SonarQube: Hotspots feature parity with issues

It would be great if Security Hotspots in SonarQube would have feature parity with Issues.

Two examples:

  1. While it’s possible (and even easy) for me to find all projects that have at least 1 Vulnerability (on the SonarQube home page showing all projects, I click on Security Rating → B), it appears to be impossible to find all projects that have at least 1 security hotspot (I can click on Security Review → B, but that does not show me the projects that have 80-99% of the hotspots reviewed).
  2. While it’s possible to list and filter all types of Issues across projects (I simply click on Issues in the main site navigation, and then the filtering is accessible from the left hand navigation), it appears to be impossible to see and filter all Security Hotspots across projects.

Perhaps the features are there, and I just don’t see them?

FYI: We’re using SonarQube Developer Edition 8.7, and we’re planning an upgrade to 8.8 or 8.9 soon.

Hello @ernstdehaan,

Thanks for the feedback and I would like to get more details about your use case.

The Security Hotspots are targeting developers and we expect them to perform a daily review of the Security Hotspots so they learn from the product and the documentation we provide so that the overall security of the code is strengthen.

Would you be able to explain in which functional context do you need to find all the projects in your company having at least 1 Security Hotspot? Same question for “see and filter all Security Hotspots across projects”.

Thanks
Alex