On September 22nd SonarCloud updated the SonarWay ruleset for JavaScript and we saw literally hundreds of new findings. Unfortunately, in SonarQube for IDE, these new rules are not showing up, even though they are in SonarCloud.
Also, Security Hotspots are only showing up for a second and then disappear.
This makes it hard for developers to avoid comments in the Pull Requests.
I already followed the troubleshooting steps. I even removed the full .sonarlint folder in WSL with rm -r ~/.sonarlint/
and restarted VSCode multiple times.
Operating system: Windows 11/WSL 2
SonarQube for VS Code plugin version: 4.31.0
Programming language you’re coding in: JavaScript
Is connected mode used: yes, but fails also in stand-alone mode
SonarQube Cloud
Detailed log (redacted) attached.
The file that I opened at the end of the log (package-dist.js) contains seven issues on SonarCloud, e. g. javascript:S7772, which are not detected and displayed by SonarQube IDE, and two security hotspots, which only briefly show up in SonarQube IDE and then vanish from the display.
Other issues, from “older” rules, are displayed, so generally SonarQube IDE works. The issue seems to be happening only for the new rules.
Not sure how this works internally in connected mode, but SonarLint 4.31.0 uses JS analyzer 11.3.0. Rules S7740 and S7772 were only added by JS analyzer 11.4.0 (S7740, S7772).
Is the issue here a mismatch between analyzer versions and we have to wait for the SonarLint plugin version 4.32 to resolve this?
It’s not clear to me what’s going on. I believe the latest analyzer should be downloaded from SonarQube Cloud, but I’m being told it doesn’t work that way anymore (despite what the docs indicate), so I’m going to flag this for more expert eyes.
Okay, this is happening because embedded analyzers are no longer downloaded from the server. In theory, this means you may have a more up-to-date analyzer (with newer, better, etc rules) in SonarQube for IDE than you would have gotten from the server. In practice for SonarQube Cloud, it means you’re behind until the next release. Fortunately it’s imminent - early next week at the worst.
