Add F# Support to SonarQube

Please consider adding F# support to SonarQube. I understand it is available in a third-party plugin, but when purchasing a Sonar-hosted instance of SonarQube, we don’t have the option of using a third-party plugin.

You know on the Community F# Sonar Analyzer? https://github.com/jmecsoftware/sonar-fsharp-plugin
I know there is a lot to do to completely support FSharpLint and improve the user experience - but at least it works again since last year.

See also my old issue here: Any plans for a F# scanner?

+1!

I am a new SonarQube Enterprise & SonarCloud customer. We have important core code written in F# and it would be great if we can scan it with SonarQube as well.

Thanks

Can you clarify what do you mean by that?

Nothing prevent you to use third-party plugins in a SonarQube instance, even a commercial editions one.

Alexandre,

Thanks for checking in. From what I was told, we had the option of purchasing either a vendor-hosted or self-hosted version of SonarQube. In a vendor-hosted instance, the vendor controls the server and decides what can be installed on it. Since the current F# plugin is by a third-party, this would not be allowed on a vendor-hosted instance of SonarQube. We ended up purchasing a self-hosted SonarQube license, not what my company would prefer, so that we would have the freedom to install and use the third-party F# plugin.

Does that help clarify?

Brian

@BrianS you’re free to use any 3rd party analyzer (eg FSharpLint) and convert the report to the generic issue format as it is documented at https://sonarcloud.io/documentation/analysis/generic-issue/ on your own. But that requires some additional effort on your side in the build definition to run the analyzer, extract the reported issues and generate the file for SonarCloud.

I just submitted an issue on the Github repo but figured I would reference here as well: https://github.com/SonarSource/sonar-dotnet/issues/6554.

Basically, the issue asks if there was a community initiative to build this, would Sonar consider merging it with the other dotnet languages (C#, VB). And if so, is there any guidance on what you would want in that PR in order to accept it?

Hi @Roly_Vicaria1

I didn’t upgrade the above mentioned F# scanner on GitHub for SonarQube 9.x series. Nowadays the SonarQube API is only valid for one major release. But if you create there a pull request we’ll review it and merge.

The scanner is based on FSharpLint (fsprojects.github.io), even if currently not all rules are handled in the scanner.

Thanks Volker. There was a discussion about this on the F# Slack General channel where a few folks volunteered to help update and merge both https://github.com/jmecosta/sonar-fsharp-plugin and https://github.com/swlaschin/sonar-fsharpsecurity-plugin. They closed our Github issue on the sonar-dotnet repo saying they would not include F# because it is not “Roslyn-based”.