Files are mainly analyzed by local rules. One of the rules not applied locally is “PATH_TRAVERSAL_IN” and mentioned in the debug log as one of “The following rules are enabled on the server, but not available in SonarLint”.
This question was explained in another thread by an outdated server version.
But I assume that versions of sonar plugin and sonar server I’m connected to is almost up to date? So where’s the difference coming from and is there something I can do?
Thanks
IDE: IntelliJ IDEA (build #IU-252.28238.7, Thu, 20 Nov 2025 03:23:00 GMT)
OS: Mac OS X (26.1)
JRE: 21.0.9+10-b1038.76, aarch64 (JetBrains s.r.o.)
JVM: 21.0.9+10-b1038.76 (OpenJDK 64-Bit Server VM)
SonarQube for IDE (11.6.0.83783)
It’s not quite clear to me what rule this is. Do you see an ID that looks like S1234 anywhere? That will help me understand whether it’s supposed to run locally or not. While that other thread you were looking at might have been about being up to date, there are some rules we just don’t run locally because they’re intensive and we don’t want to slow down your IDE.
Hi @Bigfoot and sorry for not giving a more timely answer.
We don’t synchronize 3rd party issues in the IDE because we don’t control that analysis so for example if you fix the issue, you have to re run the server analysis to see the updated issue status. We believe this makes the user experience a bit difficult.
Out of curiosity, do these rule have their own IDE extensions but you still want to have a consolidated report?
We’ve added your insight to the feature request for future prioritization and we’ll update if anything changes.
@Farah ,
I don’t want a different plugin for each 3rd party issue.
If the issue is found on the server, it is maybe useful to show it in the ide also, maybe in a separate section explaining that it cannot be checked locally but can only be resolved after running a scan on the server. I would allow you to see that when you work on a file, that you are aware that such 3rd party issue exists on the active file without having to go to the server to check it out.
In the logs I can see that the IDE receives them, but ignores them.
Example: findbugs:NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
Some SonarQube Server plug-ins can run in the IDE as well (they are synchronized in Connected Mode then), but this has to be set and maintained by the third-party plugin provider (see the docs with sonarLintSupported).
Therefore, you may reach out to the plug-in maintainers in question, e.g., the FindBugs plug-in maintainers, whether they can change their plug-in to support the IDE as well.