Do I need Sonarqube if I am using eslint-plugin-sonarjs and I don't need just a reporting dashboard?

I need to implement code quality checks in my frontend React codebase.
For this currently, I am using eslint with prettier plugins for static code linting, stylelint and jest for unit tests. All PRs run a custom validation script that runs eslint, stylelint and unit tests.

Sonarqube provides analysis and a complete report of the codebase which is really impressive.

While I was planning to implement Sonarqube, I found eslint-plugin-sonarjs, which does what I needed from Sonarqube (Bug Detection, Code Smell Detection).

So now, If I don’t need a reporting dashboard does it makes sense to use Sonarqube? Should I just use the eslint-plugin-sonarjs, or Sonarqube can provide better analysis with multiple different plugins?

Hello, welcome to the community! And thank you for your question.

The main difference I see between SonarQube and other linters (among which ESlint) is precisely this overview of the evolution of the quality of your code in time.

With SonarQube, you can:

  • take full control over the applied rules and whether the issues raised actually apply to your code or not
  • apply the same rules in your CI and in the IDE (with SonarLint’s connected mode)
  • define a Quality Gate that tells you where your code stands, whether it is in a releasable state or not, with a focus on new code (the code that matters, the one that changes and on which it is easier to fix or avoid introducing issues)
  • take a developer-first approach to security, with vulnerability detection rules and security hotspots

If a classic linter fits your needs, nobody is going to force you to use SonarQube or SonarCloud, but IMHO that would mean passing on a lot of good stuff.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.