I need to implement code quality checks in my frontend React codebase.
For this currently, I am using eslint with prettier plugins for static code linting, stylelint and jest for unit tests. All PRs run a custom validation script that runs eslint, stylelint and unit tests.
Sonarqube provides analysis and a complete report of the codebase which is really impressive.
While I was planning to implement Sonarqube, I found eslint-plugin-sonarjs, which does what I needed from Sonarqube (Bug Detection, Code Smell Detection).
So now, If I don’t need a reporting dashboard does it makes sense to use Sonarqube? Should I just use the eslint-plugin-sonarjs, or Sonarqube can provide better analysis with multiple different plugins?
Hello, welcome to the community! And thank you for your question.
The main difference I see between SonarQube and other linters (among which ESlint) is precisely this overview of the evolution of the quality of your code in time.
With SonarQube, you can:
take full control over the applied rules and whether the issues raised actually apply to your code or not
apply the same rules in your CI and in the IDE (with SonarLint’s connected mode)
define a Quality Gate that tells you where your code stands, whether it is in a releasable state or not, with a focus on new code (the code that matters, the one that changes and on which it is easier to fix or avoid introducing issues)
take a developer-first approach to security, with vulnerability detection rules and security hotspots
If a classic linter fits your needs, nobody is going to force you to use SonarQube or SonarCloud, but IMHO that would mean passing on a lot of good stuff.