SonarLint for VSCode 3.9 - Instant sync of SonarQube issue suppressions and taint vulnerabilities


The last release of SonarLint for VSCode (v3.8) focused on making the connected mode opt-in process easier and more intuitive.

I am happy to announce that we’ve just released v3.9; this version brings further benefits to all developers using SonarLint in connected mode with SonarQube.

In fact, similarly to what we’ve recently delivered for IntelliJ users, we’ve also brought real-time issues synchronization to SonarLint for VSCode.

That means when an issue is suppressed (i.e. marked as “Won’t Fix” or “False Positive") in SonarQube, or when the branch analysis detects a new SQL injection, those will be synced to SonarLint in a few seconds - without any actions needed from you.

As the implementation involved both SonarLint and SonarQube, to benefit from this improvement, you’ll need to upgrade your SonarQube to the recently released 9.6 version, in addition to updating SonarLint to the 3.9 version.

This release also comes with great news for JavaScript and TypeScript developers, as we’ve delivered several enhancements in SonarLint JS/TS analysis; to mention a few:

  • we’ve improved the detection accuracy for several rules
  • we’ve added new rules to detect React-specific bugs and code smells.
  • we now analyze the JavaScript and TypeScript code embedded inside AWS template files in YAML.

You can also read our release notes.