SonarLint for security vulnerability

Hi All,

How to find out security vulnerabilities using SonarLint ?


Hey there.

Which flavor of SonarLint are you using (for which IDE), and what languages are you analyzing?

I am using .net and visual studio IDE, Extension i am using


Some basic vulnerabilities can be detected with SonarLint “by default”.

“Taint” issues (like injection detection, available on SonarCloud or with SonarQube Developer Edition and higher) cannot be found “on-the-fly” in any flavor of SonarLint, due to technical limitations. One day we hope to solve them.

Nevertheless, it is possible for a project to display within the IDE taint vulnerabilities detected by SonarCloud/SonarQube. Because SonarLint pulls taint vulnerability issues from SonarQube or SonarCloud following a project analysis, the use of Connected Mode is required.

I hope this helps.