I have 200 security hotspots in my sonarqube server, but in my sonarqube for IDE, it only flag out 100. So there is about a 100 issues not being flagged out
Can you share the version of SonarQube for IDE you’re using? Can you also share a verbose log from IDE startup to where you’re expecting to see the SecurityHotspots, but don’t?
Off-hand, this sounds like a pagination problem, but let’s see what the logs say.
Also, and for context, SonarQube for IDE is not intended to be a full code inspection tool, but an aide for active coding. The idea is to see issues in the code files you’re currently working in, not to browse all issues.
Here is an example of the differences in findings. As you can see in the IDE there is only 10 results, but in the UI there is 50 results when i do a pysonar scan.
Thank you for reporting this issue and providing the logs. I understand it must be confusing to see a discrepancy between the SonarQube server and VS Code, especially with such a large difference (50 issues vs. 10).
While the logs haven’t immediately pinpointed the cause, there are a couple of things we should check:
Check “Focus on New Code” in VS Code: In SonarQube for VS Code, please verify your “Focus on New Code” filtering setting. This feature only shows issues in code that has changed since your last SonarQube analysis, which could explain why you see fewer issues locally.
Share Failing Rules: To investigate potential configuration or rule compatibility issues, could you please share the details of a few rules that are failing on the server but not appearing in VS Code? Knowing these rules will help us in narrowing down the cause.
We appreciate your help as we work to resolve this!