Skip to content

Taint Vulnerabilities

Jump to bottom
Damien Urruty edited this page Jan 7, 2021 · 8 revisions

Overview

Taint vulnerabilities are a type of security-related rules, that can be raised by both SonarCloud and SonarQube (starting with Developer Edition).

Due to technical limitations, SonarLint for IntelliJ can not raise such issues on local analysis. Nevertheless, it is possible for a project to display within the IDE vulnerabilities detected by SonarCloud/SonarQube.

Prerequisites

  • You need to bind to SonarCloud or SonarQube Developer Edition (or higher) 8.6+
  • Only issues detected on the main branch will be displayed in the IDE
  • Only issues detected on open files will be displayed in the IDE

How to display taint vulnerabilities in IntelliJ

  1. Bind your project to SonarQube/SonarCloud
  2. Open the SonarLint tool window and select the Taint Vulnerabilities tab
  3. The tab should display the list of taint vulnerabilities that are present on open files.

Home

Getting Started
Fixing Issues
Bind to SonarQube or SonarCloud
Security Hotspots
Taint Vulnerabilities
Rider
Troubleshooting
Clone this wiki locally