[WebStorm]: SonarQube for IDE not showing issues

Claus_Jessing · January 24, 2025, 11:11am

ALM used: Azure DevOps
CI system: Azure DevOps
TypeScript

I have both IntelliJ and WebStorm configured using the same SonarCloud connection. IntelliJ works straight away, showing errors/warnings for the current file when I edit it.

WebStorm shows nothing.

What I would like is to have SonarQube for IDE display the same messages I get when my pipeline ends. A simple example is to mark injected services readonly.

In my SonarCloud connection I’m pointing to a node.exe v20.11.0 and I have “Automatical trigger analysis” checked.

When editing my code I can see a background process being triggered but nothing is displayed in the SonarQube for IDE Current File tab.

Am I missing something?

Colin · January 27, 2025, 9:20am

Hey @Claus_Jessing!

What version of WebStorm are you using?
What version of SonarQube for IDE are you using?
Can you share a small example file/project where you expect to see issues raised, but no issues are raised?

Claus_Jessing · January 27, 2025, 9:48am

WebStorm: 2024.3.2.1
SonarQube for IDE: 10.15.0.80347

An example could be that when my build pipeline completes, the following angular component constructor would be flagged as erroneous:

constructor(private alertService: AlertService) {}

I would get an error like

Member ‘alertService’ is never reassigned; mark it as readonly.

and I would have to change my constructor to

constructor(private readonly alertService: AlertService) {}

The same with commented code that would result in this error:

Remove this commented out code. (Web:AvoidCommentedOutCodeCheck
See it in SonarQube Cloud

As these errors are displayed at the end of a pipeline that takes about half an hour to run it would be nice to have SonarQube for IDE show them to me before committing my changes.

Hope it makes sense.

Colin · January 27, 2025, 10:01am

Hey @Claus_Jessing

I get that, but without more info, it’s tough to reproduce an issue like this. For example, if I start up WebStorm and open a project (this sample project), I can easily get the web:AvoidCommentedOutCode check by adding some code comments.

