Please consider adding F# support to SonarQube. I understand it is available in a third-party plugin, but when purchasing a Sonar-hosted instance of SonarQube, we don’t have the option of using a third-party plugin.
You know on the Community F# Sonar Analyzer? https://github.com/jmecsoftware/sonar-fsharp-plugin
I know there is a lot to do to completely support FSharpLint and improve the user experience - but at least it works again since last year.
+1!
I am a new SonarQube Enterprise & SonarCloud customer. We have important core code written in F# and it would be great if we can scan it with SonarQube as well.
Thanks
Can you clarify what do you mean by that?
Nothing prevent you to use third-party plugins in a SonarQube instance, even a commercial editions one.
Alexandre,
Thanks for checking in. From what I was told, we had the option of purchasing either a vendor-hosted or self-hosted version of SonarQube. In a vendor-hosted instance, the vendor controls the server and decides what can be installed on it. Since the current F# plugin is by a third-party, this would not be allowed on a vendor-hosted instance of SonarQube. We ended up purchasing a self-hosted SonarQube license, not what my company would prefer, so that we would have the freedom to install and use the third-party F# plugin.
Does that help clarify?
Brian
@BrianS you’re free to use any 3rd party analyzer (eg FSharpLint) and convert the report to the generic issue format as it is documented at https://sonarcloud.io/documentation/analysis/generic-issue/ on your own. But that requires some additional effort on your side in the build definition to run the analyzer, extract the reported issues and generate the file for SonarCloud.
I just submitted an issue on the Github repo but figured I would reference here as well: https://github.com/SonarSource/sonar-dotnet/issues/6554.
Basically, the issue asks if there was a community initiative to build this, would Sonar consider merging it with the other dotnet languages (C#, VB). And if so, is there any guidance on what you would want in that PR in order to accept it?
I didn’t upgrade the above mentioned F# scanner on GitHub for SonarQube 9.x series. Nowadays the SonarQube API is only valid for one major release. But if you create there a pull request we’ll review it and merge.
The scanner is based on FSharpLint (fsprojects.github.io), even if currently not all rules are handled in the scanner.
Thanks Volker. There was a discussion about this on the F# Slack General channel where a few folks volunteered to help update and merge both https://github.com/jmecosta/sonar-fsharp-plugin and https://github.com/swlaschin/sonar-fsharpsecurity-plugin. They closed our Github issue on the sonar-dotnet repo saying they would not include F# because it is not “Roslyn-based”.
@Roly_Vicaria with good reason, I would argue. The Sonar .NET solution is building on Roslyn, and on Roslyn only. As log as that is the case, there is hardly any (basically none) common ground to share.
That being said, I think it is a wonderful initiative.