in a recent release, we added the capability for SonarLint to report security hotspots directly in the IDE, with an initial focus on users connected to SonarQube.
Starting with this release, users connected to SonarCloud can also benefit from this functionality!
As you know, security hotspots are sensitive pieces of code that need to be reviewed by a developer to confirm the code is safe or otherwise fix it to make it safe. Until now, you could use SonarQube or SonarCloud to change the status of a security hotspot once you’ve reviewed it.
With this month’s release, managing Security Hotspots becomes simpler: you’ll not need to quit your IDE as you will be able to change the status once you’re reviewed them directly in your IntelliJ IDE:
The new hotspots status will be automatically synchronized to SonarQube or SonarCloud and with the other collaborators using SonarLint:
NOTE: the possibility to change the status of a hotspot in the IDE only works for hotspots in code already analyzed by SonarQube or SonarCloud - meaning that it will not work for newly added hotspots until the code is submitted for analysis. We’ll be working in the future to enhance that
We also improved our code analysis capabilities with a special focus on Kotlin, Python and .NET:
- We have new rules around code redundancy to increase readability and reliability coverage of your Kotlin code
- We added 6 new Python rules for the Django framework and 3 new quick fixes (more details here)
- For those of you using Rider to code in C#, we added rules that help you avoid some performance pitfalls
You can learn more in the release notes.