Sonarlint plugin doesn't reflect real status of security vulnerabilities

Hi
I’m using sonar Enterprise Edition v10.6, and in one of my modules it raised 4 high vulnerability issues in my code.
After installing sonarlint version 9.1.0.75538 on top of my IDE (version 2022.2.1) and connecting it to my sonarqube server with the security profile, I was able to see those issues under taint vulnerabilities.
I fixed the code and pushed it to main, and now after new scan, the sonarqube server presents 3 new issues. However, in IDE I still see the old 4 issues under taint vulnerabilities, even after reinstall the plugin and reconnecting it to the profile.
Is it known issue with the sonarlint plugin? please advise.

Hey there.

v9.1.0.75538 was released over a year ago, and the latest version is v10.14. Can you please update and see if the issue persists?

1 Like

I will try on advanced IDE version and update, however, note that the latest compatible version for IDE 2022.2.1 is 9.1.0.75538:

1 Like

We’ve made some significant changes to the way we handle taint vulnerabilities in v10.0 (Jira).

We only support the latest release of our IDE extension – and even if we identified a novel bug in an old version, you’d have to upgrade your IDE to be able to benefit from the fix.

Hi,
so you were right, I installed intellij 2023.1.3 version and sonarlint latest version (10.14.0.80203), and now indeed I see 3 issues under taint vulnerabilities tab, and they are matching what I have in the sonar server.
I still think there is no good documentation to people who have IDE 2022.2 version, and are not aware of such issues when installing the last compatible version for it (9.1)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.