SonarLint for Visual Studio 4.31 - Taint vulnerabilities in the IDE

Hello everyone,

we’re pleased to announce the release of SonarLint :sonarlint: v4.31 for Visual Studio 2015, 2017, and 2019.

With this version, we add the possibility to investigate and fix taint vulnerabilities detected by SonarQube or SonarCloud directly in the IDE.

Taint vulnerabilities are security vulnerabilities where an attacker-controlled data is passed unsanitized from an input source to a sensitive sink.
Although taint vulnerabilities are not detected by SonarLint in the local code (only SonarQube or SonarCloud detect them when they analyse the project), developers are now able, thanks to SonarLint, to view the whole taint flow highlighted in Visual Studio from the source to the sink.

As for other code quality and security issues, our rule documentation will help understand what is wrong, and how you can get it fixed.

All you need is to update SonarLint, and make sure your project is bound to SonarCloud or SonarQube 8.6+.

See the feature documentation here for more details.