Analysing 'sample.xhtml' (ID 9dcdfde0-292a-45b9-be22-2ce0d74d2315)...
 [2025-01-27T10:54:40.117] [SonarLint Server RPC request executor] INFO sonarlint - Triggering analysis with configuration: [
  baseDir: /Users/colinmueller/Source/sonar-scanning-examples
  extraProperties: {sonar.updatecenter.cache.ttl=3600000, sonaranalyzer-cs.nuget.packageVersion=10.3.0.106239, sonaranalyzer.security.cs.pluginVersion=10.9.0.33961, sonar.auth.bitbucket.allowUsersToSignUp=true, sonar.cs.ignoreHeaderComments=true, sonar.c.file.suffixes=.c,.h, sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts, sonar.auth.github.enabled=false, sonar.python.coverage.reportPaths=coverage-reports/*coverage-*.xml, sonaranalyzer-vbnet.nuget.packageVersion=10.3.0.106239, sonar.text.activate=true, sonar.cobol.dialect=ibm-enterprise-cobol, provisioning.gitlab.enabled=false, sonar.go.file.suffixes=.go, sonar.cpd.cobol.minimumLines=30, sonar.cobol.exec.recoveryMode=true, sonar.cs.analyzeRazorCode=true, sonar.auth.saml.applicationId=sonarqube, dc5.mutationAnalysis.effort.survivedMutant=1.0, sonar.python.xunit.skipDetails=false, sonar.ipynb.file.suffixes=ipynb, sonar.dbcleaner.weeksBeforeKeepingOnlyAnalysesWithVersion=104, sonar.plsql.jdbc.driver.class=oracle.jdbc.OracleDriver, sonar.qualitygate.ignoreSmallChanges=true, sonar.auth.saml.signature.enabled=false, sonar.go.exclusions=**/vendor/**, sonar.php.exclusions=**/vendor/**, sonar.js.internal.bundlePath=/Users/colinmueller/Library/Application Support/JetBrains/WebStorm2024.3/plugins/sonarlint-intellij/plugins/eslint-bridge, sonar.terraform.file.suffixes=.tf, sonar.forceAuthentication=true, sonar.announcement.displayMessage=false, sonar.notifications.delay=60, sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m, sonar.swift.file.suffixes=.swift, sonar.vbnet.roslyn.ignoreIssues=false, sonar.plsql.ignoreHeaderComments=false, sonar.flex.file.suffixes=as, dc5.mutationAnalysis.pitest.sensor.reports.directory=target/pit-reports, sonar.multi-quality-mode.enabled=true, sonar.jcl.file.suffixes=.jcl, sonaranalyzer.security.cs.nuget.packageVersion=10.9.0.33961, sonar.filesize.limit=20, sonar.auth.gitlab.groupsSync=false, sonar.auth.github.apiUrl=https://api.github.com/, sonar.ruby.file.suffixes=.rb, sonaranalyzer-cs.ruleNamespace=SonarAnalyzer.Enterprise.CSharp, sonar.auth.github.allowUsersToSignUp=true, sonar.pli.extralingualCharacters=#@$, sonar.cs.analyzeGeneratedCode=false, sonar.azureresourcemanager.file.identifier=https://schema.management.azure.com/schemas/,http://schema.management.azure.com/schemas/, sonar.python.xunit.reportPath=xunit-reports/xunit-result-*.xml, sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/*app*.properties,**/src/main/resources/**/*app*.yaml,**/src/main/resources/**/*app*.yml, dc5.mutationAnalysis.effort.mutantKill=5min, sonar.pli.marginLeft=2, sonar.builtInQualityProfiles.disableNotificationOnUpdate=false, sonar.javascript.globals=angular,goog,google,OpenLayers,d3,dojo,dojox,dijit,Backbone,moment,casper,_,sap, sonar.dbcleaner.auditHousekeeping=Monthly, sonar.dbcleaner.hoursBeforeKeepingOnlyOneSnapshotByDay=24, sonar.yaml.file.suffixes=.yaml,.yml, sonar.dbcleaner.daysBeforeDeletingInactiveBranchesAndPRs=30, sonar.auth.bitbucket.enabled=false, sonar.terraform.activate=true, sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html, sonar.css.file.suffixes=.css,.less,.scss,.sass, sonar.cpd.abap.minimumTokens=100, sonar.docker.file.patterns=Dockerfile,*.dockerfile, sonar.auth.github.webUrl=https://github.com/, sonar.dbcleaner.branchesToKeepWhenInactive=main,master,develop,trunk, sonar.dependencyCheck.useFilePath=false, sonar.ce.parallelProjectTasks=true, sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig, sonaranalyzer-vbnet.nuget.packageId=SonarAnalyzer.Enterprise.VisualBasic, sonar.php.frameworkDetection=true, sonar.auth.gitlab.enabled=false, sonar.vb.file.suffixes=.bas,.frm,.ctl, sonar.cpd.cross_project=false, sonaranalyzer-vbnet.pluginVersion=10.3.0.106239, sonar.dependencyCheck.summarize=false, sonar.vbnet.ignoreHeaderComments=true, sonar.rpg.leftMarginWidth=12, sonaranalyzer.security.cs.analyzerId=SonarAnalyzer.Security, sonaranalyzer.security.cs.nuget.packageId=SonarAnalyzer.Security, dc5.mutationAnalysis.missingCoverage.force2zero=false, sonar.auth.github.groupsSync=false, sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=4, dc5.mutationAnalysis.effort.missingCoverage=1.0, sonaranalyzer-vbnet.analyzerId=SonarAnalyzer.Enterprise.VisualBasic, sonar.scala.file.suffixes=.scala, sonar.cs.roslyn.ignoreIssues=false, sonar.cobol.byteBasedColumnCount=false, sonar.governance.report.project.branch.frequency=Monthly, sonar.cloudformation.activate=true, sonar.auth.token.max.allowed.lifetime=No