Security Hotspot issues are meant to be reviewed by a security expert. They point to locations in the code where vulnerabilities often hide. They do not impact the quality gate. The security expert can change issue the status to:
“detect” which will change the issue type to “Vulnerability”.
“Dismiss” which will mark the issue as “Won’t fix”.
The description of each rule explains the kind of vulnerabilities that can be expected and what are the best practices.