According to the release notes from Sonarqube 8.6 now we can see Security Hotspots in some IDEs as IntelliJ. However, I cannot see them, it is still showing (as before) only Bugs.
The release notes says:
“Triage Security Hotspots in-IDE with a direct link from SonarQube”
If IntelliJ IDEA (or any supported IntelliJ-based IDE) is started and SonarLint is enabled, it should show the hotspot in the relevant file, with the appropriate context information to let you decide which course of action to take.