Thanks @fabich for the clarifications.
The quick answer: it is not possible to run SonarLint checks from command line, and still, with SonarQube or SonarCloud, there is a way to reach your goal “nobody adds new issues” without requiring “forcing the project to 0 issues”
The long answer: SonarLint goal is to catch issues directly in the IDE as developers code; the idea is to detect issues as soon as possible (=in the very moment you write a line code). We do not see SonarLint as a tool to review the whole list of issues in your project, nor to “force the project to 0 total issues”. This is why we do not propose a CLI for SonarLint to scan the whole project and report issues.
You say “I want to force the project to 0 issues so no body add new issues”: actually, we have tools that allow you to avoid adding new issues, without the precondition to reach 0 total issues in your project; moreover, your project may have many existing issues, and this should not prevent you from starting enforcing better code quality and security policies. To this extent, we promote the Clean As You Code approach to achieve Code Quality and Security by focusing on issues on the New Code Period while avoiding removing all existing issues. I invite you to read the blog post and our documentation for a full explanation of our rationale and methodology.
Following this methodology, here is why we propose to associate SonarLint with a SonarQube or SonarCloud instance:
- SonarLint focus on catching issues as you code, just like a spell checker, directly in your IDE
- SonarQube or SonarCloud analyze your whole project (every time you push new code for example), and run quality gates check to enforce your policy about Code Quality and Security: for example, block code changes adding new issues that slipped through SonarLint detection or were not fixed in the IDE. Of course, if you wish you can also review the full issue list for your project there (including old issues on old code).
Please also note that some complex issues (for example security vulnerability issues involving taint analysis) are only detectable in SonarQube/SonarCloud and not in SonarLint.