Can not see Code Scan issues from connected server inside VS Code

versions used

  • sonar Lint Version 2.1.1
  • vs code
    Version: 1.59.1 (user setup)
    Commit: 3866c3553be8b268c8a7f8c0482c0c0177aa8bfa
    Date: 2021-08-19T11:56:46.957Z
    Electron: 13.1.7
    Chrome: 91.0.4472.124
    Node.js: 14.16.0
    OS: Windows_NT x64 10.0.18363
  • sonar qube Version 8.9.1 (build 44547)

error observed

steps to reproduce

  1. Open Sonar Qube Project Page and select a file with errors
    Bug 0
    Vulnerability 7
    Code Smell 32
    Security Hotspot 0
  2. Open Account Manager in VS Code
  3. Update Project Bindings

Result: No errors are shown.

How to see the 39 problems from Sonar Qube inside Visual Code?

Hello again!

This time the answer is a bit different than for your other thread.

Apex is supposed to be supported in VSCode when connected to SonarQube.

After checking the logs, what I suspect is that the 39 issues you talk about are detected by a third-party plugin (CodeScan ?). SonarLint does not run third-party analyzers. The only issues you will be able to see on Apex files are the ones provided by our analyzer, which rules are listed here.

Unfortunately there is currently no way for you to display those issues in any IDE supported by SonarLint

It seems that CodeScan also provides IDE plugins for IntelliJ and VSCode, you might want to give it a try. Please note that we don’t provide support for those products here.

Interesting, didn’t expect this answer.

You may, should add it to the main page or at least to the FAQ, that everything is executed locally. The Sonar Qube/Sonar Cloud connection is only used to download the ruleset. Any Sonar Run Result from the Server will be ignored.

Yes we do only use Codescan rules. Thank you for the hint. I didn’t expect that this would be such a big deal. I thought it is just a rule definition set installed into SonarQube.

@Damien_Urruty Could it be that the code scan plugin is a fork of SonarLint Plugin?
I’m just interested, why did somebody think it would be a good idea to create a fork?

It’s a fork yes. As we don’t run third-party analyzers I presume they wanted to provide an IDE extension that would support their custom analyzers.

The fact that we only rely on local detection should be mentioned somewhere, you’re right. We know that our documentation is light (to say the least) and we have actions identified on our side.

Not only, we also have to run the 3rd party analyzer on the developers box which can be a risk, that’s why we only run analyzers that we control.

I know that this creates friction with our users. If you feel the product should provide a different user experience I encourage you to explain your expectations or suggest new features, we are happy to hear what our users have to say :slight_smile:

Why didn’t add the creator of code scan all his rules in your repo?

We don’t know what their product plans or goals are, @Falco - you would have to ask them.

FYI the fact that the CodeScan fork refers to SonarLint and links to this forum for support is misleading. The CodeScan developers apologised for the confusion and are working to remove the references to SonarLint.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.