SonarLint for IntelliJ 7.0 - Instant sync of SonarQube issue suppressions and taint vulnerabilities

Dear IntelliJ users,

One of this year’s priorities of the SonarLint team here at Sonar has been to improve the functionalities dedicated to developers working in teams.

When you use SonarLint in connected mode with SonarQube, SonarLint helps you keep the noise to a minimum by avoiding reporting any issues already reviewed and marked as “Won’t Fix” or “False Positive” by yourself or other contributors in SonarQube.

In connected mode, SonarLint will also pull and help you investigate in your IntelliJ IDE any taint vulnerabilities (e.g., SQL injections) detected by SonarQube (starting from Developer Edition). A few months ago, we improved those two functionalities by making SonarLint branch-aware, meaning for example that new taint vulnerabilities are shown in SonarLint when your feature branch is analyzed by SonarQube.

Today, with the release of SonarLint for IntelliJ 7.0, we’re delivering a further improvement by making issue synchronization happen automatically and in real-time, thanks to server-sent events. That means when an issue is suppressed in SonarQube, or when the branch analysis detects a new SQL injection, those will be synced to SonarLint in a few seconds - and you do not need to hit a refresh button.

As the implementation involved both SonarLint and SonarQube, to benefit from this improvement, you’ll need to upgrade your SonarQube :sonarqube: to the freshly released 9.6 version, in addition to updating SonarLint :sonarlint: to the 7.0 version.

I hope this improvement will help you to make development more efficient and fun in your team.

You can find more in the release notes.