Code analyzer XXX is not compatible with SonarLint

Hej there,
I have managed to set up plug in and it seams to work.
Though i have noticed that currently there are some code analisers that are not compatible.

In my particular case:
Code analyzer ‘css’ is not compatible with SonarLint. Skip downloading it.
Code analyzer ‘eslintplugin’ is not compatible with SonarLint. Skip downloading it.
Code analyzer ‘scmgit’ is not compatible with SonarLint. Skip downloading it.
Code analyzer ‘csharp’ is not compatible with SonarLint. Skip downloading it.

Is there a place were i could follow up if there are any plans for these analyzers to be implemented? Some roadmap or task that i could follow progress on.

Currently we cant rely on SonarLint (we rly like it though, but it does not solve the issue with local code check)

Are there any other tools that you could recomend that would analyze the code and output LOCALLY in console/file the results, so that the developer could instantly see issues that WILL be reported in SonarQube before she/he pushes the code to main branch?

Hi Julius,

the Sonarlint site sonarlint.org has some details, e.g. https://www.sonarlint.org/eclipse/ has

…detect issues in Java, JavaScript, PHP, Python

BUT the site is not up to date and still shows version 4.1
Sonarlint for Eclipse 4.2 has been released 19/Sep/19 already and now detects issues for HTML also.

There is an Eclipse plugin for Checkstyle … etc. and you may use Checkstyle rules in Sonarqube, but i do not recommend it, because they are not supported by Sonarsource and Sonarlint.
The important Checkstyle, Findbugs … rules are already implemented by Sonarsource
in their own plugins.

TL;DR
If you want to keep track of Sonarlint you need to check Sonarsource Jira
https://jira.sonarsource.com/projects/SLE/summary , as the Sonarlint site is outdated.
I’m also missing Sonarlint related announcements in this community forum.

Gilbert

1 Like

Hi Julius,

CSS is on our radar, but with low priority.
ESLint is a third party analyzer, so no plan to support it in SonarLint. I think there is already an ESLint plugin in most IDEs.
CSharp is already supported in Visual Studio, and there is a way to make it work in VSCode. What is your targeted IDE BTW?

Not sure I understand what you are saying here?

There is an unsolvable equation here. A SonarQube analysis takes time. For example with recent security rules added to Java, PHP and C#, a full tainted analysis could take several minutes. So we haven’t found a way to report instantly in SonarLint issues that will take minutes to detect in SonarQube.

Our approach is to aim at detecting the maximum number of issues as soon as possible, while not sacrificing user experience.

  • Level 1: SonarLint helps developers to find as many issues as possible “on the fly”, as they code. Here we are talking about fast rules only, no coverage measurement, no duplication detection, … see the FAQ for more details on things that are not reported by SonarLint.
  • Level 2: Pull request analysis. This is where advanced checks like security rules can be executed asynchronously, but before code got merged into master.
  • Level 3: master branch analysis. In theory, if all merged PRs are clean, this should not detect anything new. But there are some corner cases, so let say this is an extra safety net. There are also some extra checks only enabled on “regular” branch analysis but not in PRs (like security hotspots).

I hope that make sense.

Hi,

I personally use VSCode as

Currently we cant rely on SonarLint (we rly like it though, but it does not solve the issue with local code check)

By that I mean that I was hoping to find a solution that would allow a developer to run code analisis locally based on rules from the SonarQube and get a report locally, so that action could be taken before comitting code.

It seams that there the best option currently for us is to look at PR code analysis as we using BitBucket.

Just FYI you ROCK on response times for the forum posts!!! Good job!

1 Like