Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-2167

SonarLint for IntelliJ offers a way to review one security hotspot within its context

    XMLWordPrintable

    Details

    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:

      Description

      WHY

      Reviewing Security Hotspots requires to be able to navigate through the code to fully understand the whole context around the instruction which performs sensitive operations. However, SonarQube and SonarCloud are not designed to efficiently navigate and give the context that developers need: we believe that the IDE is the best place for this. Still, we want to help developers to be more efficient in the Security Hotspots review.

      WHAT

      Whenever developers review hotspots, they want to see them in their IDE to have more context and ability to navigate within the code.

      When the user click on "Open in IDE" button from SQ, then SQ tries to open the Hotspot in SL if possible:

      • In case of error, a proper message explaining what could have gone wrong is displayed
      • In case of success a success message box is shown.

      SonarLint will provide a dedicate List view for Hotspots. For this feature, the list will not show all the Hotspots in the project, only the last one opened from SQ, which is kept in the list until the IDE is closed. Selecting the Hotspot in the list results in opening it in code editor, and displayed the Panel explaining How to Fix it.
      Only the primary code location will be displayed.

      Measure adoption
      Ability to see the following information in telemetry:
      -Number and percentage of SonarLint users that used the feature at least once

      -Number and percentage of SonarLint users that use the feature regularly

      -Same information as previous points for SL users with project already bound to SQ

      -Number of hotspots opened in the IDE

      See https://docs.google.com/document/d/1fp1Lc9rp3I7GS79IRpLjW3bpTsLomiuiZM-SB8RsrxU/edit#

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              damien.urruty Damien Urruty
              Reporter:
              alexandre.gigleux Alexandre Gigleux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: