We are running SonarQube 5.5 with the C# Plugin version 5.3.1. The analysis is run using Vnext builds through an on premises instance of TFS 2015 w/ Update 2.
By default all FXCop rules came in as Code Smell, and have a severity of Major. I see how to change the severity from Major to Critical through the Quality Profile. However, I cannot see how to change a rule away from being "Code Smell".
For instance I would like to change CA2100 to be in Vulnerability instead of Code Smell. I have tagged a few of the rules for Security, Usage, Performance and so on. However, the ones tagged for Security do not show up as Vulnerabilities on the dashboards for management to review.
Would we have to copy these rules and then import them as custom rules?
Upcoming C# Plugin v5.4 will properly categorize FxCop rules as either Code Smell, Bug or Vulnerability. See SONARCS-609.