a new version of SonarLint has been released that will help you write cleaner and more secure code for different Infrastructure as Code domains. In fact SonarLint can now analyze the following files (you can follow the links to see which detections are available):
Please note that as of today, the majority of available rules for those domains are Security Hotspots, that are only available in SonarLint for VS Code if you use connected mode with SonarQube 9.7+.
In addition, this release adds support for a new format for the Rule Descriptions that aims at helping you eliminate issues faster with contextualized guidance and to help you dodging them in the future.
The new rule format comes with the following contents in separate sections:
- Why is this an issue: to explain you why we’re raising this and why is it important to fix it (for example, how a vulnerability can be exploited by a malicious user)
- How can I fix it: it provides instructions and examples with just the information you need right now, in your context, to solve this issue. You’ll notice for example that the contents are fine-tuned for the library or framework you’re using in your code.
More info: Allows you to go deeper and learn more about this or similar issues, including generic Clean Code principles, to improve your skills as a developer and avoid introducing similar issues in your code in the future.
The improved rule format is already available for the top 15 security vulnerabilities (to see it, just select “Open description of rule…” from an issue’s quick fixes), and we’re progressively rolling it out for the remaining rules.
And that’s not all - in this release we’ve also added:
- new Python rules and quick fixes related to type hints and regular expressions.
- 3 Java rules that cover design and architecture good practices for Monster Class, Brain Method and Singleton.
The release notes are here, enjoy SonarLint in VS Code!