I don't see the security-sensitive rules on visual studio code - Sonarlint plugin

Why don’t I see the security-sensitive rules, for example in typescript rules, on visual studio code, having installed the Sonarlint plugin?

Hello, welcome to the community! And thank you for your question.

Rules with title “xxx is security sensitive” are usually Security Hotspots, which are not detected on-the-fly in the IDE.

The reason behind this is that Security Hotspots are meant to bring the attention of a human being to confirm whether the code is at risk or mark the occurrence as safe, and this workflow is currently only supported on SonarQube or SonarCloud.

Please note that if you use a SonarQube server (version 8.6+) in connected mode with SonarLint for VSCode, you should be able to investigate a Security Hotspot with the “Open in IDE” feature - see the release announcement for more details.

Thank you very much!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.