Security Hotspots in the IDE (Sonarqube 8.6)

According to the release notes from Sonarqube 8.6 now we can see Security Hotspots in some IDEs as IntelliJ. However, I cannot see them, it is still showing (as before) only Bugs.

The release notes says:
“Triage Security Hotspots in-IDE with a direct link from SonarQube”

Thanks for your help!

Hello, welcome to the community! And thank you for your question.

To be accurate, Security Hotspots won’t appear in SonarLint in the on-the-fly analysis results.

However, with SonarQube 8.6, you should see this button when browsing a security hotspot on the server:

If IntelliJ IDEA (or any supported IntelliJ-based IDE) is started and SonarLint is enabled, it should show the hotspot in the relevant file, with the appropriate context information to let you decide which course of action to take.

Please also note that this feature is available in the latest SonarLint for Visual Studio, coming soon for VSCode.

Thanks Jean-Baptiste, really good answer. Any idea when it will be available for VSCode? Thanks! Sebas

I can’t promise anything about an ongoing sprint :wink: but late January / early February looks like a fairly accurate estimate right now.

Thanks Jean-Baptiste.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

For the record @sebastianrevuelta, this feature just got published with SonarLint for VSCode 1.20.1 :tada:

Feedback is welcome, please feel free to open a new thread here!