Connected mode in visual studio

Divya · July 21, 2021, 5:03am

I try to get the issues from the SonarQube server in visual studio using Connected-Mode but I don’t see most of the issues from the SonarQube server in visual studio. I get the issues from Sonar Lint only.

I am using SonarQube (8.9 LTS) Developer Edition and Visual studio 2019.
Anyone, please guide me to get all issues from SonarQube.

duncanp · July 21, 2021, 9:38am

Hello @Divya - welcome to the community.

There are a couple of reasons you won’t see all of the server-side C/C++ issues in the IDE.

there are a number of C/C++ rules that are not run in the IDE due to technical constraints (namely that they need to analyse the full project rather than a single file, which is not supported in the IDE).
If you look in the SonarLint output window you will see a message like the following:

Note: the following CFamily rules are not available in SonarLint: cpp:S5536, c:S5536, cpp:S4830, c:S4830, cpp:S5527, c:S5527, cpp:S5801, c:S5801, cpp:S5814, c:S5814, cpp:S5815, c:S5815, cpp:S5816, c:S5816, cpp:S5824, c:S5824, cpp:S2612, c:S2612, cpp:S5802, c:S5802, cpp:S5849, c:S5849, cpp:S5982, c:S5982, cpp:S5813, c:S5813, cpp:S5332, c:S5332, cpp:S2068, c:S2068, cpp:S2245, c:S2245, cpp:S5443, c:S5443, cpp:S5042, c:S5042, cpp:S4790, c:S4790, cpp:S1313, c:S1313, cpp:S6069, c:S6069

the analysis in the IDE is executed when a file is opened or saved, so you will only see issues for open files.

Divya · July 23, 2021, 7:48am

Thank you @duncanp.

We are trying to limit the access to SonarQube portal to our dev team (as security best practices, we don’t want to expose security vulnerabilities and hot spots to other teams). So we are planning to uses Visual Studio Sonar Lint Connected Mode to limit to specific team to see this issues or SonarQube scanner results.

Is this makes sense? If so, can you please let us know how to achieve this one?
Is there any other alternative way to get report from SonarQube (like document)?

JBL_SonarSource · July 23, 2021, 8:05am

I believe what you are looking after is to finely tune permissions on your projects on SonarQube.

SonarLint is primarily an IDE extension that analyzes code on the fly and gives instant feedback to developers. It is not meant as a substitute client to SonarQube’s web UI.

Divya · July 26, 2021, 4:24am

Thank you @JBL_SonarSource.
Is there any third-party plugin to get reports from the SonarQube?

JBL_SonarSource · July 26, 2021, 7:54am

A quick search for “SonarQube” on the Visual Studio Marketplace returns a few hits that look like they offer the kind of reporting feature that you are looking for. I did not try them myself, so I cannot vouch for their quality; the SonarLink one from ETAS looks promising, not sure how well it integrates.

Please note that SonarLint is the only extension published by SonarSource, and as far as I can tell the only one for which we’ll provide support here on this forum

Divya · July 26, 2021, 8:44am

Thank you

system · August 2, 2021, 11:55am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.