SonarLint for VS Code 3.22 - Focus on new code, new secret types, file/directory exclusions


September has been a busy month for the SonarLint team! We’ve been preparing the 3.22 release that comes with loads of new features and detection capabilities!

First of all, we’ve released the first feature around Clean as You Code in the IDE! If you follow the Clean as You Code approach, your focus is always on new code (code that has been added or changed according to your new code definition), and that enables you to ensure the code you write is clean and safe; if you use SonarQube or SonarCloud you’re probably familiar with the Quality Gate conditions on new code.

With this release, SonarLint is pairing up with SonarQube and SonarCloud to help you focus on new code from the very moment you are writing your code: if you activate the “Focus on new code” feature (see how in our documentation), SonarLint will assign a higher severity to markers of issues that fall in the new code definition configured in SonarQube or SonarCloud.

Please keep in mind that this functionality is not activated by default and for now, it can only be activated if you use SonarLint in connected mode, you can read more here.

Also, be aware that if you use connected mode with SonarQube, you may experience some glitches meaning that some issues may be erroneously reported as part of new code (mainly after setting up and analyzing a new project for the first time, or when activating new rules for your Quality Profile), due to a bug in SonarQube that we’re working to fix within the 10.3 release.

The 3.22 release also adds 42 new rules to detect secrets (API tokens, passwords, etc) for your cloud applications. SonarLint helps you detect those secrets in your code immediately when you add or copy/paste them before you even commit and push them into a repository so that you avoid exposing them. Together with those we added in last month’s release, we’re now able to detect a total of 110 different types of secrets for 60 cloud providers.

What’s more, as many of you asked, in this release we’ve added the possibility to configure file or directory exclusions for SonarLint analysis so that you can avoid scanning generated or third-party code; you can see how to configure those under the SonarLint’s extension settings. Bear in mind that if you bind your project to SonarQube or SonarCloud it’s even simpler: SonarLint will automatically inherit the configured exclusion and you won’t have anything to configure locally.

Here are a few more highlights of this release:

  • We’ve added 8 Python rules (and 3 quick fixes) to help you write clean scientific code using NumPy
  • We’ve added 12 new rules to write intentional and consistent Dockerfiles

Here are the release notes.



2 posts were split to a new topic: Focus on New Code does not work for .Net project