Alternatives of SonarLint for Xcode

I understand that SonarLint is not available for Xcode… My requirement is to have a local scanner which generate reports that is matching with the SonarQube scanner results before developers create Pull Requests. This will allow them to fix the issues locally before creating PRs.

Is there any plugin or script available which developers can integrate it in Xcode IDE the same like SonarLint?

Hi,

The only pre-PR analysis is in SonarLint. So I’ve moved this topic to the SonarLint category as a request for XCode support.

 
Ann

Anyone has any idea?

Now that JetBrains is sunsetting AppCode (AppCode 2022.3 Release and End of Sales and Support | The AppCode Blog) this becomes a really urgent issue for Swift developers who want to use SonarQube.

What are the plans from SonarSource to support Swift developers?

Hello @Alix,
increasing the security coverage for mobile applications developed in Swift is one of the topics we are considering for 2023. We’re also considering the support for Dart/Flutter at the same time.
From the IDE standpoint, we’re assessing the interest to support Xcode but we haven’t taken any concrete development steps yet. May I ask a couple of more questions around your use case?

  • What applications do you develop; is purely mobile apps or MacOS apps as well?
  • Are you in the process of migrating from AppCode to Xcode? In case what SonarLint features have you been using in AppCode? In particular, and quoting “this becomes a really urgent issue” what makes SonarLint a must-have tool in your current setup?
  • Do you use SwiftLint or any other linters for your code currently?

Hi @Marco_Comi ,

In my context only purely mobile apps

Some of our developers will have to transfer to Xcode, some were already using Xcode (mostly because new features are only available in Xcode).
We would like to use SonarQube efficiently in all teams. To that end we need to be able to synchronize our centrally established rules down to the IDE so that problems can be caught immediately before being committed to git. This requirement is not unique for iOS development, we want this for all programming languages.

No. Only SonarQube. But I think it would be nice to be able to import SwiftLint reports the same way we can do that for AndroidLint using a SonarQube configuration where we point to the report path.

1 Like