Hi Alex,
Thanks for the response. It would be tremendously helpful if there were an option that would enable the Security Hotspots feature for feature branches. While a reviewer may not have the full view in the PR window, our reviewers always have access to the full source code and can dig to make sure that all is in order at the time of the pull request. To the greatest extent possible, we want to catch security issues prior to being merged into any of our long running branches.
Being able to see the flagged security hotspots prior to merge would be a tremendous help to streamlining our pull request checklist as it would be built into a tool that we are already using.
I hope you and your team will consider at least making this an option, if not the default.
Thanks,
Dave Wolff
(Also, I have seen security hotspots in the IntelliJ SonarLint tool and I actually like seeing them there until they are marked as a non-issue)