Sonarqube 5.6 and 7.0 tried with jdk 1.8 version. Trying to generate bugs and vulnerabilities report with sonar-scanner-cli-22.214.171.1246-windows using java code alone.
It is generating code smells saying found duplicated blocks of code must be removed. However even if i try adding new bugs and vulnerabilities also it does not show in the generated sonar report. Could some one let me know what all needs to be done from a configuration side to show these bugs and vulnerabilities in the report for java code?