The java analyzer plugin provided in SonarQube before 8.X, was filtering issues of all other plugin targeting the java language. It was not intentional, from the java analyzer plugin point of view, but users were able to filter rules like:
@SuppressWarnings({"java:S1166", "javasecurity:S5131", "findsecbugs:PATH_TRAVERSAL_IN"})
Since SonarQube 8.X, the java analyzer plugin only filters its own issues and issues from its custom rules and not any more issues from other plugins like javasecurity or findsecbugs.
Note
This topic is related to @SuppressWarnings are not honored by the SonarQube 7.9 anymore
But the impact on SonarQube 7.9 LTS was considered as regression and the topic has been resolved by a bug fix release 6.3.2 of the java analyzer.
By contrast, this topic is about SonarQube 8.X and the problem is not resolved.