List of Specific Issues by Type

I want to see all occurrences of a rule violation like java:S3655 in my VCS changed files. Is there a way to filter and search on this to get a list I can focus on resolving a particular rule?

Thanks.

Hello @prowave and welcome to the SonarSource community forum!
Currently, there is a simple way to review all the issues within your VCS changes files: simply try to commit using the IDE menu, ensuring that the “Perform SonarLint analysis” option is checked, and SonarLint will display a report of all issues found in your changeset.
In the report, you will see icons to help you tell apart different issue types (bug, code smell, security vulnerabilities) and different issue severities (Blocker, critical, etc).
On the other hand, it is currently not possible to only display one particular rule violation; it is however possible to disable all rules that you are not interested in.
May I ask you to elaborate a little why you’d like to filter to one particular rule violation, to help us understand your use case?

I found this thread via search. I have a similar question as the original poster.
We have a large old source base and we’ve adopted SonarLint to help us modernize. There is too much to do in one go. So what we’ve been doing so far is fixing, as time permits, each file we update. The problem is that makes code review confusing as there are many changes off-topic to the core ticket update.
One initiative we’ve discussed is doing code-wide sweeps in narrow focused areas. To pick a single rule, and make ALL of the changes to the ENTIRE source base to fix that rule, and then submit it. This will move us towards our goal, but it will also be easy to code review, as the changes will mostly be the same pattern.
As with the original poster, it’s unclear how to review the code base one rule at a time. We use IntelliJ, and mostly Java (with some groovy). If you have clear suggestions on how we might achieve our goal, that would be very helpful.

Hello Jo,

Thanks for reaching out :slight_smile:

Today there is a way to scan the entire project in IntelliJ (e.g. right click on the project then SonarLint > Analyze with SonarLint) but then there is indeed no way to filter by issue type or severity. AFAICT we have no short-term plans to implement that feature.

I recommend you to read the short blog post explaining our Clean as you Code approach. And SonarLint fits well in this regard as it helps you analyze the file(s) you are currently viewing/modifying.

So I would favor the first approach you described, fix issues as you go. Maybe make it a bit more readable in code reviews by splitting cleanup and feature addition into different commits/Pull Requests.

One way to support your second approach would be to rely on SonarQube/SonarCloud to filter the issues by rule, and jump into your IDE to fix them one by one.

Hope this helps

Well, I already said we are doing “Clean as you Code”, and I already said that it isn’t working for us. So, ignoring that bit…
I can get the report on a smaller project. (I’m going to have to wait for it to finish on the 150,000 files in the production project.) But I don’t see any way to export it. I can’t even seem to do a multi-select cut and paste. Am I missing something, or can you confirm there’s no way to consume the many thousands of lines in this report other than through the screen?
Alternatively, is there any way I can run the analysis outside of the IDE? Can I capture the output in a concrete form that way?

Hi,

Actually…

Clean as You Code means you only worry about issues in the code you’re working in anyway. Cleaning up everything in the file, while laudable, isn’t quite Clean as You Code if you’re not working on the entire file.

Strictly speaking, following the Clean as You Code methodology wouldn’t result in confusing changesets with off-topic updates.

If you really must do these sweeps, you should analyze with SonarQube or SonarCloud. The Web APIs would then allow you to pull issue lists per rule.

 
HTH,
Ann

1 Like

Thank you. I’ll see if we have a license for SonarQube/SonarCloud.
I would appreciate answers to my follow up questions:
Am I missing something, or can you confirm there’s no way to consume the many thousands of lines in this report other than through the screen?
Alternatively, is there any way I can run the analysis outside of the IDE? Can I capture the output in a concrete form that way?

Hi,

SonarQube Community Edition is always free, as is SonarCloud for Open Source projects.

Of course, the UI will allow you to filter and view issues too.

 
Ann

Thanks for the response. I should have said that I need to see if we have approval to use your product. I can’t just upload proprietary source code worth millions of dollars to any free service!

Your additional replies are not clear to me.
Can you confirm for the IntelliJ plugin that there is no way to consume the many thousands of lines in the report I’m getting other than through the screen?
Additionally, is there any way to run the analysis outside of the IDE?

Hi,

SonarQube and SonarCloud are the only ways to run analysis outside of the IDE.

Feel free to host your own SonarQube instance. As I said, Community Edition is always free.

SonarLint is an in-IDE product. No. There’s no way to get SonarLint results but in SonarLint, in the IDE.

 
HTH,
Ann

Thanks for confirming my suspicions. It seems awfully short sighted of you not to support usage models that aid projects attempting to bring legacy code up to modern practices.
Now that you’ve confirmed it, I’ve moved on to doing it myself. I re-compiled the SonarLint Intelij plugin and added a primitive export function.

Dumping from node: org.sonarlint.intellij.ui.nodes.SummaryNode
Found 6709 issues in 1190 files
XxxxxxxxXXXXxxxxXxxxxxx.java
MAJOR java:S5993
MINOR java:S119
MINOR java:S119
MINOR java:S119
XxxxxxxXxxxxxx.java
MAJOR java:S1117
XxxxxxxxXxxxxxxXxxx.java
CRITICAL java:S1192
CRITICAL java:S1192
CRITICAL java:S1192
CRITICAL java:S1192
etc

Piping those results through sort | uniq -c | sort -n gives me the count per rule, like I was originally seeking.

…
468 MINOR java:S1481
551 MAJOR java:S1854
553 MAJOR java:S1117
731 MINOR java:S1199
2087 CRITICAL java:S1192

Now I just have to run this against the entire code base, dump the results, and I’ll have a road map that’s going to give us the chance to make significant inroads in improving our code.
You should really consider making this feature available so other people don’t have to jump through these sorts of hoops.

Hi,

I’ll go you one better:

In the SonarQube interface, you can filter by rule and file. You had to jump through hoops because SonarLint wasn’t made to do that. That’s what SonarQube and SonarCloud are for. :woman_facepalming:

 
Ann