Is there a way to run sonarlint in command line and check if any rule has breached ?
The context it that I want the same checks to be run in my IDE, by local dev before pushing and on the CI.
I also don’t want every dev to install a SonarQube locally
Hi @fabich and welcome to the SonarSource community!
Let me ask you a few questions to understand your context and needs a little more in details:
which IDE are you (or the developers in your organization) using?
We are using VS Code, Eclipse and Intellij
do you have one SonarQube instance in your team/company, integrated with your CI flows?
No we don’t have a SonarQube instance.
what is your goal exactly?
I want to force the project to 0 issue so no body add new issues.
We already have several CLI tools we use on the CI that any user can also run locally.
I’d like to the same with SonarLint checks
Thanks @fabich for the clarifications.
The quick answer: it is not possible to run SonarLint checks from command line, and still, with SonarQube or SonarCloud, there is a way to reach your goal “nobody adds new issues” without requiring “forcing the project to 0 issues”
The long answer: SonarLint goal is to catch issues directly in the IDE as developers code; the idea is to detect issues as soon as possible (=in the very moment you write a line code). We do not see SonarLint as a tool to review the whole list of issues in your project, nor to “force the project to 0 total issues”. This is why we do not propose a CLI for SonarLint to scan the whole project and report issues.
You say “I want to force the project to 0 issues so no body add new issues”: actually, we have tools that allow you to avoid adding new issues, without the precondition to reach 0 total issues in your project; moreover, your project may have many existing issues, and this should not prevent you from starting enforcing better code quality and security policies. To this extent, we promote the Clean As You Code approach to achieve Code Quality and Security by focusing on issues on the New Code Period while avoiding removing all existing issues. I invite you to read the blog post and our documentation for a full explanation of our rationale and methodology.
Following this methodology, here is why we propose to associate SonarLint with a SonarQube or SonarCloud instance:
How would a dev check if he is adding new errors if he does not have access to the CI SonarQube ?
From SonarLint itself (not via CLI), at least in Eclipse and IntelliJ it is possible to list and review issues in modified files when you commit. For example in IntelliJ IDEA, if SonarLint detects some issues in the files I am about to commit, I will get such a popup:
Ok, I think it’s a bit weird to have a full IDE integration but no simple CLI to do the checks.
We already have ten tools (checkers, linters, formatters…) running with command line. For example for Java checkstyles we can see them in any IDE (with the corresponding extension) but we also have the possibility to run mvn checkstyle:check to see if the code is clean, which is also the command run on CI before merging a PR.
All this tools also have configuration (the list of rules we want to enforce, the current number of violations, the exact tool version…) that is merged into the project. The maven plugin (or equivalent for other languages) is all the user really need and it is easily installed with the package manager.
As far as I understand Sonar, it is not possible to run this kind of workflow 
It is very weird. The architecture is flawed at best at-least for the UI projects where Sonar uses opensource linters, enforces its own rules on a server instead of exposing the same functionality command line. I have been trying to use ESLint plugin:sonar/recommend but the rules are not synchronized with your server (they don;t tell you if it is running Sonar Way or Sonar Way Recommended)
Hello @bhantol, welcome to the community and thank you for your feedback.
I understand how the architecture might appear as “flawed” to someone new to the ecosystem and used to UNIX-style, CLI-first tools.
The analyzers available in SonarQube, SonarCloud and SonarLint started their lives as plugins for SonarQube (née Sonar), when it was marketed as an open platform for code quality.
Their tight integration within the 4 supported IDE families through SonarLint allows for a user experience that goes beyond what most linters offer - with detailed rule descriptions, explanation of complex issues through multiple locations, and synchronization with the server quality profile and settings in connected mode.
Said otherwise, the analyzers were never meant to be run as standalone products, but rather to power a larger ecosystem.
With SonarLint in the IDE to catch issues while you code, and branch analysis / PR decoration in SonarCloud or SonarQube, it seems that your project’s quality and security should be pretty well covered.
This is the developer experience currently offered by our ecosystem. It can be really powerful if you embrace it, and I understand that it can appear as frustrating if you don’t want to.
Was looking for this feature and was disappointed to stumble upon this thread to see SonarLint is not available as a command line tool… I found this repo but it looks like it hasn’t been touched in a few years, and all the links in the README are dead…
Maybe what I’m looking for is a feature in the IDE plugins, I looked around but couldn’t find anything.
I was trying to do something such as pass the output of git diff --name-only origin/master...HEAD to a cli tool to see if there were any sonar issues in a pull request quickly. In VSCode there doesn’t seem to be any way to do this, and in IntelliJ all I could find was to analyze the files in a changelist. Is there a way to view sonarlint issues in a specific set of files quickly using the IDE? Or can we get a CLI tool to make this easier?
Hello, welcome to the community! And thanks for your question.
If I understand correctly, I see 2 needs expressed in your message above:
Both are indeed features that exists in Eclipse and IntelliJ-based IDEs, but have not been implemented yet for VSCode.
Please note that we do have a “feature under consideration” that could address this need: the ability to review new issues before committing a change set. You might want to add your voice there and express your interest in making these features come to VSCode as well.
Hello!
If developers want to use cli to commit a code they will miss checks and it can be better to have the required pre commit hook for this case.
Agree with this. It would be great to have a CLI way to run sonarlint on the code before commit or pushing to remote.
It would be nice to have a command line tool.
Why force people to use an IDE to use your product?
All the other tools have command line and IDE pluggins.
What do you mean there is no cli? What about this project from SonarSource seems like it’s been around for more than 8 years.
FYI: I’m the author of this project.
I’ve made a CLI to run sonarlint-ls without any server here:
