Vulnerabilities and security hotspots report


A number of customers are asking for a detailed report of the vulnerabilities and security hotspots that have been identified and already resolved, and the ones still in the codebase.
Unfortunately I haven’t been able to find a way to generate these reports.


From the perspective of Sonarqube Enterprise:

You can look at the Activity pane of a project to get the history of findings on that project. It won’t give it to you in detail (as in it won’t show you the individual findings) but can give you overall metrics. The only place I’m familiar with that gives a PDF report is through the Portfolio option. Even so, that doesn’t give a detailed report of findings.