Different rules set in SonarQube Enterprise Edition vs SonarCloud?

I’m using SonarQube v.7.9.1 and I’ve installed the plugin for TypeScript analysis SonarTS v.2.1.
I’m wondering if it’s normal that I see a total of 142 rules available when defining a Quality Profile for TypeScript, while if I visit the plugin homepage (https://rules.sonarsource.com/typescript) it states that there is a total of 224 rules.

Are the missing 82 rules only available for SonarCloud or am I missing something?

Thank you for your time

Hi @Just_some_guy,

The rules website lists all the rules available in SonarCloud and either available in the latest version of SonarQube or that will be available in the next release (8.6 in December).
Starting in 8.5, the languages plugins are bundled with the version of SonarQube : New language features now available exclusively in latest SonarQube versions

Which means that, to benefit from all the available rules in your Quality Profile, you should be on the latest version (8.5 currently) and not on the LTS 7.9. And maybe, some of the rules that you see on the rules site will be available only in 8.6.

That being said, could you share a screenshot of the number of rules you have in your Quality Profile?
And did you build your own Quality Profile or are you using the SonarWay by default?

Thanks,
Carine

Hi @Carine_Bayon,

Thank you very much for the clarification!!
Here is my screenshot: I’m using the Sonar way recommended, but shouldn’t it be irrelevant since I’m counting both the Active and Inactive rules?

Hi again,

in my 8.6 “not released yet” version, I have the 220+ rules.
You’ll have additional rules if you upgrade from 7.9 LTS to 8.5 latest release, and up to 220+ rules in the 8.6 :slight_smile:
(Example of these additional 31 rules in 8.2, in comparison with 7.9: 31 new rules for TypeScript)

Your SonarWay profile lists all the rules that were available with 7.9 LTS
(and if you create your own QP, you can activate more rules if you feel the need)

And you can use api/rules/search?language=typescript if you want to export the list of rules that you benefit from and compare with a more recent version when you upgrade.

Carine

Thanks again Carine, you’ve been really helpful!

If I may ask one last thing regarding the rule count in my 7.9 istance, do both of these plugins add different rules for security (Vulnerabilities and Hotspots)?

  • Vulnerability Rules for Java
  • SonarJava

My hypothesis is that “Vulnerability Rules for Java” comes preinstalled with some Vulnerabilities and Hotspots, and then “SonarJava” adds even more rules both for security (Vulnerabilities and Hotspots) and code quality (Bugs and Code smells).

Did I get it right?
Thanks again, I hope my last question is still relevant to the topic.

Here are the screenshots of my plugins: