I see that when you sync SonarLint to SonarQube, all issues (meaning bugs, code smells, and vulnerabilities) are reported as just Warnings in SonarLint, whereas the same issues might be bugs or vulnerabilities in SQ which would cause you to fail the default SonarWay quality gate.
I understand I can configure SonarLint issue severity manually, but is there a way to inherit the same issue type and severity in SonarLint that is reported in SonarQube?
For example if I have a OWASP top 10 security vulnerability in SQ causing a failed Quality Gate, is there a way to have that also default to something more severe than a Warning in SonarLint?
Hello, thank you for your feedback.
In which IDE are you using SonarLint?
Please note that most IDE don’t have a direct 1:1 mapping between SonarQube severities and “native” issue severity - and most of the times we are limited by what the IDE allows.
Assuming that your IDE is Visual Studio, the mapping is explained on this wiki page.
Yes we are using Visual Studio. The wiki page you sent says this about Connected Mode “… By default Sonar Critical and Blocker issues are not mapped to Visual Studio Error as this would cause IDE builds to fail…” Our requirement is the opposite. In connected mode, we want the IDE to show “Error” instead of warnings.
Is there a way to do this without mapping individual issue severity in visual studio ? The wiki page says “by default”, so I’m assuming there’s an alternative to this. If there is no solution for this, what do you suggest as a workaround?
I am not a Visual Studio expert, but it is mentioned in this other thread that you can configure projects to “treat warnings as errors”. Would this fit your requirement?
I see that my concern is related to this closed SonarLint issue: https://github.com/SonarSource/sonarlint-visualstudio/issues/808 . In light of that, I think your suggestion is a suitable workaround. Instead of trying to map severity levels, we will just treat all warnings from SQ as errors in visual studio.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.