Hi,
I am trying to use SonarLint plugin with IntelliJ IDE and analyze source code. I am able to see all the issues other than the vulnerability issues. I have also bound it to a SonarQube server with correct configurations, still I am not able to see vulnerability issues. Though, I could see the vulnerability issues on the portal which points to the server.
Kindly help.
Hi,
Do you see the vulnerability issues in the SonarLint’s tool window? And what do you mean by portal which points to the server?
I am experiencing the same issue. The “current file” tab shows only two code smells, but the sonarqube server shows two code smells but three additional vulnerabilities. SonarQube Enterprise Edition 8.1 and SonarLint IntelliJ Plugin 4.5.0.15320. The plugin is connected to our sonarqube server and the bindings are up to date.
Hi,
Can you share the rule key of those vulnerabilities you see in SonarQube but not in SonarLint? FYI SonarLint is not able to report vulnerabilities coming from SonarSource commercial security analyzer (SonarSecurity).
Hi,
I am not enitrely sure about the rule key, but I guess it should be this one: “findsecbugs:SQL_INJECTION_JDBC”.
As I am not the admin of our sonarqube server, is there any way to determine wether a vulnerability was reported by the commercial security analyzer?
This issue is not coming from a SonarSource analyzer. SonarLint will not detect it. I think the issue is detected by the SpotBug analyzer. There should be an IntelliJ plugin for it.