expiration, sonar.pli.marginRight=72, sonaranalyzer-cs.pluginKey=csharpenterprise, sonar.kubernetes.activate=true, sonar.cpd.cobol.minimumTokens=100, sonar.java.ignoreUnnamedModuleForSplitPackage=False, sonar.json.file.suffixes=.json, dc5.mutationAnalysis.pitest.kotlin.sensor.enabled=true, sonaranalyzer.security.cs.pluginKey=securitycsharpfrontend, sonar.vb.ignoreHeaderComments=true, sonar.apex.file.suffixes=.cls,.trigger, sonaranalyzer-vbnet.ruleNamespace=SonarAnalyzer.Enterprise.VisualBasic, sonar.cloudformation.file.identifier=AWSTemplateFormatVersion, sonar.auth.saml.providerName=SAML, provisioning.github.project.visibility.enabled=true, sonar.dbcleaner.daysBeforeDeletingAnticipatedTransitions=30, sonar.javascript.ignoreHeaderComments=true, sonar.dbcleaner.daysBeforeDeletingClosedIssues=30, sonar.dependencyCheck.severity.high=7.0, sonar.java.enablePreview=False, sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=52, sonar.lf.gravatarServerUrl=https://secure.gravatar.com/avatar/{EMAIL_MD5}.jpg?s={SIZE}&d=identicon, sonar.dependencyCheck.skip=false, sonar.objc.file.suffixes=.m, sonar.ruby.coverage.reportPaths=coverage/.resultset.json, sonar.text.inclusions=**/*.sh,**/*.bash,**/*.zsh,**/*.ksh,**/*.ps1,**/*.properties,**/*.conf,**/*.pem,**/*.config,.env,.aws/config, sonar.governance.report.view.frequency=Monthly, sonar.cobol.sourceFormat=fixed, sonar.qualityProfiles.allowDisableInheritedRules=true, sonaranalyzer-cs.staticResourceName=SonarAnalyzer-10.3.0.106239.zip, sonar.notifications.runningDelayBeforeReportingStatus=600, sonar.auth.gitlab.allowUsersToSignUp=true, sonar.projectCreation.mainBranchName=main, sonar.cpd.cobol.ignoreLiteral=true, sonar.jsp.file.suffixes=.jsp,.jspf,.jspx, sonar.pli.ignoreHeaderComments=true, sonar.javascript.maxFileSize=1000, sonaranalyzer-cs.nuget.packageId=SonarAnalyzer.Enterprise.CSharp, sonar.javascript.environments=amd,applescript,atomtest,browser,commonjs,embertest,greasemonkey,jasmine,jest,jquery,meteor,mocha,mongo,nashorn,node,phantomjs,prototypejs,protractor,qunit,serviceworker,shared-node-browser,shelljs,webextensions,worker, sonar.authenticator.downcase=false, sonar.scm.disabled=false, sonar.ruby.exclusions=**/vendor/**, sonar.dart.file.suffixes=.dart, sonar.ansible.activate=true, sonar.auth.saml.enabled=false, sonar.vbnet.file.suffixes=.vb, sonaranalyzer-cs.analyzerId=SonarAnalyzer.Enterprise.CSharp, sonar.rpg.file.suffixes=.rpg,.rpgle,.sqlrpgle,.RPG,.RPGLE,.SQLRPGLE, dc5.mutationAnalysis.pitest.java.sensor.enabled=true, sonar.core.id=E3FE7274-AZRSgwcUY98Iyzjf5rq7, sonar.dependencyCheck.jsonReportPath=${WORKSPACE}/dependency-check-report.json, sonar.dependencyCheck.severity.medium=4.0, sonar.cfamily.generateComputedConfig=false, sonar.cobol.adaprep.activation=false, sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog, dc5.mutationAnalysis.experimentalFeatures.enabled=false, sonar.cfamily.ignoreHeaderComments=true, sonar.technicalDebt.ratingGrid=0.05,0.1,0.2,0.5, sonar.technicalDebt.developmentCost=30, sonar.lf.enableGravatar=false, sonar.validateWebhooks=true, sonar.docker.activate=true, sonar.python.file.suffixes=py, sonaranalyzer-cs.pluginVersion=10.3.0.106239, sonaranalyzer.security.cs.staticResourceName=SonarAnalyzer.Security-10.9.0.33961.zip, sonar.cs.file.suffixes=.cs,.razor, sonar.developerAggregatedInfo.disabled=false, sonar.plsql.file.suffixes=sql,pks,pkb, sonaranalyzer.security.cs.ruleNamespace=SonarAnalyzer.Security, sonar.plugins.downloadOnlyRequired=true, sonar.azureresourcemanager.file.suffixes=.bicep, sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue, sonar.cpd.abap.minimumLines=20, sonar.cobol.tab.width=8, sonar.allowPermissionManagementForProjectAdmins=true, sonaranalyzer-vbnet.staticResourceName=SonarAnalyzer-10.3.0.106239.zip, sonar.text.inclusions.activate=true, sonar.dependencyCheck.securityHotspot=true, sonar.vbnet.analyzeGeneratedCode=false, sonar.pli.file.suffixes=.pli, sonar.java.file.suffixes=.java,.jav, sonar.kotlin.file.suffixes=.kt,.kts, sonar.plugins.risk.consent=ACCEPTED, sonar.php.file.suffixes=php,php3,php4,php5,phtml,inc, sonar.auth.gitlab.url=https://gitlab.com, sonar.scanner.skipNodeProvisioning=false, sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config, sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260, sonar.portfolios.confidential.header=true, sonaranalyzer-vbnet.pluginKey=vbnetenterprise, sonar.azureresourcemanager.activate=true, sonar.java.jvmframeworkconfig.activate=true, sonar.dependencyCheck.severity.low=0.0, sonar.updatecenter.url=https://downloads.sonarsource.com/sonarqube/update/update-center.properties, sonar.tsql.file.suffixes=.tsql, sonar.core.startTime=2025-01-25T18:33:10+0100}
  activeRules: [22 kubernetes, 251 python, 30 scala, 11 pythonbugs, 121 secrets, 40 docker, 132 plsql, 30 ruby, 49 Web, 23 xml, 178 php, 49 terraform, 26 cloudformation, 62 swift]
  inputFiles: [
    file:///Users/colinmueller/Source/sonar-scanning-examples/sonar-scanner/src/html/sample.xhtml (UTF-8)
  ]
]

