I am pleased to announce this new version of SonarLint for Visual Studio Code.
You may have seen from our recent announcement that we brought the possibility to investigate and fix taint vulnerabilities detected by SonarQube or SonarCloud directly in the IDE for Eclipse, IntelliJ and Visual Studio. With version 1.21.0 we also make this feature available to our VSCode users.
Taint vulnerabilities are security vulnerabilities where an attacker-controlled data is passed unsanitized from an input source to a sensitive sink.
Although taint vulnerabilities are not detected by SonarLint in the local code (they are only detected by SonarQube or SonarCloud), developers are now able, thanks to SonarLint, to review the whole injection flow in the IDE from the source to the sink.
As for other code quality and security issues, our rule documentation will help understand what is wrong, and how you can get it fixed.
All you need is to update SonarLint, and make sure your project is bound to SonarCloud or SonarQube (8.6 minimum version required).
In the context of security vulnerabilities, this version also brings new detections:
- 2 new vulnerabilities for Java: S2053 and S5659
- 2 new vulnerabilities for Python: S3329 and S5659
- 3 new vulnerabilities for PHP: S2755, S5808 and S5876
and many new code smells and for Java, along with support for Java 15.