Sonar lint not displaying security vulnerability in intelliJ

Hi Team,

We see 42 security vulnerabilities for a project in sonarqube but unable to see them in IntelliJ workspace (sonarlint plugin).
Can someone help me figure out the reason for this anomaly?

I’m using community version of intelliJ

Hello Nahaarjun.
Welcome to SonarSource community and thank you for your question. I’m sorry response took so long.
There may be two reasons:

  1. This vulnerabilities are taint vulnerabilities and your SonarLint doesn’t connected to SonarQube server. SoinarLint doesn’t perform taint analysis locally so you can get this issues only from SonarQube using connected mode.
  2. You don’t use connected mode and you have different Quality Profiles on your SonarQube and SonarLint.
    Anyway connecting your SonarLint to SonarQube server should help.

In IntelliJ you have to open Settings >> Tools >> SonarLint.
Then you will see this window:


You need to click plus button above connections list. It will start a configuration wizard. You will need to provide it your SonarQube URL and token or login-password pair.

After connection is configured you need to bind your project to the project on SonarQube.
Open Project Settings for SonarLint:


Here you need to enable checkbox, select created connection from the list and choose project on SonarQube you want to bind to.
When you will setup everything, your SonarLint will pick up Quality Profile from server and start pulling taint vulnerabilities for each opened file. So whatever the reason is - your problem should be solved.
Again, sorry for long response. If issue will not be solved - feel free to come back with question.