SonarQube Cloud, SonarQube Server, or SonarQube Community Build? (if one of the latter two, which version?): SonarQube Cloud
And a thorough description of the problem / question:
Hello,
I am a developer working on a open source project and we recently upgraded to SonarCloud team version mainly to get access to functionality for AI Issue fix suggestions for our project to attempt to speed up resolving tedious issues or security hot spots. Using the documentation online, I have successfully installed and configured the SonarQube VSCode extensions for our Dev Container development environment. After generating user tokens I see the following screen :
Unfortunately I still do not see sonar report I see on sonar cloud. In fact I see no reported issues. Here is a link to the PR with the changes for this incorporated. I would like to get this to a point where other developers in my team can easily install and use this extension and get helpful information not only about code smells while they are developing, but also possible resolutions.
Have you opened the files in the PR in your IDE? You don’t get a “report” as such. SonarQube for IDE runs on the files you’re working in when you open or save the file.
Thanks for the response. Right now trying to see whether Sonar in the IDE will report issues Sonar Cloud has reported after compilation. Specifically, sonar cloud reports an issue with using CURL with HTTPS in one file. When I edit this line in the IDE I do not get any reported issues. Below is screen shot of the report security issue on sonar cloud. I have even tried installing Node to see if that is the problem but no luck there either.
Lastly I am struggling to understand the point of connecting the VSCode IDE extension to Sonar Cloud if it does not use the cloud report information. What is the purpose of connecting the IDE to Sonar Cloud if the analysis is run locally in the IDE
Finally one last question. So by passing in a compile_commands.json file I have been able to get some of the reported issues from sonar cloud. One major reason we upgraded from the free version to the Team subscription is to gain access to AI generated code fixes. It seem though that currently those code fixes are coming from GitHub Copilot rather than Sonar Cloud. The issue being GitHub Copilot has additional cost/limits associated with its suggestions.
How can I confirm that the AI fix suggestions I am getting are coming from Sonar Cloud and not from Github Copilot
Thanks for the screenshots. They were very helpful. From the second one, I see that we’re dealing with C++. Did you do the CFamily analyzer install described in the docs?
Regarding the benefits of connected mode, the docs can help there too. Briefly: more languages than are natively supported in the extension & running the same rule set in-IDE that’s applied in your CI.
