Security Hotspots in the IDE (Sonarqube 8.6)

According to the release notes from Sonarqube 8.6 now we can see Security Hotspots in some IDEs as IntelliJ. However, I cannot see them, it is still showing (as before) only Bugs.

The release notes says:
“Triage Security Hotspots in-IDE with a direct link from SonarQube”

Thanks for your help!

Hello, welcome to the community! And thank you for your question.

To be accurate, Security Hotspots won’t appear in SonarLint in the on-the-fly analysis results.

However, with SonarQube 8.6, you should see this button when browsing a security hotspot on the server:

If IntelliJ IDEA (or any supported IntelliJ-based IDE) is started and SonarLint is enabled, it should show the hotspot in the relevant file, with the appropriate context information to let you decide which course of action to take.

Please also note that this feature is available in the latest SonarLint for Visual Studio, coming soon for VSCode.

Thanks Jean-Baptiste, really good answer. Any idea when it will be available for VSCode? Thanks! Sebas

I can’t promise anything about an ongoing sprint :wink: but late January / early February looks like a fairly accurate estimate right now.

Thanks Jean-Baptiste.