Hi
I’m using IntelliJ IDEA version 2023.1.3 with latest version of sonarlint (10.14.1.80220).
I connected my code to one of the sonarqube profile in my server (Enterprise Edition v10.6), and I’m able to see 3 high vulnerability (in sonar server) in my IntelliJ under taint vulnerabilities.
I’m trying to solve one of them locally, but it seems that the status is not getting refresh with my fix (even if I mark the entire problematic code).
Could it be that taint vulnerabilities only getting refresh from the sonar server? means only after user pushed the commit to GIT?
From this thread, it’s not really clear if it’s cover my case:
Hey there.
You code must be reanalyzed by SonarQube in order for the status to change in SonarQube for IDE. As documented:.
How to fix your injection vulnerabilities
Injection vulnerabilities are security-related rule issues that are only raised by SonarQube Server (starting with Developer Edition) and SonarQube Cloud. Due to technical limitations, SonarQube for IDE can not raise such issues on local analysis.
Because the detection of injection vulnerabilities requires that you are run in Connected Mode, any changes you make to the code must be resolved by your SonarQube (Server, Cloud) instance. Here are two options to resolve injection vulnerabilities displayed by SonarQube for IDE:
- If you fix the issue locally, commit your code to the server and rerun the analysis on SonarQube (Server, Cloud). The new status (of the issue) will show up automatically in your local analysis.
- If you go to the issue in SonarQube (Server, Cloud) and mark it as fixed, false positive, or won’t fix, in less than 1 minute, the new status will be updated locally.
So is it planned to be fixed in future roadmap?
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.