SonarLint Rule | javsecurity:S5145

Hi together,

until today I thought only Security Hotspots are not discovered by SonarLint.

But what about javasecurity:S5145 (vulnerabilities)? I see an issue in SQ but not in SonarLint?

Can someone please explain this to me?


Hi Mark,

Advanced vulnerabilities based on our taint analysis engine (rule keys starting by xxxsecurity:) are not detected directly in SonarLint. For the moment, the engine requires to analyze the entire project, that would not suit well in SonarLint.
If you are using SonarQube or SonarCloud, and if SonarLint is connected to the server, SonarLint should display the taint vulnerabilities found on the server. Is it not the case?

1 Like

Hi Julien,


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.