Different analysis results by Sonarlint and SonarCube

  • Operating system: Windows
  • SonarLint plugin version: 10.0.1.77000
  • Programming language you’re coding in: Java
  • Is connected mode used: Connected to SonarQube Enterprise Edition 9.9.2

The example I demonstrate further is for Java language.

In the context of any of the microservices we use, the SonarLint is bound to the configured SonarQube connection, indicating the Project Key, without any file exclusions or analysis properties.
sonar3

The project in the screenshots below has two quality profiles and one quality gate, if this is essential for solving the problem.

Some rules may match, but overall, the identified problems cannot be said to be identical. This is inconvenient when working with legacy code, for example.
I need to commit the code and run the check on the server to be sure that the changes have been corrected correctly or not. It is especially problematic in this regard to decompose God classes, which is not naturally displayed by SonarLint in IntelliJ IDEA.

Identified issues by SonarLint:

Identified issues by SonarCube:

I would be very grateful if you could provide with an explanation of reasons for the inconsistency in issues identified by SonarLint in IntelliJ IDEA and the SonarQube. It would also be good to know if there is any way to correct this behavior.

Welcome :slight_smile:

AFAIK this issue ‘Possible God class …’ stems from a PMD rule.
Sonarlint supports no third party plugins, means no PMD, Findbugs … in Sonarlint.
I’m almost sure all those issues missing in Sonarlint are issues from third party plugins.

Use only plugins provided by Sonarsource for scanning.

Gilbert

1 Like

Hey Gilbert! Thanks for reply!

SonarLint or SonarCube?
In my case within IntelliJ:
IntelliJ
I use SonarLint:
sonarlint
And the thing is that God class example is only one of discrepancies between SonarCube and SonarLint analysis, that I indicated)
So the question probably lies in the plane: does it make sense to use the SonarLint plugin at all or is there still a way to get the same results from both tools? )
Thanks!

As i wrote, Sonarlint doesn’t support third party plugins at all - you may write custom rules that are Sonarlint enabled using the Sonarqube api though.

Those mentioned third party plugins like i.e. Findbugs, Checkstyle … are installed on Sonarqube server, which means they are part of your analysis and will raise issues.

Note

  1. Sonarlint doesn’t support all languages (Sonarqube supports ~ 30 languages) right now, see
    https://plugins.jetbrains.com/plugin/7973-sonarlint

Supported languages include C, C++, Java, Go, JavaScript, TypeScript, Python, C#, Kotlin, Ruby, HTML, CSS, PHP & PL/SQL.

  1. Third party plugins in Sonarqube are not supported by Sonarsource, use at your own risk.

You should definitely use Sonarlint to get the fastest possible feedback and avoid errors before Git push!!

Get rid of those third party plugins on your Sonarqube instance, the most important rules where also / already implemented by Sonarsource - so no need for Findbugs, Checkstyle … anymore.
Afterwards Sonarqube and Sonarlint will show the same issues (for supported languages).

EDIT
Now that the Sonarqube documentation has become even better, you can find the supported languages listed here

Gilbert

1 Like