Must-share information (formatted with Markdown):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Sonarqube Version 9.7.1 (build 62043)
what are you trying to achieve
For Python language, what’re the rules in Sonar also belongs to Pylint.
what have you tried so far to achieve this
I remembered in an old Sonarqube version, there’s a tag called Pylint, through which you could tell which rules belongs to Pylint. But cannot find it in the new version.
Nowadays I would like to filter the rules belong to Pylint in Sonarqube, is there any easy way to do that other than comparing the rules side by side.
Thanks for your time!
I would be interested in this too - we will soon be looking at integrating SonarQube into our python projects.
Currently they adhere to pylint rules and it would be good to “sync them up” with Sonar so that the rules are consistent…so being able to identiy the pylint rules in Sonar would make this much easier
There’s no easy way to do this.
Would you mind explaining your use case?
Our project starts with Pylint. Now we’re considering migrate to Sonarqube. We would like to enable rules in Sonarqube step by step, say firstly Pylint rules, then security related rules, then all of them etc.
There is no such thing as “Pylint rules implemented by Sonar”. There is certainly a small overlap on some code smell rules but hard to tell without spending hours doing a manual and boring gap analysis which will be useless because, in the end, it’s how the rules have been implemented that matters.
I believe in your situation the best is to:
- Keep the default quality profile “SonarWay” and scan your Python code with it to get the best out of Sonar Bug and Security engines
- Use SonarLint in your IDEs
Import the results of Pylint into SonarQube using the property
- Each time you see an overlap in the results: update the Pylint configuration to deactivate the corresponding overlapping rule.