SonarLint for Eclipse v7.5 - Instant sync of SonarQube issue suppressions and taint vulnerabilities

Hello Eclipse users,
we’ve just released a new version of SonarLint that enables synchronization of issues from SonarQube to happen in near real-time.

That means when an issue is suppressed (i.e. marked as “Won’t Fix” or “False Positive") in SonarQube, or when the branch analysis detects a new SQL injection, those will be synced to SonarLint in a few seconds - without any actions needed from you.

As the implementation involved both SonarLint and SonarQube, to benefit from this improvement, you’ll need to upgrade your SonarQube to the recently released 9.6 version , in addition to updating SonarLint to the 7.5 version.

Let me also introduce a few other highlights of SonarLint for Eclipse v7.5.
For Java developers:

  • we’ve added new rules to help you develop cloud-native applications for AWS without falling into common pitfalls.
  • we’ve also released new rules to help you reduce the complexity of your regular expressions.

Great news also for Python developers:

  • We’ve introduced Python quick fixes to SonarLint for Eclipse (in addition to IntelliJ and VSCode)! You can browse which Python rules already offer quick fixes here.
  • We’ve added rules to ensure quality of your unit test code.

Finally, a couple of news for JavaScript developers:

  • we’ve added new rules to detect React-specific bugs and code smells.
  • SonarLint is now able to analyze the JavaScript code embedded inside AWS template files in YAML.
  • SonarLint now requires Node.js 12.22.0 as a minimum to analyze JavaScript code.

The full release notes are available here.
Don’t hesitate to leave us your feedback on this new version!

Marco

1 Like