Sonarlint with Visual Studio 2022 not showing security hotspots even though it's loading the hotspot

Please provide

  • Operating system: Windows 11 Pro
  • SonarLint plugin version:
  • Programming language you’re coding in: C#
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): Connected mode with SonarQube - * Developer Edition Version 10.0 (build 68432)

And a thorough description of the problem / question:

I am using connected mode and correct binding however I am not able to see the security hotspots on the panel. It’s empty. Also I am not able to see the Sonar suggestions in files in the IDE. When I configured the logging level of sonarlint to verbose, I was clearly able to see that Sonarlint is able to query the Security hotspots via REST api and also other data but the panels do not show anything.


Hello @shailendra333, and welcome to the Community!

Hotspots found during local analysis are located in the SonarLint > Connected Mode > View Local Security Hotspots window. Please note that any Security Hotspots marked as Reviewed on the server will not be shown.

Sonar Server Security Hotspots window is used for Security Hotspots you discover via Open in IDE functionality in SonarQube.

Here’s the documentation page with more details on this topic: Security hotspots - Visual Studio

Let us know if this answer was helpful.

Thanks Georgii.

To test further , I created a sample C# class with security issues. I have got connected mode settings on. However still I am not able to see Sonarlint local issues…

public class SecurityHoptspot
    public async void securityIssues()
        // TODO: Say hello to SonarLint!
        string username = "admin";
        string password = "Admin123"; // Sensitive
        string usernamePassword = "user=admin&password=Admin123"; // Sensitive
        string url = "scheme://"; // Sensitive


In the Sonarlint output I can see this

Here is the verbose output from Sonarlint

[SecretsAnalyzer] Analyzing SecurityHoptspot.cs
Loaded settings from “C:\Users\abc\AppData\Roaming\SonarLint for Visual Studio\Bindings<project name>\secrets_settings.json”.
[RuleSettings] Using connected mode settings. User-specified settings in settings.json will be ignored.
[SecretsAnalyzer] Finished analyzing SecurityHoptspot.cs, analysis time: 0.005s
[SecretsAnalyzer] Found 0 issue(s) for SecurityHoptspot.cs

@shailendra333 It looks like you’re looking for Local Hotspots for C#. Unfortunately, due to some technical limitations, we do not currently support that, and there are no plans to add this functionality.

However, you can still open any C# hotspotm found on the server in the IDE using the Server Security Hotspots window.

Apologies for the inconvenience.