Hi All,
I am using SonarQube version 9.3.0.51899, VSCode version 1.72.2 and SonarLint extension version 3.11.0
I connected SonarLint to my server and bound the project successfully.
In SonarQube i use a modified version of Sonarway JavaScript profile (just a single modification in cognitive complexity rule).
However, in local SonarLint i don’t see the issues reported in SonarQube.
SonarLint:
SonarQube:
Any advice, what can be the issue?
Regards
Luay
Thanks for the reply.
My main issue that SonarQube is showing two issues but they dont appear in SonarLint although tools are connected.
i will ignore the extra issues in Sonarlint which comes from CSpell.
it would be great if you can give me a hint where i can check so that SonarLint shows the same issues as SonarQube.
Thanks
Ah, sorry for the misunderstanding.
SonarLint is using a newer version of our Javascript analyzer than SonarQube – I would recommend updating to the latest version of SonarQube (v9.7), reanalyze your code, and see if the issues still exist in SonarQube (they could be false-positives that we fixed).
Thanks Colin, will do and reply here for the benefits of everyone
Hi Colin,
We upgraded SonarQube to Version 9.7.1.62043
Still same issue, sonarQube shows the 2 messages, but sonarLint does not, although both are linked in VSCode.
Regs
Luay
Hello, thanks for coming back with the additional information.
Could you please enable SonarLint verbose and analyzer logs in the VSCode settings and upload an extract from the SonarLint Output when analyzing the lock_order.js file you mentioned earlier? Maybe there is something off with the analyzer and/or IDE setup on this particular file.
Hi,
here is the log file after verbose mode has been enabled (i only searched/replaced the project name)
SonarLintLog.txt (7.5 KB)
Hmm 
I don’t see anything strange in the logs.
Would it be possible for you to share a minimal reproducer for this issue (a file that reports these issues in SonarQube but not in SonarLint)?
I’m wondering whether this could be linked to type resolution, e.g on SonarQube the analyzer is able to infer that a function in the code is used as a callback, whereas in the current version of SonarLint, type resolution in JS is less precise and can result in such false negatives.
