for for Go code , there is no security hotspot rule. Please find screenshot attached.


The Security Hotspot Reviewed metric is not about how many Security Hotspots have been raised but how many have been reviewed. Check the Security Hotspots tab/page to see the open Security Hotspots in your project.


Thanks Ann. How about less bugs and vulnerabilities rules for golang (screenshot is attached)? However, for java we have many bugs and vulnerabilities rules.


Sorry, I don’t understand the question.