Sonarlint detecting no issues in VS Code in connected mode

Hi, I’m setting up sonarlint in a javascript project in connected mode (to SonarQube) and it keeps saying “Found 0 issues” (and there are issues).

  • Operating system: Windows 11
  • SonarLint plugin version: v3.12.0
  • Programming language you’re coding in: Javascript
  • Is connected mode used:
    SonarQube (and which version): Version 20221118.2
  • Installed the plugin and configured it with the server/token. It seems to connect successfully as it shows no errors on the output window and it seems to be downloading all rules:

SonarQube shows bugs in that same file:

Even if I enable any rule, for ex, empty functions,

I don’t get any error (including debug info):

Any ideas?

1 Like

Hello @antoniobriones, welcome to the community and sorry for the delay :see_no_evil: :wave:

Some rules are available on SonarQube but not on SonarLint, so it could be one reason. Also, in addition to setting up a connection like you did, you need to also configure a project binding. Could you please double-check if this step is complete?

If your issue persists, would you be able to enable verbose logs and provide full output, please?

Best,
Sophio

Hi Sophio,

may i chime in and humbly ask you to elaborate on this one?

  • how can i find out which rules are available on SonarQube but not on SonarLint?
  • what ruleset is used in sonarlint at what “state of connectivity” (un*connected* vs connected but *unbound* vs connected and bound) ← maybe there is a documentation url, you could point me to, that goes into details about this?

(I am asking because in the screenshot shown above i can read that the rule sets for languages got fetched into the sonarlint. I would expect now, that those would be used.)

cheers
Daniel

Hi @daniel,

how can i find out which rules are available on SonarQube but not on SonarLint

I’m afraid at the moment there is no easy way to check this :smiling_face_with_tear:, but usually in the SonarLint output you will see a list of rules that are enabled on the server, but not available in SonarLint. You could also make use of the Sonar rules page, where for each rule you will be able to see whether it is enabled in SonarQube/SonarCloud/SonarLint. In addition, you will be able to see and manage SonarLint rules under SonarLint > SonarLint Rules view. :sonarlint:

Screenshot 2023-01-02 at 13.09.02

what ruleset is used in SonarLint at what “state of connectivity” (un*connected* vs connected but *unbound* vs connected and bound) ← maybe there is a documentation url, you could point me to, that goes into details about this?

Connected Mode enables

In addition, it enables users to browse Injection Vulnerabilities locally. Soon, the local detection of Security Hotspots will also be possible in Connected Mode (with SonarQube 9.7+). For all rules, in Connected Mode, analysis settings come from the server and the local configuration of rule activation is ignored.

Please note that using SonarLint in Connected Mode means having both, connection and a project binding configured.

Hope that clarifies,
Sophio

1 Like

Thank you for your detailed reply, Sophio! Also pointing to parts of the docu helps a lot :+1:

So … i try to interpret / extrapolate from that (and the unqoted rest): Is the following true?

If my “state of connectivity” is connected but *unbound* then for analysis the “baked-in” Version of the rulesets of the SonarLint version that i installed are used. (e.g. none of the SonarQube rulesets that are shown in the screenshot above as “fetched” is actually applied/used)

I promise i will not derail @antoniobriones thread anymore (after your hopefully coming reply) :sweat_smile: :innocent:

//edit: i remembered something \o/ :nerd_face: … some month ago i was already somewhere in that territory. And at that time i also made the suggestion that springs to my mind again here: add tags to the rules to show where/how they are available … not via images inside every rule, but searchable via tags like described here: Rules not getting updated in default sonar Quality profile - #5 by daniel

1 Like

If my “state of connectivity” is connected but *unbound* then for analysis the “baked-in” Version of the rulesets of the SonarLint version that i installed are used

Yes, exactly.

We know that our docs are not perfect and are actively working on improving them, so stay tuned and thanks for using SonarLint :wink:

1 Like