October 13, 2023
SonarLint for VS Code v3.22
In SonarLint for VS Code v3.2, we deliver a new feature supporting the Sonar Clean as You Code methodology. Plus we have extra rules to detect secrets directly in the IDE, the option to configure file or directory exclusions, and new rules for Data Scientists and Dockerfiles!
SonarLint is pairing up with SonarQube and SonarCloud to deliver the “Focus on new code” feature. Enabled, this empowers you to focus only on issues in your new code (ie code that has been added or changed, according to your new code definition.) Supporting the Sonar Clean as You Code approach, this powerful feature is available when SonarLint is working together with SonarQube or SonarCloud in connected mode. Learn how here.
In addition, we have incorporated 42 new rules to detect secrets (API tokens, passwords) within your Cloud applications. This enables the immediate detection of secrets in your code as you add or copy/paste them, before you commit or push the code into a repository. This proactive approach not only boosts confidence in your code but also minimizes exposure.
This latest addition brings the total to 100 different types of secrets spanning 60 cloud providers.
Plus:
- An option to configure file or directory exclusions for SonarLint analysis to avoid scanning generated or third-party code. See how here.
- 8 new Python rules (and 3 quick fixes) to help you write clean scientific code using NumPy
- 12 new rules to write intentional and consistent Dockerfiles
For further details, check out our release notes and community announcement.
September 13, 2023
SonarLint for VS Code v3.21
In SonarLint for VS Code v3.21, we introduce the adoption of Clean Code attributes to categorize issues, enhanced secret pattern detection, and improved teamwork features together with SonarQube.
Firstly, we have made various product changes in alignment with our Clean Code vision. For each issue raised in your code, SonarLint will report the Clean Code attribute and software qualities impacted.
In addition, and leveraging a new Sonar open-source secret detection engine, this version delivers a powerful approach to identifying potential security vulnerabilities related to secrets (tokens, passwords, API keys). SonarLint can now detect secrets for an additional 22 popular cloud applications and providers.
On top of this, for SonarQube 10.2 users, we’ve added the capability to change the status of issues you will not fix in code that has yet to be analyzed by SonarQube.
Plus:
- COBOL support is now fully released!
- 9 new core Python rules
- Support for PHP 8.3
- Enhanced SonarLint documentation is now available here
For further details, check out our release notes and community announcement.
August 16, 2023
SonarLint for VS Code v3.20
In SonarLint for VS Code v3.20, we introduce a walkthrough feature for new users plus many new rules!
Designed to help new users extract maximum value from SonarLint, the new walkthrough feature is automatically displayed when installing SonarLint for the first time. It is also available anytime via the command palette: search “Welcome Open Walkthrough…” and then select “Welcome to SonarLint!”
In addition, we’ve added new MISRA C++ 2023 rules to support mission-critical software environments.
Plus:
- New rules for C and C++ to detect tricky bugs
- Improvements to the accuracy of our analysis in Python and Java
For further details, check out our release notes and community announcement.
June 29, 2023
SonarLint for VS Code v3.19
In SonarLint for VS Code v3.19, users can directly change the status of issues and hotspots in the IDE, plus analysis of COBOL is now available!
With this release we extend the benefits of connected mode further, enabling you to interact with the status of an issue or a Security Hotspot without leaving your IDE to:
- Resolve an issue as Won't Fix or False Positive
- Mark a Security Hotspot as Safe or Fixed following the review
Any changes made to the status of an issue or hotspot in VS Code will be synchronized with SonarQube, SonarCloud, and all other contributors using SonarLint in connected mode.
Additionally, we are introducing a beta version of COBOL analysis, now available for users connected to SonarCloud or to SonarQube (Enterprise edition or higher).
Plus:
- 5 new rules for core JavaScript & TypeScript concepts
- Support for TypeScript 5
For further details, check out our release notes and community announcement.
June 07, 2023
SonarLint for VS Code v3.18
SonarLint for VS Code v3.18 delivers support for Security Hotspots to SonarCloud users, plus enhancements to rule descriptions with syntax highlighting for code examples, and new TypeScript, Python, and Java rules.
