Hello,
the February SonarLint for IntelliJ release is available! This month we’re introducing the detection of Security hotspots directly in your favourite IntelliJ IDEs.
Security hotspots are basically security-sensitive pieces of source code that must be reviewed by developers to ensure the code does not present security risks. To learn more about security hotspots , and in particular the different between a security vulnerability and a hotspot, I suggest reading this page.
Previously, you needed to submit your code and wait for SonarQube or SonarCloud to analyze it in order to be notified of new Security hotspots to be reviewed in your code.
Now, if you update to the latest version of SonarLint (v8.0) and you use it in connected mode with SonarQube (minimum version: 9.7), then SonarLint will report security hotspots directly in your IDE for the files you’re currently working on:
To help you focus on the hotspots you actually need to review, only those that are not yet reviewed and marked as ‘Safe’ or ‘Fixed’ in SonarQube are reported by SonarLint. Please also note that for this first iteration, it is not possible to set the output of a security hotspot review (i.e. to mark it as Acknowledged, Fixed, or Safe) directly in SonarLint. We’ll work on that later on, and in the meanwhile, you can simply right-click on any hotspot from the list, and choose Open in SonarQube:
You can also ask SonarLint to scan all the source files in a directory (or the whole project) for hotspots, by right-clicking on the directory and selecting SonarLint → Analyze with SonarLint.
Let me mention a few more highlights from this release:
- you’ll find many new quick fixes: we’ve added 11 for Java and 17 for Python.
- if you work with C# projects in Rider, you’ll find some new C# detections.
- for those of you coding in C and C++ in CLion, we’ve added support for clang-cl and Microchip compilers.
Last but not least, please note the we’ve raised the minimal supported version of IntelliJ Platform to 2021.3; you can see the full release notes here.
I hope you’ll enjoy this version and its new features, and we’re always eager to hear your feedback!
Marco
We should be able to support security hotspots in the IDE for users connected to SonarCloud within the next few months.