SonarLint for security vulnerability

Hi All,

How to find out security vulnerabilities using SonarLint ?

Thanks
Bibhas

Hey there.

Which flavor of SonarLint are you using (for which IDE), and what languages are you analyzing?

I am using .net and visual studio IDE, Extension i am using

Thanks.

Some basic vulnerabilities can be detected with SonarLint “by default”.

“Taint” issues (like injection detection, available on SonarCloud or with SonarQube Developer Edition and higher) cannot be found “on-the-fly” in any flavor of SonarLint, due to technical limitations. One day we hope to solve them.

Nevertheless, it is possible for a project to display within the IDE taint vulnerabilities detected by SonarCloud/SonarQube. Because SonarLint pulls taint vulnerability issues from SonarQube or SonarCloud following a project analysis, the use of Connected Mode is required.

I hope this helps.