SonarLint - Can it checks for vulnerabilities such as SQL Injection?

Julien_HENRY · June 8, 2020, 8:25am

SonarLint - Can it checks for vulnerabilities such as SQL Injection?

Short answer: no.

We made multiple attempts of enabling advanced security rules in SonarLint, and so far it has not been successful. Those rules are based on a complex algorithm that is currently not IDE friendly, since it needs to analyze the entire project to give good results (by entire project, I really mean all project modules, that are possibly not even there in the IDE workspace). It is also not incremental, so a change of a single line of code requires to scan again the entire project, which on big projects can take minutes/hours.

This is still in our 2020 roadmap, so we will continue to work on it and trying to find solutions.

Topic		Replies	Views
SonarLint for VSCode 3.12 - Enhanced investigation of taint vulnerabilities Releases vscode , sonarqube-ide	0	820	November 14, 2022
Getting started with SonarQube Lint in Visual Studio Code Visual Studio visualstudio , vscode , sonarqube-ide	1	3872	March 4, 2020
Does SonarQube detect SQL injection vulnerabilities in Community Edition? SonarQube Server / Community Build python	1	3197	October 29, 2023
Security Scanning with SonarQube? SonarQube Server / Community Build	5	2199	August 16, 2019
Sonarqube not detecting SQL injection in Java code SonarQube Server / Community Build	2	1213	March 25, 2021

SonarLint - Can it checks for vulnerabilities such as SQL Injection?

Related topics