Hi Team,
Can I check whether there are plans to include SQL Injection checks in the Sonar Lint plugin?
This feature is very useful for the developers. Right now, I don’t see the plugin doing such checks.
Hi Team,
Can I check whether there are plans to include SQL Injection checks in the Sonar Lint plugin?
This feature is very useful for the developers. Right now, I don’t see the plugin doing such checks.
Hi @bxblin,
SonarLint - Can it checks for vulnerabilities such as SQL Injection?
Short answer: no.
We made multiple attempts of enabling advanced security rules in SonarLint, and so far it has not been successful. Those rules are based on a complex algorithm that is currently not IDE friendly, since it needs to analyze the entire project to give good results (by entire project, I really mean all project modules, that are possibly not even there in the IDE workspace). It is also not incremental, so a change of a single line of code requires to scan again the entire project, which on big projects can take minutes/hours.
This is still in our 2020 roadmap, so we will continue to work on it and trying to find solutions.