With this release, as well as bringing support for Security Hotspots to SonarCloud users, we've introduced the ability to view a list of unreviewed Security Hotspots outside of the currently open file. Selecting the "In Whole Folder" option instructs SonarLint to scan every file in the folder currently open in VS Code, providing the opportunity to review all pending hotspots at one time. Discover more here.
In addition, to help developers understand and implement fixes based on contextual code examples, we've added syntax highlighting. Plus, for some rules, there is now code diff highlighting in our rule descriptions, which is being progressively rolled out across all rules.
And
- A new Java rule linked to static methods introduced in Java 19
- New rules for TypeScript that enhance our support for TS built-ins
- 6 new Python rules for the Django framework
For further details, check out our release notes and community announcement.
April 21, 2023
SonarLint for VS Code v3.17
SonarLint for VS Code v3.17 empowers developers to write Clean Code for IaC domains, plus brings a new format for the Rule Help feature and more!
With this release, SonarLint can analyze the following IaC files:
- Terraform
- CloudFormation
- Docker
- Kubernetes
With a focus on Security Hotspots, available in SonarLint when used in connected mode to SonarQube 9.7+, developers can create Clean Code for these popular Infrastructure as Code domains.
In addition, this release brings a new format for the Rule Descriptions with educational information to enhance the developer experience.
Now, when clicking on an issue's code in the Error List, you will be presented with contextualized guidance as follows:
Why this is an issue | How to fix it | More info
Initially available for the top 15 security vulnerabilities, this feature is being progressively rolled out for all remaining rules, helping developers learn as they code.
Plus:
- New Python rules and quick fixes related to type hints and regular expressions.
- 3 Java rules that cover design and architecture good practices for Monster Class, Brain Method, and Singleton.
For further details, check out our release notes and community announcement.
March 24, 2023
SonarLint for VS Code v3.16
SonarLint for VS Code v3.16 delivers analysis of Jupyter notebooks, plus support for Go.
Responding to the view that code quality is a major challenge with Jupyter notebooks, we are excited to announce that SonarLint now scans Python/IPython code!
Simply open the notebook and issues in your code will be squiggled by SonarLint in the code editor and also listed in the Problems view. In addition, SonarLint rule descriptions provide contextual help, plus a handy quick-fix option for easy remediation.
This represents the first step in empowering Data Scientists to create Clean Code.
Plus,
- Support for Go analysis
- A new "Help and feedback" view with handy links for raising any questions or issues using SonarLint.
For further details, check out our release notes and community announcement.
March 08, 2023
SonarLint for VS Code v3.15
SonarLint for VS Code v3.15 brings automatic analysis of JavaScript code within your HTML files, plus new Quick Fixes for Java and Python.
With 300+ JavaScript detections supported by Sonar, each with a description to help you understand and fix the issue, this latest release from SonarLint empowers developers to write Clean JavaScript Code within their HTML files. In addition, 43 JavaScript rules have associated Quick Fixes to further help developers.
Plus:
- 11 new Quick Fixes for Java and 17 for Python
For further details, check out our release notes and community announcement.
February 06, 2023
SonarLint for VS Code v3.14
SonarLint for VS Code v3.14 brings Security Hotspots reporting in your IDE, plus new rules for C++ users.
A Security Hotspot highlights a security-sensitive piece of code requiring developer review.
With this latest release, SonarLint can now directly report in VS Code any unreviewed Security hotspot that is present in the source files you are working on.
This means any new hotspots introduced by you will be instantly flagged. Then, simply right-click on the Security Hotspot, and choose Review on Server, to open the Hotspot in SonarQube*, and set the output of the review.
*Available for users of SonarQube (min version 9.7) in connected mode to SonarLint.
Plus 13 new rules to help with C++ 20's std::format feature
For further details, check out our release notes and community announcement.
December 22, 2022
SonarLint for VS Code v3.13
SonarLint for VS Code v3.13 brings support for CSS code analysis, enabling developers to write clean front-end code.
Additionally, we have added:
- 6 new JavaScript rules for detecting performance issues in React.
- 6 new rules to cover C++20’s concepts.
- support for Python 3.11
For further details, check out our release notes and community announcement.