SonarCloud not showing security hotspots on clicking the tab

Hi Team,

We are using sonarcloud for code quality analysis for project.

Sonar showing some x number of hotspots. but while clicking on the tab it’s not showing anything, juts it displaying below message.

We couldn’t find any results matching selected criteria.
Try to change filters to get some results.

Looking for your thoughts on this.

Thanks & Regards,
Madhu

Hi Team,

Could you please someone respond on this issue.

Thanks & Regards,
Madhu

Hi Madhu,

Welcome to the community!

You’re new here, so you may not have had a chance to read the FAQ yet. It counsels patience. Specifically:

Be patient

  • Wait a few days before bumping a topic that hasn’t received a response.

Regarding your question, could you provide screenshots, both of the “some x number of hotspots” and the “couldn’t find any results” pages?

 
Thx,
Ann

Hi Ann,

Sorry for the delay.

Please find the screenshots.


Thanks & Regards,
Madhu

Hi,

Could you widen that second screenshot to include the Security Hotspot filters on the left, please?

 
Thx,
Ann

Hi Ann,

Please find latest attached screenshots.


Thanks & Regards,
Madhu

1 Like

Thanks Madhu,

I’ve flagged this for more expert attention. In the meantime, are there any errors in your browser console?

 
Ann

Thanks Ann, I didn’t see any errors in browser console.

Thanks & Regards,
Madhu

1 Like

Hi Ann,

Any latest update on this issue.

Thanks & Regards,
Madhu

Hi Madhu,

Sorry for not getting back to you earlier. Did you try to run a new analysis?
We fetch the numbers from a different infra component than the actual elements and the sync sometimes missed which usually get corrected with a refreshed run against the branch.

Thanks,
Csaba

Hi Csaba,

Yes we tried analysis couple of times, getting the same issues.

In other repos, we are not observing this issue.

Any specific plugins required for security hotspot reviews?

Thanks & Regards,
Madhu

Hi Casba

I am also suffering from the same problem as Madhu.

The Measure tab lists an estimate of the issue and the source code with the issue, but the Issue and Secrity Hotspot tabs show no issues “No Issues. Hooray!”

I think the source code attachment is working because the test coverage, etc. is displayed, but I don’t know what is causing the problem.

I am using maven from a CI tool and working in the following environment

java: coretto11
sonar-maven-plugin:3.9.1


Hi @yedlamadhu, @anitta,

We tried to reproduce the issues, but we have been able to see hotspots and measures with admin rights. Could you please confirm that you still cannot see it?
As I mentioned before we usually see these errors as a result of wrong indexation which rerun on the master branch should fix.

Thanks
Csaba

Hi @Csaba_Feher

Thank you for your comments and measures.

However, to date, nothing is still showing up in the list of issues.

I am now suspecting a setting in maven’s sonar task.
Do you have any idea of a possible configuration that could be causing this?

Hi @anitta,

At least on the r4e-api-partner project, we have been able to see the issues and hotspots… with admin rights. Is this the same project you are experiencing the problem with?
If yes or you cannot see the issues I am thinking it should be permission issues:
Managing Permissions | SonarCloud Docs
Managing Members | SonarCloud Docs
The administrator of the organisation needs to give access to the members. Can you check maybe if the administrator has access to the projects?

Thanks
Csaba

@Csaba_Feher

Sorry for the delay in replying.

st on the r4e-api-partner project, we have been able to see the issues and hotspots… with admin rights. Is this the same project you are experiencing the problem with?

I don’t think this project is mine. I do not recognize the name.

As for the issue of not being able to see the issue, I don’t think it is an authority issue.
It is because all of my teammates used to be able to see the issue. There was no problem viewing it.

I started having this problem after I made a change to get test coverage in maven.

Hi @Csaba_Feher

I continue to be plagued with this problem. Is there any way I can get your help?

I don’t recognize the r4e-api-partner project as per my previous comment. Are you saying that the private project is assigned a different name?

I am using a translation tool, so sorry if there are any discrepancies in the exchange of information.

Hi @anitta.

Sorry for the long wait, it is usually considered a new issue so I was not monitoring this thread. could you please send me all the details of your project?
I need this information to start looking into it. Next time please open a new thread if you have some other questions, you can link it if it is relevant but As you suggest this might be a different issue.

Template for a good new topic, formatted with Markdown:

  • ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
  • CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
  • Scanner command used when applicable (private details masked)
  • Languages of the repository
  • Only if the SonarCloud project is public, the URL
    • And if you need help with pull request decoration, then the URL to the PR too
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
  • Steps to reproduce
  • Potential workaround

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!