Hello Kotlin and Android Developers,
You asked, and we listened: your wait is over!
We’re excited to announce that SonarQube Cloud now supports taint analysis for Kotlin, empowering you to detect injection vulnerabilities in your Kotlin code, including Android applications. This new capability helps you deliver safer, more robust apps to your users by automatically identifying security risks before they reach production.
Injection Vulnerabilities Now Detected in Kotlin (and Android) Code:
SonarQube Cloud now detects a wide range of injection vulnerabilities, including:
- SQL Injection
- Intent Redirection
- Command Injection
- Path Traversal
- NoSQL Injection
- XML Injection
- …and 20 more!
In total, 26 new rules are included in this release, providing comprehensive coverage for the most critical injection vulnerabilities in both server-side and Android Kotlin code.
Explore the full list here.
Coming Soon:
These rules will also be available for SonarQube Server users with the upcoming 2025.3 release. The release will also include a report dedicated to the OWASP Mobile Top 10.
As this is the first release of these 26 injection rules, your feedback is more valuable than ever. Let us know how it works for you and help us make Kotlin and Android development even more secure!
Enjoy!
Alex