No issues reported by SonarLint in c++ code in CLion for the same code that has issues in SonarQube

Hi,
I’m running CLion 2021.2.3 with the SonarLint plugin (version 6.3.0.39716) , on ubuntu 20.04, if that matters.

My company is using SonarQube (version 8.9.2) and I’ve successfully configured my SonarLint to be connected to the server and associated with the right project.
My definition of “successfully” is that I see no errors anywhere .

And yet, there are a number of bugs and code smells reported in the SonarQube server, while I have not seen any of them in the local SonarLint . In fact I don’t see any issues in any file , ever. I’m working on C++17 code.

I’ve read through the forums, and I don’t find a lot of situations where people are using Clion.
Even in the case of IntelliJ interactions, I still don’t see a clear resolution to my case.

What am I doing wrong? I am trying to roll out this plugin to my whole company of a few hundred developers, which is already using SonarQube , but we’re not getting the usability we were hoping for. If we could make this plugin work, it would really increase productivity and acceptance of SonarQube

Thanks!

Hi @mystery_doctor ,

if you open one file and the SonarLint panel, what do you see?

I see that there are no issues.
And this is a file that I know has issues in SQ. And the “offending lines” are still right there.

if you look at the Log, it says it did run the checks…

image

So I am confused. It seems to me that we’re not getting rules from the server… Do I need a special type of license? We are paying customer of SQ, and I successfully setup the tocken , so I’m connected to the server…

Any help would be greatly appreciated! :slight_smile:

Hi @mystery_doctor ,

Could you enable Analysis logs and Verbose output flags and share the Log output?

Most definitely !!

here is the output (with slight obfuscation)

Start analysis
Index files
Language of file 'file:///home/******/some.hpp' is set to 'C++'
1 file indexed
Available languages:
  * Secrets => "secrets"
Quality profiles:
Execute Sensor: Sonar Secrets Detection Sensor
Done in 5ms

Processed 0 issues
Found 0 issues

Interesting … Does that mean that my sonarlint only know about some secret language but not c++ ?

Hi @mystery_doctor

You said in your first message that you are using connected mode with the SonarQube server of your company. What is the edition of this SonarQube server (community or a commercial edition?). In connected mode, SonarLint will attempt to synchronize quality profiles to report results as close as possible to what you’ll see in SonarQube. If you have a SonarQube community edition, it means there is no SonarSource C++ analysis, so SonarLint won’t display any C++ issue as well.

If you are using SonarQube community, even if you said that you can see some C++ issues on SonarQube, they might be reported by a third party analyzer, like the community C++ plugin for SonarQube. SonarLint doesn’t support third party analyzers.

Sum up:

  1. please check the edition of SonarQube (look at the footer in SonarQube web UI)
    image
  2. please check that the issues you get in SonarQube are from the SonarSource C++ analyzer or a third party analyzer

If the rule key starts with cpp: then this is a SonarSource rule.

Thank you!
that was incredibly useful!

As it turns out we are using the Community Edition , so I was wrong about assuming we were using a commercial version.
Furthermore, all of our c++ issues come from a ClangTidy: label, which probably means it’s a third-party checker which SonarLint won’t pick up.

Now that I better understand the issue, I’ll probably be able to find a similar resolution for our python code.

Truly thanks again for taking the time to help me with this!

Hi @mystery_doctor ,

how did you proceed? Have you disabled the connected mode? Are you getting a proper analysis from SonarLint on CLion?

Since all of the C++ problems reported by our SonarQube server are generated by our ClangTidy sanitizer, then in order to validate code locally, I just need to run clang-tidy locally, which I already do. I thought there were extra things we were checking for, but that doesn’t seem to be the case.
I closed the ticket because there isn’t much that we can do if we are using an external analyzer.

I’m now looking at our python code. Our Community Edition Server provides analysis with all rules starting with python: . That seems to me to be the built-in python support available in the community edition.
I’m going to try and see why I can’t even get python to give me any results, but I have a hunch that it has something to do with my local settings since I see this in the SonarLint log:

Plugin 'Python Code Quality and Security' is excluded because language 'Python' is not enabled. Skip loading it.

and later

Trigger: ACTION
[Action] 1 file(s) submitted
File 'ExtractLatencyInfoFromLog.py' excluded: PyFile:ExtractLatencyInfoFromLog.py not an OCPsiFile
Trigger: EDITOR_OPEN
[Editor open] 1 file(s) submitted
File 'hmm_score.py' excluded: PyFile:hmm_score.py not an OCPsiFile

I might have to file a different ticket since this ticket was about c++ :slight_smile:

Or maybe there is no python support in the CLion plugin… :thinking:

Yep, for now we have only enabled C/C++ analysis in CLion. You can vote for Enable Sonarlint analysis of Python files in CLion

Hi @mystery_doctor ,

We believe that you would still get good value from SonarLint for CLion for C++, I invite you to read our recent blog post about it: https://blog.sonarsource.com/supercharge-cpp-analysis-sonarlint-for-clion

I’ve cast the second vote… looks like it’s going to be a while before we get enough traction :slight_smile:
I’ll try from IDEA . If that works, I can let the rest of the company know

1 Like

That is very interesting indeed… I’ll see if we can add those checks too!

Thank you both for your excellent support!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.