SonarLint for VSCode 3.12 - Enhanced investigation of taint vulnerabilities

Hello VSCode users,
following your valuable feedback, we’ve worked to improve the investigation of taint vulnerabilities in SonarLint (SQL injections, OS command injections, Cross-site scripting, and many more); the changes we’ve shipped in the latest release include:

  • SonarLint can now display injection vulnerabilities for the whole project, no matter where the issue’s sink is located (previously, you needed the sink to be in a file opened in your code editor).
  • SonarLint will instantly notify you as soon as SonarQube has detected new taint vulnerabilities in your project.
  • We’ve made it more explicit in the UI that injections vulnerabilities are not detected by SonarLint local analysis: once you’ve applied a fix, you’ll need to run SonarQube or SonarCloud analysis to verify the issue is fixed.

You can learn more in the release notes. Here are a couple of additional highlights:

Happy coding with SonarLint!

1 Like