SonarLint for Visual Studio Code 2.3.0 - Java quick fixes, cloud secrets detection

Hello VSCode users,
a couple weeks ago, we announced that SonarLint is officially supporting Codespaces, the new cloud-based development environment by GitHub. And good news are not over, as we just released today a new version of SonarLint for your favourite IDE.

First of all, since I mentioned cloud environments, if you already developed some code interacting with cloud providers, you know that secrets (like tokens, API tokens, etc) are typically needed to access those services. And you also know that if such secrets are added in your code and committed into a public repository, then it easy very easy for a malicious user to get access to those cloud services with your credentials.
This is why some time ago we launched a new feature in SonarLint to detect and help avoid committing AWS (Amazon Web Services) secrets. With this version, we’ve support for the following Cloud providers:

  • Google Cloud
  • Microsoft Azure Cloud
  • IBM Cloud
  • Alibaba Cloud

Next, as promised in a recent thread, we’ve brought Quick Fixes to VSCode. We’re starting with covering around 40 Java rules; of course more will come in the future and are also consider to cover additional languages ( and BTW, SonarLint roadmap is now visible to everyone at IDE | SonarLint | Sonar ).
Quick fixing an issue in your code is very simple, you can use the keyboard shortcuts you are already used to for VSCode Code Actions or you can hover with the mouse over an issue.

EDIT: Please keep in mind that, if you use SonarLint in connected mode with SonarQube, then your SonarQube should be updated to at least version 9.1 in order for quick fixes to work.

Finally, I’d like to mention that we have delivered plenty of new rules to to help you write efficient, error-free and safe regular expressions in JavaScript, TypeScript (read more here) and PHP (read more here).

You can find more in our release notes.

Enjoy creating clean and safe code in VSCode!

1 Like