Trying to get started with SonarCloud and SonarLint. I have a solution being scanned in SonarCloud via Azure DevOps Services CI/CD. Solution consists of two projects, one VB.NET and one C# . SonarCloud shows issues detected in both projects, but when opening the files associated with the issues in Visual Studio with SonarLint bound to the SonarCloud project, only issues in the C# project are shown in the SonarLint Taint Vulnerabilities window. Based on some other questions and comments I fear this is expected behavior based on some SonarLint limitations. Any help would be appreciated.
Hi @gbonebrake, welcome to the community
Both C# and VB.NET are supported in SLVS’s taint vulnerabilities, so you should be able to see both.
Note that taint vulnerabilities window displays issues found only in the currently opened file – do you see the issues if you directly open a VB file that SonarCloud shows has a vulnerability?
Please let me know if that answers your question. Feel free to read our documentation for more information.
Thanks for the response. Yes, I understand that this window is per file, but the window is only populated with issues when files in the C# project in the solution are open for some reason. Are there any further troubleshooting steps you could recommend?
My apologies, I’ve mislead you – there are no taint rules for VB.NET at the moment.
It’s not a SonarLint limitiation; the vulnerabilities that you see in SonarCloud for VB.NET are not taint, hence why they don’t show up in the taint vulnerabilities panel in SonarLint.
You can see here all the existing vulnerability rules for VB.NET – taint rules are marked with “injection” tag, and at the moment there are no rules with that tag for VB.NET. If new rules are added in the future, they will appear in SonarLint as well.