I'm using SonarQube 6.3.1 with default profile Sonar way. I have the newest SonarJava plugin installed (4.8.0.9441).
I can see that the rule SQL binding mechanisms should be used is activated.
I have installed SonarLint 2.9.0 plugin for Intellij and connected to running SonarQube server.
After copying example violation from Sonar page I can see in my IDE that plugin works fine. Everything seemed perfect up to this moment.
Unfortunately, analysis on SonarQube server doesn't find this vulnerability. The same goes for another owasp-a6 rule Cookies should be secure (also found by Sonarlint). But on the other hand, some owasp rules work (i.e. Console logging should not be used). Is this a known Sonar issue that some rules are omitted? Exclusions are not a problem, I'm pretty sure that those files are being analyzed because some other issues have been found.
