SonarLint for Visual Studio v6.13 - In-IDE Rule Help, SonarQube taint vulnerabilities instant sync

Dear Visual Studio users,

As you know SonarLint not only detects issues in your code but also helps you actually understand why we’ve raised the issue, what is at stake, and how to fix it.

With the newly released v6.13, we’re introducing the Sonar Rule Help in Visual Studio, which means you’ll be able to visualize the descriptive and educational contents associated with each issue directly in the IDE, rather than in a browser window.

Our intention is really to bring those contents closer to their code context, and we’re working to progressively improve those contents with better explanations and with patch instructions more relevant to the library or framework you’re actually using.

Among the other highlights of v6.13, let me mention:

  • The synchronization of injection vulnerabilities detected by SonarQube, like SQL injections, is now instant - meaning that when a SonarQube analysis detects a new issue, it’ll be automatically visible in Visual Studio within a few seconds. To benefit from this improvement, you’ll need to use SonarLint in connected mode with a SonarQube version >= 9.6.
  • We’ve added a few new detections for your C# code.
  • We’ve added support for clang-cl compiler for your C and C++ projects and improved the analysis performance for large source files.

You can find the release notes here.