Does SonarLint have full coverage of the SonarJs rules?


(Jayden Wise) #1

Evening y’all,
My team is currently trying to figure out what form of Sonar we should use for our project. Our priority is to have a tool that will not require any extra effort or checking-in on the developers behalf. Something that will be able to give instant feedback on problematic code.

With these parameters my search has been refined down to SonarLint and the ESlint plugin provided by Sonar - ‘eslint-plugin-sonarjs’.
The plugin does not seem to cover as many rules as SonarLint, but can presumably be used with any IDE that ESLint can be used with.

However, my question is regarding the coverage that SonarLint provides. On the SonarLints features page it proclaims you can “Benefit from thousands of rules” (across different languages). Does this include each and every “193 rules” covered in SonarJS?
And if so, what benefit is there to using SonarJS through the SonarQube Application/Cloud if you can have your bug detection directly inside your IDE?

Thanks for reading, if you have any questions or if something doesn’t make sense, just let me know and I’ll clarify.

(Clint Cameron) #2

Hello Jayden,

To answer your questions, the rules that are activated in SonarLint depend if you’re using SonarLint standalone mode or have it ‘connected’ to SonarQube or SonarCloud. It also depends upon the IDE you’re using with SonarLint. If you’re using SonarLint by itself, then the rules activated in the Sonar Way Quality Profile for SonarJS, is the rule set that will apply. For SonarLint for IntelliJ and Eclipse, the developer can turn on/off individual rules to suit their needs.

You ask about the benefit of using SonarQube or SonarCloud and a big one is called Connected Mode.
With Connected Mode, SonarLint will use the same quality profile as the bound project on the SonarQube server or in SonarCloud. Be aware that Connected Mode is NOT supported in SonarLint for Atom.

But this is just a part of the benefits of using SonarLint with SonarQube or SonarCloud. I encourage you to check out this page for additional benefits. Then check out Fixing the Leak and Quality Gates to see how you can champion Continuous Code Quality in your organization.

Let me know if anything is unclear. Thanks!

(Jayden Wise) #3

Hi Clint, Thank you for your response!

So I have gone through the steps of installing the SonarLint plugin for IntelliJ (I am currently using Phpstorm) and I have bound the project to a SonarQube server. So… just to be clear - this is “Connected Mode”?

I do appreciate the fact you can get the instant feedback from SonarLint while maintaining the option to ‘check-in’ the code with the command line instruction “sonar-scanner”.
However, I am wondering if there is a way to automate this feature? With check-ins (to the server) occurring with each save on the IDE?

Thanks again!

(Clint Cameron) #4

Hi Jayden,

My apologies for not replying sooner. Yes, binding your project is getting you the Connected Mode functionality we discussed.

Regarding automatic check-in, the typical use case for SonarQube automation would be automatically initiating a code scan when a build occurs. So, the big picture for this use case scenario is that SonarLint is helping the individual developer write clean code to a consistent set of rules using Connected Mode. When a build occurs, SonarQube analyzes from a code project context while also providing additional relevant information for test coverage and duplication.

Hopefully this helps answer your question. Let me know if I missed the mark on your intended question. Thanks!