Hello Dart/Flutter developers,
We’re excited to announce that we’ve added security rules to the Dart analysis in Sonar! This is a big step forward in helping you write more secure mobile applications.
These new rules are designed to help you identify and fix vulnerabilities right in your code. They are largely based on the well-established OWASP Mobile Top 10, a list of the most critical security risks for mobile applications.
With this update, you can now detect a wide range of security issues. The new rules cover most of the OWASP Mobile Top 10, with the exception of M4 (Insufficient Input/Output Validation), which requires taint analysis.
You can explore the new rules in detail on our website:
- Vulnerabilities: Dart static code analysis | Vulnerability
- Security Hotspots: Dart static code analysis | Security Hotspot
These security rules are provided with SonarQube Server 2025.3 and already available for SonarCloud users. As always, we welcome your feedback. Let us know what you think and how we can continue to improve the Dart analysis.
Enjoy!
Alex