Does SonarLint have full coverage of the SonarJs rules?

Evening y’all,
My team is currently trying to figure out what form of Sonar we should use for our project. Our priority is to have a tool that will not require any extra effort or checking-in on the developers behalf. Something that will be able to give instant feedback on problematic code.

With these parameters my search has been refined down to SonarLint and the ESlint plugin provided by Sonar - ‘eslint-plugin-sonarjs’.
The plugin does not seem to cover as many rules as SonarLint, but can presumably be used with any IDE that ESLint can be used with.

However, my question is regarding the coverage that SonarLint provides. On the SonarLints features page it proclaims you can “Benefit from thousands of rules” (across different languages). Does this include each and every “193 rules” covered in SonarJS?
And if so, what benefit is there to using SonarJS through the SonarQube Application/Cloud if you can have your bug detection directly inside your IDE?

Thanks for reading, if you have any questions or if something doesn’t make sense, just let me know and I’ll clarify.
Cheers,
Jayden.

Hello Jayden,

To answer your questions, the rules that are activated in SonarLint depend if you’re using SonarLint standalone mode or have it ‘connected’ to SonarQube or SonarCloud. It also depends upon the IDE you’re using with SonarLint. If you’re using SonarLint by itself, then the rules activated in the Sonar Way Quality Profile for SonarJS, is the rule set that will apply. For SonarLint for IntelliJ and Eclipse, the developer can turn on/off individual rules to suit their needs.

You ask about the benefit of using SonarQube or SonarCloud and a big one is called Connected Mode.
With Connected Mode, SonarLint will use the same quality profile as the bound project on the SonarQube server or in SonarCloud. Be aware that Connected Mode is NOT supported in SonarLint for Atom.

But this is just a part of the benefits of using SonarLint with SonarQube or SonarCloud. I encourage you to check out this page for additional benefits. Then check out Fixing the Leak and Quality Gates to see how you can champion Continuous Code Quality in your organization.

Let me know if anything is unclear. Thanks!

1 Like

Hi Clint, Thank you for your response!

So I have gone through the steps of installing the SonarLint plugin for IntelliJ (I am currently using Phpstorm) and I have bound the project to a SonarQube server. So… just to be clear - this is “Connected Mode”?

I do appreciate the fact you can get the instant feedback from SonarLint while maintaining the option to ‘check-in’ the code with the command line instruction “sonar-scanner”.
However, I am wondering if there is a way to automate this feature? With check-ins (to the server) occurring with each save on the IDE?

Thanks again!
Jayden.

Hi Jayden,

My apologies for not replying sooner. Yes, binding your project is getting you the Connected Mode functionality we discussed.

Regarding automatic check-in, the typical use case for SonarQube automation would be automatically initiating a code scan when a build occurs. So, the big picture for this use case scenario is that SonarLint is helping the individual developer write clean code to a consistent set of rules using Connected Mode. When a build occurs, SonarQube analyzes from a code project context while also providing additional relevant information for test coverage and duplication.

Hopefully this helps answer your question. Let me know if I missed the mark on your intended question. Thanks!

Clint

I’m going to high-jack this thread and ask the same question because it was not answered, as the original poster asked: “Does this include each and every “193 rules” covered in SonarJS?”

Does SonarLint cover the rules which are included in the ESLint plugin? Or must we use both? What is the preferred setup.

Short answer to the initial question is: yes, SonarLint runs all rules provided by SonarJS; and its rule set is a superset of those provided by eslint-plugin-sonarjs.


The slightly longer answer about the preferred setup is… definitely a matter of preferences :slight_smile:

  • If you already invested in an ESlint-based setup in your development environment, both in the editor/IDE and build/continuous integration pipeline, and you don’t want/need another tool, then I suggest that you use the eslint-plugin-sonarjs, which will augment ESlint’s with SonarJS rules.
  • If you are starting from scratch and/or are not too attached to ESlint, I would suggest to use SonarLint (in your IDE) + SonarQube/SonarCloud (in your build/CI). Rationale is that ESlint is “just” a (pretty good) linter, while the SonarEcosystem is a complete solution for code quality and security.

And technically, you can use both SonarLint and ESlint integration in your IDE, which might result in duplicated issues.

2 Likes