SonarLint already has the ability to synchronize issue suppressions, i.e. issues resolved as “Won’t Fix” or “False Positive” in SonarQube (you can learn more about SonarQube issues here). This way, you can focus only on relevant issues only in your IDE. Last year we also added the ability for SonarLint to fetch and display in your IDE complex injection vulnerabilities detected by SonarQube during your project analysis.
As you know, SonarQube (Developer Edition and above) supports branch analysis, and you can for example resolve an issue as “Won’t Fix” on a specific project branch. The caveat is that SonarLint, until today, wasn’t aware of the project branch you are actually working on, so it was only able to sync issues from your project main branch in SonarQube.
Over the last couple months, our team has been working to introduce branch awareness in SonarLint and today we have released it for IntelliJ (in addition to VSCode and Eclipse). This means SonarLint is now able to adapt the issue synchronization to the Git branch you’re actually working with; and you’ve nothing to configure on your side, except making sure that your local project is bound to a SonarQube project.
On the limitations side, please be aware that, although SonarQube also supports Pull Request analysis, SonarLint is currently only syncing with a configured branch, and not will pull requests (we may introduce support for sync with pull request analysis later).
I’d like to also mention to C++ developers using CLion that with this release we’ve just added 15 more quick fixes; most of those focus on lambda captures and on variable scope - you can browse all C++ rules where we provide quick fixes in our C++ rules page.
SonarLint also helps C and C++ developer to deliver clean code in Visual Studio 2019 and 2022 … and as many of you requested - also in Visual Studio Code - we’ll announce it soon in this forum
Last but not least, you can read the release notes here.