SonarQube for Visual Studio plugin version: 8.9.0.11507
Programming language you’re coding in: C#
Is connected mode used: Yes
SonarQube Server 10.1
The following code should report two S1144 issues, but it reports only one. The method void Event(object, EventArgs) is not reported by SonarLint (but it is by SonarQube Server and also by sonar-dotnet version 9.0.2)
public sealed class Class1
{
private void Event(object sender, EventArgs e)
{
// intentionally left empty
}
private void Other(object sender, EventArgs e, object last)
{
// intentionally left empty
}
}
Thanks for looking into this, I believe this is not a FN.
The rule description, under the Exceptions heading, states that:
This rule doesn’t raise issues on:
void methods with two parameters when the second parameter type derives from EventArgs
We actually viewed this scenario as an FP that is fixed in the latest versions of our analyzers.
This means that SonarQube IDE is correctly ignoring this code and SonarQube Server is incorrectly reporting an issue as it does not have the latest version of the analyzers.
To correct this you would need to update to the latest version of SonarQube Server.
regarding SonarQube Server I agree with you.
But the latest version of dotnet-sonarscanner (9.0.2) also reports two S1144 issues for the code given above.
depending on how you use the dotnet-sonarscanner, it will change the analyzers it uses. So if you use it with SonarQube Server 10.2 you will get the analyzers packaged with that version.
If you use it with SonarQube Cloud you will get the latest version of the analyzers and it will not raise any issues.
I have an example project on SonarQube Cloud here where you can see S1144 does not raise on the first method.
another related question: If dotnet-sonarscanner pulls the actually used analyzers (the analyzer code, not only the rules, right?), why doesn’t SonarLint do that, too?
I’m not 100% sure how exactly you’re trying to run the scanner, but it needs to be ran in conjunction with either SonarQube Server, or SonarQube Cloud.
The exact details of SonarQube IDE is a little outside my wheelhouse, but my understanding is that it is due to a combination of practical, technical, and security reasons, as well as it being recommended practice for IDE plugins to not download components from outside the given marketplace.
It is documented behaviour on the SonarQube IDE Troubleshooting page that analysis results may differ between SonarQube IDE, and SonarQube Server.