Hello C# and PHP developers,
On 1st of September 2020 I announced that a new Java security engine was deployed on SonarCloud as the result of the merge of RIPS and SonarSource technologies. I proud to announce today that C# and PHP developers will now benefit from the same technology: analysis are now field-sensitive. As a reminder, we call field-sensitivity the capability of the security engine to precisely track which field of an object is tainted or not by a malicious user input.
You should expect from this change less false-positives so you can concentrate on fixing real vulnerabilities.
New steps? We want to bring that powerful technology to JS and Python developers.
These new C# and PHP engines are already deployed on SonarCloud, and will be included in SonarQube 8.5 starting from the Developer Edition.
Alex