Questions about SonarLint

Hi, I’m writing to request some clarification on how the SonarLint IDE extension works in practical terms coming from another similar thread.

My understanding is that the code scanning performed by SonarLint is based on the predefined rules from the SonarQube platform. However, I’m curious to know the following:

  1. Where do these SonarQube rules come from? Are they retrieved from the internet at runtime, or are they embedded/integrated within the SonarLint plugin itself?
  2. If the rules are embedded in the plugin, are they updated automatically when a new version of SonarQube is released? Or do users need to manually update the SonarLint plugin to get the latest rule set?
  3. Does SonarLint have the ability to fetch and use custom rule sets that have been defined within our organization’s SonarQube instance in connected mode? Or is it limited to only the default rules provided by the SonarLint team?

I’d appreciate if you could provide some insight into how the rule management and retrieval works for the SonarLint extension.
Thank you in advance for your assistance. Please let me know if you need any clarification or additional information from me.

Best regards,
Manuel

Hey there.

The analyzers and rules are basked into your SonarQube for IDE (formerly known as SonarLint installation).

Updates to those rules come in the form of updates to the extension.

When using Connected Mode, you can sync the rulesets from SonarQube Server and SonarQube Cloud. That’s the whole purpose of Connected Mode!

1 Like