Security Hotspots tab is not showing security hotspot found

Please provide

  • Operating system: Windows 10 x64
  • SonarLint plugin version: v3.22.0
  • Programming language you’re coding in: Python
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): SonarCloud

And a thorough description of the problem / question:

Security Hotspots tab is not showing security hotspot found after the scan; as you can see in the screenshot in OUTPUT terminal there is a security hotpost but Security Hotspots is empty.
On SonarCloud, the security hotpost is shown.

Hey @anon62440631, welcome to Sonar Community! :wave: :sonar:

Thanks for your post :blush:. As it seems from your screenshot, you do not have a file open for which the Hotspot was detected. By default, the Security Hotspots view will only display findings for open files. :page_facing_up:

If you want to see Hotspots for the whole folder, you might want to select the In whole folder option. :file_folder:

Hope that helps,
Sophio :hibiscus:

Hi Sophio,
thank you for the reply!
Sorry, I’ve took the screenshot with file closed but I’ve same behavior with file closed/opened

Thank you for the quick reply!

Could you also share a screenshot from the SonarCloud UI of how this hotspot is shown there? Also, it could be helpful if you could share the full SonarLint output logs as a text file here.

Thanks in advance,

Sure! PS: I’ve only “masked” some personal infos.

SonarLint.log (3.8 KB)


This is very weird. I tried to go through exactly the same scenario as you with the same code snippet. And I see the hotspot detected both locally, and on SonarCloud. I don’t see anything wrong with your logs either :thinking:

As one more debug step, could you

  • Close the file
  • Reload VSCode window
  • Go to VSCode > Help > Toggle Developer Tools > Console
  • Clear the console
  • Open the file to trigger analysis
  • Share the screenshot here

Also, does any hotspot appear when you try the in whole folder option?


In addiction, I’ve generated terminal output log with “sonarlint.output.showVerboseLogs”: true

SonarLintVerbose.log (5.0 KB)

I’ve tried: I can see the security hotspot for that script.


Is this hotspot detected for New Code or Overall Code on SonarCloud? And what is the SonarLint focus value? You will be able to see it by clicking inside the file and hovering over the status bar item as in this screenshot.

Sophio :bowing_woman:

This hotspot in SonarCloud is detected for New Code

Before was Overall Code, I’ve changed to New Code but the behavior is the same

1 Like

Well, I’m officially out of ideas then :sweat_smile:

  • Your logs and console output look fine
  • Since the in whole folder option gives results, it means analysis works
  • Your SonarLint focus option does not seem to be at fault

And I cannot reproduce this issue :frowning: So maybe somebody else will be able to reproduce in the Community and then we can get more insight :woman_shrugging:

The only thing I can suggest is maybe you can uninstall and reinstall SonarLint and try again?

Sorry I couldn’t help more,

Sorry, but I don’t think this is a real professional support; if you cannot reproduce this issue maybe there is other variables that you’re not considering.


Welcome to the community!

You should be aware that it is a community. This is not professional support. I invite you to familiarize yourself with the FAQ.



hey have you found a solution ?
I have the same problem…