Hello Visual Studio users,
We’ve just released SonarLint v7.1, which brings plenty of new detections and support for Security Hotspots in C, C++, JavaScript, and TypeScript code.
First, let me mention that our C# and VB.NET analysis now provides guidelines and best practices for handling date and time operations. The new rules we’ve added cover a wide range of topics, including time zone conventions, common pitfalls, date parsing and formatting, time arithmetic, and more.
If you develop mission-critical software following MISRA standards, you’ll find plenty of new MISRA 2023 rules in this version. Keep in mind that those rules are not available yet in SonarQube, they’ll be added in the next version. For the time being, you can activate those rules only if you use SonarLint in standalone mode (here is how to activate new rules).
For our C and C++ users, we’ve also improved our analysis to detect more tricky bugs:
- We’ve added rule S6655: Variables should not be accessed outside of their scope
- We’ve improved the detection capability for rule: S5553: Immediately dangling references and pointers should not be created
We’ve also 5 new rules, and improved 7 existing ones, for core JavaScript and TypeScript features, more details here.
Finally, SonarLint is now able to detect and report Security Hotspots in local code, if you use it in connected mode with SonarQube or SonarCloud; only Security Hotspots not yet reviewed as Safe or Fixed will be displayed. Also, this feature is only available for C, C++, JavaScript and TypeScript for now, thus excluding C# and VB.NET. More information about this feature is here.
You can see more details in the release notes here.
Marco