Hi,
we have https://sonarcloud.io active and connected SonarLint for Visual Studio with it. That creates an xxx.ruleset file. What confuses me is the fact that it is different than the one exported by
https://sonarcloud.io/api/qualityprofiles/export?exporterKey=sonarlint-vs-cs&language=cs&qualityProfile=Sonar way&organization=xxx
which is available under
https://sonarcloud.io/organizations/xxx/quality_profiles/show?language=cs&name=Sonar%20way
Why are they different?
The “exporter” version is obsolete; it hasn’t been used by SonarLint for Visual Studio for some time, and it hasn’t been updated as new types of rules (e.g. Security Hotspots) have been added. It no longer accurately represents the information required by SonarLint in the IDE and should be ignored.
Thanks for the response. Why then does the “exporter” version contain more rules, specifically security hotpots?
Additional Question: We use the “Sonar Way” rulesets which frequently gets changed. In Visual Studio I have the option to update the rulesets.
Is there no way to have the rules in SonarCloud and SonarLint be in sync automatically?
I don’t know, but it’s no longer relevant.
No. SonarLint checks periodically (e.g. when the solution is opened) to see if the generated ruleset is up to date. If not, it will prompt you with a gold bar in the Error List to update. See the wiki page for more information.
We don’t sync automatically because updating could affect other files in the solution e.g. if a new project had been added to the solution then the same gold bar would be shown, and clicking update would change the project file. We wanted the user to choose when to apply the updates, so they are not mixed up with any other source-controlled changes they are making.