which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : 8.4
I scanned 900+ go service and found that security hotspot reviewed metric is either 0 % (E) or - (A).
I am doubtful on this. There should be at least few security hotspot. Looks like something is wrong here. Is there any other way to cross check this ? LOC range for services are between 10K - 128K.
Just noticed in rules menu that for for Go code , there is no security hotspot rule. Please find screenshot attached.
The Security Hotspot Reviewed metric is not about how many Security Hotspots have been raised but how many have been reviewed. Check the Security Hotspots tab/page to see the open Security Hotspots in your project.
Thanks Ann. How about less bugs and vulnerabilities rules for golang (screenshot is attached)? However, for java we have many bugs and vulnerabilities rules.
Hi is there anyway it could be also used as a quality gate in the future? i’ve written scripts to leverage the security rating, would that also be available for the hotspot?