Hi,
Our project is configured for both SonarQube and Roslyn rules. We have run into an issue where we believe we have addressed the vulnerability, but the rule is still firing. Please find attached screeshots for before and after issue fix.
Can you please guide us on this issue?
Thank you, @Rekhah, for the message, and apologies for the late reply.
Indeed, it seems that this is a False Positive. We are taking this feedback internally as we are continuously working on refining our injection detection capabilities to avoid such raising false positives, and always show only true vulnerabilities.
It’s great to see that you fixed the vulnerability with the help of SonarQube 
!
