Hello, I would like to know a little bit more about SonarLint and SonaQube synchronization system.
At first, what is synchronized between SonarQube et SonarLint ?
Is the synchronization is performed in the both ways ?
For instance, if a developper relaxes a finding from its IDE, is the findings would be also relaxed on SonarQube side when the developper will push its code ?
In such case, after the push, is SonarQube broadcast this finding relaxation in the IDE of the other developpers?
Another point, for instance if you configure SonarQube in order to perform analysis on “new code” only, is the “old findings” would be hidden on the IDE ?
some settings (analyzer specific settings, file inclusion/exclusions patterns, issue exclusions)
issue status (suppression, severity, type, creation date)
No. Today this is only in the SonarQube → SonarLint direction.
I’m not aware of this possibility to configure SonarQube to analyze new code only (except for pull request analysis).
But today, SonarLint will not hide “old” issues. This is something we have in mind, but not sure when this will come.
Can you be a little bit more specific about these topics please:
analyzer specific settings
and issue exclusions please?
For example, if an issue was raised on SonarQube and solved as “Resolve as fixed” or even “Resolve as won’t fixed”, will the issue still be visible in the IDE or will it be removed as well?
(I mean visible on the sonarlint view and also by underlined the artefact on the text editor view)
Analyzer settings are (part of) the one you can see in the “Languages” section of SonarQube settings, for example:
sonar.xxx.file.suffixes
sonar.xxx.exclusions
sonar.javascript.globals
Issue/file exclusions settings are the one from “Analysis scope”, like:
sonar.issue.ignore.multicriteria
sonar.inclusions
Only “resolve as won’t fix” or “resolve as false positive” issues are suppressed in SonarLint. “resolve as fixed” is an historical feature of SonarQube (from the time where code was analyzed once a day max) to let user tell SonarQube that the issue is already fixed in SCM, and should be confirmed by next analysis (then issue will be closed, or reopened).
For SonarLint it doesn’t make sense, because if the issue is really fixed in SCM (by someone else), you can simply rebase your branch and the issue will disappear.