Hi @Seneti and thanks for your feedback!
Our vision for SonarLint is indeed to report as much as possible, in the very moment you are coding, the same issues that SonarCloud will detect later when it analyzes your pull request or project branch, so that you can send cleaner pull requests and avoid rework.
Although SonarLint is already able to report the vast majority of bugs and code smells, Security Hotspots are not supported yet. We have short-term plans to support Security Hotspots in SonarLint for Visual Studio (we’ve just released this feature for VS Code ) and you can follow the status here.
Apart for Security Hotspots there are few other cases of reportings not yet supported by SonarLint, and you can find a list of those cases here. One noteworthy case are Taint Vulnerabilities, that we decided to not run in SonarLint for performance reasons. Nevertheless, those issues are automatically pulled by SonarLint from SonarCloud and displayed in the local code (more info in this page).