I’m using SonarQube enterprise version 8.4.2 . I am using the connected mode by configuring the settings for my SonarQube server in my local. But for a file, the issues that are listed on SonarQube do not show up when I run a SonarLint analysis in my local.
Am I missing something? I’ve attached screenshots of the same.
Issues for a file listed on SonarQube dont show up with a SonarLint analysis even when in Connected mode
There are some issues that SonarLint doesn’t raise. I had thought there were 2 categories, but you’ve made me realize there are three:
- taint analysis vulnerabilities - these are the extra security rules you get when you upgrade to Developer Edition($) (we’re working on an import from SQ in connected mode)
- Security Hotspots - this will come
- “Common” rules - this is the category I’d overlooked until your email
Most rules are executed during analysis & can generally be raised by SonarLint as well. There is a small set (max 6, fewer in some languages I believe) that are only run server-side. The missing issue you show in your screenshots comes from one such rule. These rules are in the “Common [language]” repositories. Because they’re only executed server-side, they aren’t available to SonarLint.
For the record all those cases (plus some others) are listed in the FAQ.
That was informative, thanks!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.