top of page
image 82.png

SonarLint static code analyzer and what are bugs, vulnerabilities, and code smell?

In this section, we will learn about:

  • Sonar Lint

  • Installing Sonar Lint

  • Terms related to Sonar Lint

Sonar Lint

SonarLint is a free IDE extension or plugin, to find and fix bugs, vulnerabilities, and code smell as you write code. Like a spell checker, SonarLint highlights issues on the fly and provides quick fixes or clear remediation guidance to help you clean the code. It helps in improving code quality and optimizing the code.

Installing Sonar Lint

  • Goto Files -> Settings

  • Then choose the plugins option and search for SonarLint.

  • Then install it and restart your IDE.

image 89.png

Fig: Installing SonalLint

Terms related to Sonar Lint


A coding mistake can lead to an error or unexpected behavior at runtime.


Example: Using an infinite loop or recursion will be a bug as it will cause errors at runtime.


A point in your code that's open to attack. Or a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source).


image 90.png

Fig: Vulnerability.

Here, we can see that using “NoOpPasswordEncoder” can be very critical as this is a vulnerability. Using this encoder, our password will not be encoded which will cause security threats. So, Sonar Lint helped us find this vulnerability.

Code Smell:

A maintainability issue that makes your code confusing and difficult to maintain.

Code smells are not bugs or errors. Instead, these are absolute violations of the fundamentals of developing software that decrease the quality of code. Coding is not just about getting outputs but optimizing your whole program so that it performs better, is longer, and is more evident.

Having code smells does not certainly mean that the software won’t work, it would still give an output, but it may slow down processing, increasing the risk of failure and errors while making the program vulnerable to bugs in the future.

Code smells indicate a deeper problem, but as the name suggests, they are sniffable or quick to spot.


image 91.png

Fig: Showing a minor code smell in the Sonar Lint tab.

Here, we can by clicking on the Sonar Lint tab, there is a minor code smell. We can see the line which causes it and how and why should we improve it.

We should have directly returned the response DTO instead of making a variable for it and then returning it. As it will increase LOC(Lines Of Code).

bottom of page