SonarCloud not showing security hotspots on clicking the tab

yedlamadhu · January 23, 2023, 8:02am

Hi Team,

We are using sonarcloud for code quality analysis for project.

Sonar showing some x number of hotspots. but while clicking on the tab it’s not showing anything, juts it displaying below message.

We couldn’t find any results matching selected criteria.
Try to change filters to get some results.

Looking for your thoughts on this.

Thanks & Regards,
Madhu

yedlamadhu · January 24, 2023, 8:00am

Hi Team,

Could you please someone respond on this issue.

Thanks & Regards,
Madhu

ganncamp · January 24, 2023, 6:48pm

Hi Madhu,

Welcome to the community!

You’re new here, so you may not have had a chance to read the FAQ yet. It counsels patience. Specifically:

Be patient

Wait a few days before bumping a topic that hasn’t received a response.

Regarding your question, could you provide screenshots, both of the “some x number of hotspots” and the “couldn’t find any results” pages?

Thx,
Ann

yedlamadhu · January 30, 2023, 6:03am

Hi Ann,

Sorry for the delay.

Please find the screenshots.

Thanks & Regards,
Madhu

ganncamp · January 30, 2023, 2:20pm

Hi,

Could you widen that second screenshot to include the Security Hotspot filters on the left, please?

Thx,
Ann

yedlamadhu · January 30, 2023, 6:11pm

Hi Ann,

Please find latest attached screenshots.

Thanks & Regards,
Madhu

ganncamp · January 30, 2023, 6:13pm

Thanks Madhu,

I’ve flagged this for more expert attention. In the meantime, are there any errors in your browser console?

Ann

yedlamadhu · January 31, 2023, 6:13pm

Thanks Ann, I didn’t see any errors in browser console.

Thanks & Regards,
Madhu

yedlamadhu · February 2, 2023, 7:16pm

Hi Ann,

Any latest update on this issue.

Thanks & Regards,
Madhu

Csaba_Feher · February 3, 2023, 4:02pm

Hi Madhu,

Sorry for not getting back to you earlier. Did you try to run a new analysis?
We fetch the numbers from a different infra component than the actual elements and the sync sometimes missed which usually get corrected with a refreshed run against the branch.

Thanks,
Csaba

yedlamadhu · February 6, 2023, 9:41pm

Hi Csaba,

Yes we tried analysis couple of times, getting the same issues.

In other repos, we are not observing this issue.

Any specific plugins required for security hotspot reviews?

Thanks & Regards,
Madhu

anitta · February 10, 2023, 5:28am

Hi Casba

I am also suffering from the same problem as Madhu.

The Measure tab lists an estimate of the issue and the source code with the issue, but the Issue and Secrity Hotspot tabs show no issues “No Issues. Hooray!”

I think the source code attachment is working because the test coverage, etc. is displayed, but I don’t know what is causing the problem.

I am using maven from a CI tool and working in the following environment

java: coretto11
sonar-maven-plugin:3.9.1

Csaba_Feher · February 14, 2023, 9:29am

Hi @yedlamadhu, @anitta,

We tried to reproduce the issues, but we have been able to see hotspots and measures with admin rights. Could you please confirm that you still cannot see it?
As I mentioned before we usually see these errors as a result of wrong indexation which rerun on the master branch should fix.

Thanks
Csaba

anitta · February 15, 2023, 1:33am

Hi @Csaba_Feher

Thank you for your comments and measures.

However, to date, nothing is still showing up in the list of issues.

I am now suspecting a setting in maven’s sonar task.
Do you have any idea of a possible configuration that could be causing this?

Csaba_Feher · February 15, 2023, 8:46am

Hi @anitta,

At least on the r4e-api-partner project, we have been able to see the issues and hotspots… with admin rights. Is this the same project you are experiencing the problem with?
If yes or you cannot see the issues I am thinking it should be permission issues:
Managing Permissions | SonarCloud Docs
Managing Members | SonarCloud Docs
The administrator of the organisation needs to give access to the members. Can you check maybe if the administrator has access to the projects?

Thanks
Csaba

anitta · February 24, 2023, 8:16am

@Csaba_Feher

Sorry for the delay in replying.

st on the r4e-api-partner project, we have been able to see the issues and hotspots… with admin rights. Is this the same project you are experiencing the problem with?

I don’t think this project is mine. I do not recognize the name.

As for the issue of not being able to see the issue, I don’t think it is an authority issue.
It is because all of my teammates used to be able to see the issue. There was no problem viewing it.

I started having this problem after I made a change to get test coverage in maven.

anitta · March 3, 2023, 1:14am

Hi @Csaba_Feher

I continue to be plagued with this problem. Is there any way I can get your help?

I don’t recognize the r4e-api-partner project as per my previous comment. Are you saying that the private project is assigned a different name?

I am using a translation tool, so sorry if there are any discrepancies in the exchange of information.

Csaba_Feher · March 10, 2023, 2:33pm

Hi @anitta.

Sorry for the long wait, it is usually considered a new issue so I was not monitoring this thread. could you please send me all the details of your project?
I need this information to start looking into it. Next time please open a new thread if you have some other questions, you can link it if it is relevant but As you suggest this might be a different issue.

Template for a good new topic, formatted with Markdown:

ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
Scanner command used when applicable (private details masked)
Languages of the repository
Only if the SonarCloud project is public, the URL
- And if you need help with pull request decoration, then the URL to the PR too
Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
Steps to reproduce
Potential workaround

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!