If you use SonarLint in connected mode with a commercial edition of SonarQube, you can investigate taint vulnerabilities detected by SonarQube analysis directly in your IDE, and visualize the data injection flows directly in the source code thanks to SonarLint.
The version that we’ve just released introduces richer and more structured rule descriptions that will help you better understand injection vulnerabilities, and patch instructions specifically tailored to the framework that you’re using.
In this example, you see the new format of rule description for a vulnerability in Java code:
This version also aims at helping all front-end developers to deliver Clean Code by extending the support for front-end languages across all IntelliJ-based IDEs. In fact, we’ve added:
- CSS analysis in all IntelliJ IDEs supported by SonarLint
Among the other noteworthy changes in the new release:
- For .NET developers in Rider, we’ve improved support for the C#11 language features such as raw string literals, utf-8 literals, list patterns, generic attributes, and generic math support in our existing rules.
- For C++ developers in CLion, we’ve added 6 new rules to cover C++20’s concepts.
The full release notes are available here
As usual, we’d appreciate hearing your feedback!