How do I enable taint analysis in 7.9tls?

Must-share information

  • 7.9 lts developer edition
  • I want to see taint analysis on vulnerability and/or hotspots.
  • Reviewed 10’s of my projects with vulns, searched all the documentation, searched this forum for instructions on how to enable taint analysis or reasons why i might not be seeing it.
    I also read this: it references adding elements, but no link to the documentation on how to add an element.
    Ann’s blog is great, i just attend her webinar, no how to enable these things in 7.9…or why i might not be seeing taint analysis.

Side note but maybe related, IDK?
I also have projects using java, C#, and JS with hotspots grayed out. Meaning I can’t tell if there are no hotspots…or if hotspots are disabled for that project. All of my projects use the sonarway quality profiles and the hot spot rules enabled, but no hotspot information in my issues/results.


The key thing is to make sure the rules are enabled in your profile. I’ll assume you’re using a custom profile (versus Sonar way) that was crafted before you upgraded to DE. That means the rules aren’t on yet. To enable them:

  • go to the Rules page
  • filter by Langauge
  • expand the Repositories facet
  • select Security SonarAnalyzer
  • use Bulk Change to enable the rules in your profile.

Similarly for Hotspots

  • start fresh at the Rules page (or Clear All Filters)
  • narrow by Language
  • filter by Type: Security Hotspot
  • use Bulk Change to enable the rules in your profile

You’ll want to do this for each language in question, then reanalyze. If this doesn’t do it for you, come back to us and we’ll sort it out.