Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Version : 220.127.116.11762
In one of the project
Last month we had fixed all the bug, vulnerable in C# & C++ code.
Today when the sonar scanner was run we are seeing 57 vulnerable hotspot.
I see there is no change in code repo. No new code is checked in to the repo.
And have compared the sonars canner logs of today & last month scan. i see no difference.
At First i thought till today sonar scanner was not picking all files from the repo to run analysis. but when compared all files there was no issue. The file count matches.
Do any of you have any idea ?
Is the vulnerable or static rules get update in sonar qube server regularly or what ?