SonarLint for Visual Studio Code 3.2 Released - Sync SonarQube issues for the relevant branch

Hello VSCode users,

SonarLint already has the ability to synchronize issue suppressions, i.e. issues resolved as “Won’t Fix” or “False Positive” in SonarQube (you can learn more about SonarQube issues here). This way, you can focus only on relevant issues only in your IDE. Last year we also added the ability for SonarLint to fetch and display in your IDE complex injection vulnerabilities detected by SonarQube during your project analysis.

As you know, SonarQube (Developer Edition and above) supports branch analysis, and you can for example resolve an issue as “Won’t Fix” on a specific project branch. The caveat is that SonarLint, until today, wasn’t aware of the project branch you are actually working on, so it was only able to sync issues from your project main branch in SonarQube.

I’m happy to announce that, with this new release, SonarLint is now branch aware :partying_face:, and is able to adapt the issue synchronization to the Git branch you’re actually working with; and you’ve nothing to configure on your side, if you switch to a different branch (you also to that from a terminal window), SonarLint will detect which SonarQube branch is the reference for your local branch and and adapt instantly. You can easily see to which SonarQube project branch SonarLint is currently syncing with in the status bar:

The only thing you need to make sure is that your local project is bound to a SonarQube project.

On the limitations side, please be aware that, although SonarQube also supports Pull Request analysis, SonarLint is currently only syncing with a configured branch, and not will pull requests (we may introduce support for sync with pull request analysis later).

Enjoy coding with SonarLint :sonarlint:, and don’t hesitate to let us know what can help to make the product even better. :wink: