SonarLint

Home

Install for Free

June 29, 2023

SonarLint for IntelliJ v8.4

With SonarLint for IntelliJ v8.4 users can directly change the status of issues in the IDE.


Building upon v8.3 and extending the benefits of connected mode further, you can now interact with the status of an issue (as well as Security Hotspots) without leaving your IDE to:

  • Resolve an issue as Won't Fix or False Positive


Now any changes made to the status of an issue or hotspot in IntelliJ will be synchronized with SonarQube, SonarCloud, and all other contributors using SonarLint in connected mode.


Plus:

  • 5 new rules for core JavaScript & TypeScript concepts
  • Support for TypeScript 5

Find more details in our release notes and community announcement.

June 09, 2023

SonarLint for IntelliJ v8.3

SonarLint for IntelliJ v8.3 brings enhanced Security Hotspot reporting & management, plus new rules for Kotlin, Python, and .NET users.


This release delivers the ability to change the status of a Security Hotspot directly in your IntelliJ IDE once it has been reviewed. The updated status of the hotspot will then be automatically synchronized to SonarQube or SonarCloud, as well as other collaborators using SonarLint.


Plus:

  • New rules linked to code redundancy, helping to increase the readability and reliability coverage of your Kotlin code
  • 6 new Python rules for the Django framework and 3 new quick fixes 
  • For those of you using Rider to code in C#, additional rules that help you avoid some performance pitfalls

Find more details in our release notes and community announcement.

May 05, 2023

SonarLint for IntelliJ v8.2

SonarLint for IntelliJ v8.2 empowers developers to write Clean Code for IaC domains, and delivers enhancements to our code examples and more!


With this release, SonarLint can analyze the following IaC files:

  • Terraform
  • CloudFormation
  • Docker
  • Kubernetes

With a focus on Security Hotspots, and available in SonarLint when used in connected mode to SonarQube 9.7+, developers can now create Clean Code for these popular Infrastructure as Code technologies.


In addition, we continue our rule description enhancements with a focus on our non-compliant/compliant code examples. These have been made simpler to understand and use through the addition of syntax and code diff highlighting (see example image below). 


Plus:


  • 3 Java rules that cover design and architecture good practice for Monster Class, Brain Method and Singleton.
  • 9 new rules to help Java developers writing Kotlin idiomatic code.
  • 8 new JavaScript code quality rules.
  • New Python rules and quick fixes related to type hints and regular expressions.


Find more details in our release notes and community announcement.

March 22, 2023

SonarLint for IntelliJ v8.1

This exciting release brings support for Go in JetBrains GoLand IDE, plus new rules for C#.


Responding to the many requests from our Community, SonarLint for IntelliJ 8.1, delivers 36 rules covering bugs and code smells for Go.


Complete with rich rule descriptions, and examples of non-compliant code, Go developers are empowered to create Clean Code in their GoLand IDE.


Plus:


  • New rules for C# and VB.NET in Rider


Find more details in our release notes and community announcement.

March 07, 2023

SonarLint for IntelliJ v8.0

This release brings Security Hotspot reporting in your IDE, plus new Quick Fixes for Java and Python.


A Security Hotspot highlights a security-sensitive piece of code requiring developer review. With this latest release, SonarLint for IntelliJ v8.0 will now alert you to any unreviewed Security Hotspot that is present in the source files you are working on. 


This means any new hotspots introduced by you will be instantly flagged, directly in your favorite IntelliJ IDE.


SonarLint then offers information about why this is an issue, helps you assess the risk, and offers guidance on how to fix it. Then, simply right-click on the Security Hotspot, and choose Review on Server, to open the Hotspot in SonarQube*, and set the output of the review. 


*Available for users of SonarQube (min version 9.7) in connected mode to SonarLint.


Plus:


Find more details in our release notes and community announcement.

February 06, 2023

SonarLint for IntelliJ v7.4

This release delivers additional improvements to our rule descriptions for injection vulnerabilities, plus new rules for C++ users.



Building upon the structured rule descriptions introduced in v7.3 that help you understand injection vulnerabilities, we have introduced two further enhancements:


  • SonarLint can now automatically select the most appropriate patch instruction based on the library or framework you are using. Available today with a selection of injection vulnerabilities, this feature will be progressively extended to more rules.
  • We've added a "More info" tab (see image below) within the rule description that delivers educational content with our "Clean Code Principles".  This is designed to help you build Clean Code using the Sonar Clean as You Code methodology.


Plus:

Find more details in our release notes and community announcement.

More Info tab within SonarLint where additional educational content around Clean Code Principles is provided.

December 23, 2022

SonarLint for IntelliJ v7.3

This release delivers additional help to assist whilst investigating injection vulnerabilities in your IDE, plus additional support for Front-end Developers!



We have introduced more structured rule descriptions to help you better understand injection vulnerabilities. Now, when investigating taint vulnerabilities detected by SonarQube analysis directly in your IDE, you can not only visualize the data injection flows directly in the source code but also understand the potential impact and how to fix it.


In addition, this version helps all Front-end Developers deliver Clean Code by extending support for the following front-end languages:

  • CSS analysis in all IntelliJ IDEs supported by SonarLint
  • JavaScript, TypeScript, and HTML in Rider


Plus:


Find more details in our release notes and community announcement.

November 21, 2022

SonarLint for IntelliJ v7.2

This release benefits those building .NET applications in Rider and delivers easier integration of SonarLint to the complete Sonar solution.


Introducing 50+ C# quick fixes for bugs and code smells! Activate them using your usual shortcut in Rider, and allow SonarLint to rapidly repair flagged issues as you code your .NET application. 


Plus, enjoy new features designed to facilitate your SonarLint integration to SonarCloud and SonarQube, and access to the full Sonar Clean as You Code experience:


  • A simplified authentication to SonarQube, with token generation and transfer now taken care of by SonarLint, with your consent


  • Intelligent notification through SonarLint that your project is configured for analysis within SonarQube or SonarCloud, offering a single-click project binding.


We’ve also added 4 new quick fixes for Python issues!


More details are in our release notes and community announcement.

October 05, 2022

SonarLint for IntelliJ v7.1

This packed release brings new rules for JavaScript, TypeScript & Python developers, and more!


First, for JS & TS developers, we've added 7 new rules to detect React-specific bugs and code smells

Plus: 

  • Analysis of JS code embedded inside AWS template files in YAML
  • Support for TypeScript 4.8


Then, for Python developers


  • 7 new rules dedicated to ensuring the quality of your unit test code


And to conclude, we've added support for Kotlin 1.7 and PHP 8.2!


Read more in our release notes and community announcement.

August 23, 2022

SonarLint for IntelliJ v7.0

This release brings additional productivity enhancements for teams using Connected Mode to SonarQube 9.6 and above.


Using Connected Mode to SonarQube, and delivering access to the complete Sonar solution, issue synchronization will happen automatically and in real-time, thanks to server-sent events.


Thus, when suppressing an issue in SonarQube, or when the branch analysis detects a new SQL injection, this will be synced to SonarLint in seconds - with no need to refresh - ensuring team alignment.


As a reminder, binding your local project to SonarQube using Connected Mode:

  • Keeps noise to a minimum by avoiding reporting any issues already reviewed and marked as “Won’t Fix” or “False Positive” by yourself or other contributors in SonarQube.


  • Will pull, and help you investigate, any taint vulnerabilities (e.g., SQL injections) detected by SonarQube (starting from Developer Edition) in your IntelliJ IDE.


Read more in our release notes and community announcement.