Allow individuals use SonarLint to learn/explore better quality code practices

Let’s discuss what you have in mind!

Try to describe the problem or opportunity you are seeing and why it matters. The closer you stick to this topic template, and the more information you provide, the better chance you have to generate a real discussion.

A few questions to help you:

  • What are you trying to accomplish?
    Provide developer autonomy for improving code quality using their own IDE to suggest places to make things better while automatically enforcing minimum standards in the repository/SonarQube project
  • Why does this matter to you?
    Many of the rules and explanations have too many false positives/too many positives on a very large legacy code base. Deactivating most of the rules in SonarQube makes it easier to manage/not get overwhelmed and keep up the development velocity/reduce code review noise. Deactivating most of the rules makes it harder to teach developers good practice/improve skills/improve code quality generally
  • How would that look in SonarLint? Alternatives?
    Ability to configure Lint to include deactivated rules in the scan/analysis or Ability to configure the Quality Gate to accept some activated rules as guidelines (not enforced following). IDE differentiates guidance from breakages (different style for active rules)
  • How would we know it works well?
    Easier to fix some of the low severity problems in a file as part of the primary fix without the entire merge being blocked by the quality gate
  • Why should it be a priority now?
    Changes from severity based quality gates to ‘Clean code’ quality gates means that the developers have no control over relative priority of the changes they have been asked to make and existing tech debt.

Make sure to check out our product roadmap as well, to see if your need is already being considered.


Hi @searler,

Thank you for your suggestion. We would love to discuss this with you more. I have messaged you to hopefully set up a short call.

Best regards


Could you consider grouping by family?

Say CWEs, such that one could align devs learning journey to Owasp proactive controls (vs top 10)

Families lead to frameworks or libraries, better choices and habit.

Happy to discuss as well

I think some form of grouping/tailoring might be required because there could be a lot of ‘noise’ in the IDE if every rule is considered to be enabled (eg some of the rules in ‘Mission Critical’ are similar to those in ‘SonarWay’ but shall instead of should)
The intent is to focus learning rather than overwhelm the devs
We are currently running with 10.2 so there aren’t many options for ‘Family’ the three Severity Levels are options but not very fine grained. CWE etc are better in some ways but Security rather than style focused.
Language filtering would be automatic because the IDE knows the language for a given file and can apply the correct rule set.
I think that there is only a problem when SonarLint interacts with a SonarQ server, if there isn’t a binding to the server then the developer can do anything they like with the configuration.
If there is a server then the rules are currently either enabled and enforced or disabled and invisible.
Providing a middle ground like ‘guideline’ which is ‘Enabled for SonarLint’ but not enforced might be a way of making it work, alternatively push the configurability back to the individual SonarLint instance but don’t allow developer to change the configuration of an enabled/enforced rule, only the other rules