SonarLint 10.4.2: Not showing any issue in Intellij after connected to SonarQube

Intellij 2023.3.6 (Ultimate Edition)

SonarLint extension 10.4.1.77998
SonarLint extension 10.4.2.78113 (Updated on 3 April 2024)

I have installed the SonarLint plugin and seems like it is working fine since it is showing me issue that I have in current opened file. I used the sonar rule "Unused local variables should be removed" to test if it is working but once I activated the connected mode through SonarQube, it seems that this issue is no longer shown by Sonar.

This is just a simple example to give context.

My current situation is that there is an issue reported in SonarQube and it is also shown to me by Sonar before I activated the connected mode. But once I activated the connected mode. The issue is no longer shown by Sonar. My understanding is that this should not be the case and the issue found on SonarQube should still be shown.

Do let me know if there are any logs, or related information that is required to resolve this issue. Unfortunately, I would not be able to provide the project, or anything related to that since it is not a public project.

Hi @Devan_Pedrik, thank you for the details you provided. Could you please include the version of your SonarQube?

I think there can be multiple explanations:

  • The rule might not be enabled on your SonarQube in the Quality Profile
  • The issue could be resolved (marked as won’t fix/false positive, for example)
  • There is an actual problem; in this case, you can enable Analysis logs and Verbose output and check the logs to see if there are any errors. You can also search for the rule key (java:S1234, for example) in the logs and see if you notice anything.

Could you please check the previous statements? Thank you!

Hi @nicolas.quinquenel thank you for the response. The SonarQube version used is Version 9.9.2 (build 77730)

I have checked in my Quality Profile and the rule "Unused local variables should be removed" is disabled which is now clear to me as to why it is not shown by Sonar. But Sonar still does not show the actual issue reported by SonarQube.

I have no way of checking if the issue is marked as won’t fix/false positive. But if the issue is marked as such, wouldn’t that mean that SonarQube would not report it as well.

I have enabled the Analysis logs and Verbose output. In the log I can see that the file containing the issue is being indexed and identified as JAVA which then proceed to execute JavaSensor but showing No workDir in SonarLint afterwards.

image

Afterwards it, proceeds to run all sort of sensors which at the end reports there are 0 issues.

image

Hi @Devan_Pedrik,

You don’t see this issue because:

  • SonarLint only displays locally detected issues
  • In connected mode, SonarLint relies on the rules configured on your project’s Quality Profile
  • This rule is not enabled in the SonarQube QP

The fact that there is an issue for this rule in SonarQube seems to indicate that the rule was enabled at some point in a previous analysis, an issue was found for this rule, and the rule then got disabled in the QP. This is not a very common scenario, and it explains the discrepancy between SonarQube and SonarLint.

The question I would ask is: why was this rule disabled? It’s a well accepted rule, and it’s a pretty common practice to remove such occurrences from the code.

I don’t think there is a bug here, and I would recommend to fix the issue even if it’s not detected by SonarLint

Hi @Damien_Urruty, I am back with more informations and questions for the teams.

First, to clarify. The rule is enabled on SonarQube QP, otherwise SonarQube shouldn’t report the issue when I committed new changes right?

I am now using, latest version of SonarLint plugin, 9.9.4 LTS for SonarQube, and latest version of IntelliJ.

Do let me know if there are more information required. Thanks!

Hi, I am back again to update my findings regarding this issue.

SonarQube 9.9.4 LTS and latest version of IntelliJ SonarLint plugin.

I have tried:
Using local SonarQube Community Edition instance with both plugins (custom java rules plugin and jDepends) and through connected mode IntelliJ is able to show issues found. Whereby rules from the custom plugin are applied.

Using Enterprise Edition SonarQube instance with both plugins installed, IntelliJ stopped showing issues found. Then, I have tried as well using the same Enterprise Edition SonarQube without the custom plugin and now IntelliJ is showing the issue again. Which seems like our custom plugin is causing the issue. But to argue with this, why does community edition are able to apply our custom plugin?

The main difference that I am aware of between these editions are the repositories provided. In our Enterprise Edition SonarQube, we use some of the rules from Security SonarAnalyzer Java repository where this repository is not available in the community edition.

In the logs the main difference that can be seen between these two editions is bolded with italic. Where this is only seen in the community edition and not in the enterprise edition of SonarQube.

Language of file “<file:///JAVA FILE PATH>” is detected to be “JAVA”
Language of file “<file:///JAVA FILE PATH>” is detected to be “JAVA”
Language of file “<file:///XML FILE PATH>” is detected to be “XML”
206 files indexed
Execute Sensor: JavaSensor
No workDir in SonarLint
> Initializing metadata of file <file:///JAVA FILE PATH>
> Evaluate issue exclusions for ‘<file:///JAVA FILE PATH>’
> …
> Initializing metadata of file <file:///JAVA FILE PATH>
> Evaluate issue exclusions for ‘<file:///JAVA FILE PATH>’
‘Python Sensor’ skipped because there is no related files in the current project