SonarLint for Eclipse v5.7 released - Review Security Hotspots in the IDE

I am pleased to announce this new version of SonarLint for Eclipse, which adds the ability to open a Security Hotspot from SonarQube into Eclipse (in addition to IntelliJ IDEA, Visual Studio and Visual Studio Code) and review it in his context:

This versions also bring support to:

You can find the full release notes here

1 Like

hi Marco,
The timing of this feature is just great for our team. Thank you for enabling this in Eclipse. I am trying to get this working in Eclipse Neon.3 Release (4.6.3), Sonar Enterprise Edition

  • Version 8.4.1 (build 35646) and SonarLint 5.7. I do not see the same Security Hotspots reported in the Server in my IDE

Apart from running ‘Analyze’, are there any other steps or enablement’s needed for the Hotspots to be flagged in Eclipse?

thank you,
Nagaja Vasireddy

Hi @nagaja and welcome to the SonarSource community!
Apart from updating SonarLint to the 5.7 version (which you did), you will need your SonarQube instance to be updated (in fact the ability for SonarQube to open a Security Hotspots into the IDE was added in version 8.6). Please also bear in mind that the “SonarLint Security Hotspots” panel in Eclipse won’t list all the Hotspots found by the server: in order to visualize one Hotspot in the IDE you need to use “Open in IDE” button from the Hotspot page in SonarQube. More info in the SonarQube docs.

I invite you to retry after updating SonarQube; should you experience any problems, please use this section of the Community forum.