Hello Eclipse users,
we are thrilled to announce this new version of SonarLint that introduces the detection of secrets (passwords, tokens, API keys, etc.) in Eclipse; this feature will help you intercept those secrets before they are committed into a public repository, and thus before they can be exploited by an attacker. You can find the rationale for this feature explained in more details in our dedicated blog post.
For this first iteration, we are adding the ability to detect tokens for Amazon Web Services (we recently released the same feature in SonarLint for IntelliJ and for VSCode); later on, you can expect more rules to cover further Cloud providers, SaaS products, databases vendors and so on - and BTW, you can have a look at our SonarLint roadmap here
Secrets are detected by SonarLint as you code, just like any other code quality and security issues, and as usual our Rule Descriptions will help you understand what you should do make your code safe.
And here are a few more highlights of this new version:
- 8 new Java rules to cover Java 16 features
and you can see more in the release notes.
Don’t hesitate to leave us your feedback about the new features!