SonarLint not respecting issues resolved in the UI on a branch

Please provide

  • Operating system: Windows
  • Visual Studio 2022 17.2.2
  • SonarLint plugin version: 6.5.0.48666
  • Is connected mode used: Yes
    • Connected to SonarCloud or SonarQube (and which version): SonarQube 9.5

I am working on a feature branch and manually pushed analysis results for this branch to SonarQube
SonarQube reports some issues which I have marked in the UI as resolved/won’t fix
SonarLint continues to report them - it feels like it might be reporting these issues from the master (default) branch and not the branch I am working on.

Hey there.

SonarLint for Visual Studio is not branch-aware like SonarLint for Eclipse, IntelliJ, and VS Code are (this is a very recent addition). We plan on adding branch awareness to SonarLint for Visual Studio in the future, but for now it will only reflect your main branch.

Hi @Colin

Thanks for the quick response.
What would current guidance for VS users be?
Would it be along the lines of:

  • Anything you are going to resolve in the Sonar UI, do it in the master branch and NOT your PR/feature branch?
  • Anything you are going to resolve in code, do it in your branch

Is that fair or is there more/less?

Also when you do add the feature, will it mean that I can resolve an issue through the Sonar UI on my feature branch and, once the branch is merged back to master, those resolutions will come with it?

I am thinking for example where you resolve something as “Won’t fix” because it is legit in this case or mark as a false positive etc.

thanks

Hello @tbutler and sorry for the late answer.
If you resolve an issue (e.g. as Won’t Fix) in a feature branch, the status you set will be replicated when creating a pull request and merging the pull request into the main branch. (see SonarQube FAQ for branches).

Also when you do add the feature, will it mean that I can resolve an issue through the Sonar UI on my feature branch and, once the branch is merged back to master, those resolutions will come with it?

Correct, this is already the case if you use SonarLint for Eclipse, VSCode or IntelliJ - as Colin said above, this will come bit later in future for Visual Studio.
By the way, you can subscribe to this roadmap card to be notified of any updates.

Would it be along the lines of:

  • Anything you are going to resolve in the Sonar UI, do it in the master branch and NOT your PR/feature branch?

This won’t help you much IMO - you can’t anyhow mark a new issue as Won’t fix in the SonarQube UI in the main branch until that issue is merged into the main branch. It is probably better to do that directly in the feature branch - the status will then be replicated into the main branch when merged.

In both cases, until we will deliver branch awareness in SonarLint for Visual Studio, the issue will only stop being reported by SonarLint when it reaches the main branch.

Hi @Marco_Comi
Thanks for your response.
My post here was about sonarlint but actually the behaviour you describe I am not seeing in Sonar UI - I had a feature branch, resolved some issues as won’t fix, merged the branch to master…and those issues continue to be unresolved in master in SonarQube itself.

I have raised a support ticket about this

re: marking issues as won’t fix - I was actually talking about existing issues - we are trying to clean up our codebase at least as far as security issues and vulnerabilities are concerned, so it is perfectly valid to have an issue about one of these and want to mark it as won’t fix.

thanks