SonarQube or SonarLint for XSS

Is SonarQube or SonarLint useful for identifying XSS vulnerabilities?

SonarQube/SonarCloud can detect various types of vulnerability, including XSS. See here for more information.

New XSS vulnerabilities will not be detected in SonarLint at present. However, existing vulnerabilities that have been discovered during batch analysis and reported to SonarQube/SonarCloud can be visualized in the IDE.

Thanks, Duncan. I added the SonarLint extension to my instance of Visual Studio 2015 but it’s not showing any XSS vulnerabilities in my source code. I even created a reflected XSS vulnerability in my source code but SonarLint isn’t highlighting it.

Am I missing something?

In the current state of our SAST engine, you would need to:

  • analyze the project that has the XSS with SonarQube or SonarCloud
  • setup SonarLint’s connected mode in Visual Studio
  • open the file that contains the “sink” of the XSS (for a reflected XSS this would be the place where the response is written to)

Please also note that this feature is not available in SonarQube Community Edition: it is available on SonarCloud and in the commercial editions of SonarQube (starting with Developer Edition).

Thanks, Jean-Baptiste, that is very useful information.