SonarQube - does it use sqlfluff for scanning sql code/queries

Hi, I am new to SonarQube and this is the first time I’m using it, I have been watching videos on SonarQube static analysis and reading the documentation. I’m really impressed by the tool as such.

  1. I would like to know if SonarQube uses sqlfluff rules for scanning SQL Code/queries?
  2. Does SonaQube has a check for SQL asserions in a sql/sqlx file?

Thanks

Hi,

Welcome to the community!

We write our own analyzers and don’t use SQLFluff.

You can see all our rules for T-SQL and PL/SQL on our rules website.

 
HTH,
Ann

Thank you very much. I was really awaiting the response. What do you mean by T-sql and PL/SQL? I am using BigQuery, which set of rules will be applied to my SQL or SQLX files? Thanks

Hi,

We analyze the languages T-SQL and PL/SQL. We don’t have an analyzer for Big Query / raw SQL.

 
HTH,
Ann

(post deleted by author)

  1. I see. Thank you, much appreciated. That means, I cannot use a SonarQube Analyser for BigQuery, is that right?

I still have a question:

  1. I installed SonarLint as an Extension on my VS Code. I tried analysing my sqlx files (sqlx are GCP Dataform files) and when I tried analysing through SonarLint, it was saying “No issues found”, does that mean it is not analysing these files at all?

Hi,

Yes, I believe that’s what that means.

 
Ann