SonarLint and SonarQube Issues Don't Match

  • Operating system: Windows 10
  • SonarLint plugin version: 9.1.0.75538
  • Programming language you’re coding in: :Java
  • Is connected mode used: Yes
    • Connected to SonarCloud or SonarQube (and which version): Enterprise Edition Version 9.9.1 (build 69595)

Hi,

When I analyse a file I get different results in SonarLint to SonarQube. 28 issues are reported by SonarLint. 6 are reported in SonarQube. SonarLint reports all 6 SonarQube issues + 22 other issues. The other issues are not configured in the SonarQube Quality Profile.

I’d appreciate any suggestions on what might be wrong.

Here is my non-verbose local when I click on “Update Local Storage”…

Downloaded plugin list in 103ms
[SYNC] Synchronizing analyzer configuration for project ‘xxxxx’
Downloaded settings in 189ms
[SYNC] Fetching rule set for language ‘cloudformation’ from profile ‘AYoaRR3RUXwFeL4tJEe-’
[SYNC] Fetching rule set for language ‘css’ from profile ‘AXW5iTTrNsirjWn1atQx’
[SYNC] Fetching rule set for language ‘docker’ from profile ‘AYoaQ_sFUXwFeL4tJD5x’
[SYNC] Fetching rule set for language ‘java’ from profile ‘AXW5iUQfNsirjWn1at8z’
[SYNC] Fetching rule set for language ‘js’ from profile ‘AXW5iTdDNsirjWn1atWJ’
[SYNC] Fetching rule set for language ‘kotlin’ from profile ‘AXW5iVcSNsirjWn1aupj’
[SYNC] Fetching rule set for language ‘kubernetes’ from profile ‘AYoaQyDvUXwFeL4tJDn0’
[SYNC] Fetching rule set for language ‘php’ from profile ‘AXW5iWJVNsirjWn1avGZ’
[SYNC] Fetching rule set for language ‘py’ from profile ‘AXW5iTxQNsirjWn1atkR’
[SYNC] Fetching rule set for language ‘ruby’ from profile ‘AXW5iVrwNsirjWn1auxD’
[SYNC] Fetching rule set for language ‘scala’ from profile ‘AXW5iTXSNsirjWn1atSL’
[SYNC] Fetching rule set for language ‘secrets’ from profile ‘AYoaRil1UXwFeL4tJEo7’
[SYNC] Fetching rule set for language ‘swift’ from profile ‘AXW5iUxfNsirjWn1auOQ’
[SYNC] Fetching rule set for language ‘terraform’ from profile ‘AYoaRpWXUXwFeL4tJEuc’
[SYNC] Fetching rule set for language ‘ts’ from profile ‘AXW5iWc6NsirjWn1avRr’
[SYNC] Fetching rule set for language ‘web’ from profile ‘AXW5iUfUNsirjWn1auEc’
[SYNC] Fetching rule set for language ‘xml’ from profile ‘AXW5iUhlNsirjWn1auFC’
[SYNC] Fetching rule set for language ‘yaml’ from profile ‘AYoaRR6kUXwFeL4tJEfa’
[SYNC] Synchronizing project branches for project ‘xxxxx’
Unsupported mode of new code definition:
[SYNC] Synchronizing taint issues for project ‘xxxxx’ on branch ‘main’
Clearing all findings because binding was updated
Using connection ‘XXXX SonarQube’ for project ‘xxxxx’
Analysing ‘ResponseMapper.java’…
Found 28 issues and 0 hotspots

Hey there.

First, let me suggest you use an up-to-date version of SonarLint for IntelliJ – the latest version is v10.3.

If you still face the issue, I suggest providing a few examples of issues SonarLint is raising that SonarQube isn’t. That will be a good starting point.

Hi,

I upgraded to the latest SonarLint plugin version 10.4.1.77998.

I’m still having the same issue. For example I have one file with three issues, the third issue is not detected or configured in SonarQube.

image

Cheers

Thanks. The rule in question is java:S3457.

Can you share a screenshot of this rule from your SonarQube instance? By that, I mean where it shows the Quality Profile activations. Like here: SonarQube

This rule is active in the default Sonar Way profile on all SonarQube instances.

Hi Colin,

I searched for rule java:S3547 and I can see it’s active for the Sonar Way profile. I’m using the Sonar Way profile for my project.

When I check the code in SonarQube I can see the first two issues, for example

But the last issue in not detected

Why would SonarQube not report the issue?

Is line 260 the same in your IDE as it is in SonarQube?

The line number is one off. It’s 260 in my IDE and 259 in SonarQube. It’s the same line of code as can be seen in the screenshots below. It’s just that either my IDE or SonarQube don’t have that absolute latest changes.

IDE:

SonarQube: