Is it possible to connect to remote sonarQube directly without using the sonarCloud?
Hello zlmmimm!
Welcome to the community and thank you for your question!
Sure it’s possible. Please tell what IDE do you use so we could provide you with relevant instructions.
Have a good day.
Hi @Kirill_Knize I’m currently using IntelliJ IDEA for a springboot project
Hello zlmmimm.
You need to open Settings window and find Tools > SonarLint there.
Then you press the plus button and you will have connection wizard that will ask you all necessary data to configure connection. You will need URL of SonarQube server and login-password pair or token for authorization.
After connection created you will be able to bind project using Project Settings section.
Good luck and if you will have any problem during the process please get back here.
Have a good day!
Hi @Kirill_Knize Thank you for your response, I’ve followed the steps, but it seems like the rules configurations are not updated to be in-sync with the one on the server. There are some rules that are missing in the local sonarLint.
Please advise. Thank you!
This screen is the local rules settings. They are ignored when you are in connected mode. The note on the top saying “When a project is bound to a SonarQube server or SonarCloud, only rules configuration from the server applies.”
So when you are in connected mode - you need to see to your server settings.
Since your question indicating that it’s not obvious - we will take it as an insight to be considered for the UX improvement.
In this case,
- Is there anywhere to verify that the rules applied in sonarLint is the same as the rules in server setting
- I noticed that some rules that were configured in the quality profiles (in server) was not being caught in local sonarLint. In such cases, how should I go about configuring my settings such that the rules are in-sync with the quality profiles in my server?
In connected mode, the rules are the same - with some notable exceptions:
- Security hotspots are not reported by SonarLint (e.g rules like “Hard-coded credentials are security-sensitive”)
- Taint vulnerabilities (SQL injection, XSS) are only reported when you open the file that contains the “sink”
Do you have examples of rules that are configured on your quality profile but do not raise issues in SonarLint? I’m pretty sure they fall in either of the aforementioned cases.