Best Practice for "Security Only" alerts with no quality or other lint problems

Please provide

  • Operating system: Windows
  • SonarLint plugin version: Latest
  • Programming language you’re coding in: Java
  • Is connected mode used: Yes
    • Connected to SonarCloud or SonarQube (and which version): Latest (Enterprise)

And a thorough description of the problem / question:
We want to configure the SonarLint only to alert the SW Eng. of Security Issues and NOT any other problem.

can anyone provide me with the best practice for it in the above configuration?


Hi Eli,
Which IDE are u using?

Hi, we use IntelliJ and Eclipse.

Hello Eli,

Thanks for raising this need here. May I ask you a bit more details to understand where your request comes from and your use case ? Why do you want to focus only on security problems ? Why do you want to filter out other types of issues, like bugs or code smells ? What is your workflow ?

By security issues here I suppose you are talking about vulnerabilities that SonarLint is able to detect

We want to target only security issues to be raised (as-you-code), because in the past when all the rest was enabled it overwhelmed the developers and they were busy understanding what the problem was instead of fixing the security issues.