-
Notifications
You must be signed in to change notification settings - Fork 153
Taint Vulnerabilities
Tobias Hahnen edited this page Apr 25, 2023
·
8 revisions
Taint vulnerabilities are a type of security-related rules, that can be raised by both SonarCloud and SonarQube (starting with Developer Edition).
Due to technical limitations, SonarLint for IntelliJ can not raise such issues on local analysis. Nevertheless, it is possible for a project to display within the IDE vulnerabilities detected by SonarCloud/SonarQube.
- You need to bind to SonarCloud or SonarQube Developer Edition (or higher) 8.6+
- For this feature to be valuable, your project needs to be analyzed frequently (ideally by your CI server when pushing new code)
- Only issues detected on the current branch will be displayed in the IDE
- Only issues detected on open files will be displayed in the IDE
- Bind your project to SonarQube/SonarCloud
- Open the SonarLint tool window and select the Taint Vulnerabilities tab
- The tab should display the list of taint vulnerabilities that are present on open files.