 [2025-01-27T10:54:40.15] [sonarlint-analysis-engine] INFO sonarlint - Index files
 [2025-01-27T10:54:40.15] [Report about progress of file indexation] INFO sonarlint - 1 file indexed
 [2025-01-27T10:54:40.18] [Progress of the Docker analysis] INFO sonarlint - 0 source files to be analyzed
 [2025-01-27T10:54:40.18] [Progress of the Docker analysis] INFO sonarlint - 0/0 source files have been analyzed
 [2025-01-27T10:54:40.181] [sonarlint-analysis-engine] INFO sonarlint - Available processors: 8
 [2025-01-27T10:54:40.181] [sonarlint-analysis-engine] INFO sonarlint - Using 8 threads for analysis.
 [2025-01-27T10:54:40.2] [sonarlint-analysis-engine] INFO sonarlint - Analyzing all except non binary files
 [2025-01-27T10:54:40.201] [Progress of the text and secrets analysis] INFO sonarlint - 1 source file to be analyzed
 [2025-01-27T10:54:40.207] [Progress of the text and secrets analysis] INFO sonarlint - 1/1 source file has been analyzed
 [2025-01-27T10:54:40.207] [sonarlint-analysis-engine] INFO sonarlint - Analysis detected 5 issues and 0 Security Hotspots in 120ms

That’s why I was asking about a specific file/project where the issue can be reproduced, rather than examples of issues. It doesn’t have to be your original project, but at least a small project where you face the same issue in your environment.

Claus_Jessing · January 27, 2025, 10:30am

Strange… the second I open a file in the sonar-scanning project (eg sonar-scanning\sonar-scanner\src\javascript\Person.js) I get a string of error listed in SonarQube for IDE. I will try to construct a small project displaying my issue.

Just discovered that if I connect to SonarCloud all errors go away. Toggling the connection to SonarCloud also toggles the 7 issues in Person.js.

Copying some of my TypeScript code into the sonar-scanning project actually produces the expected errors… until I connect to SonarCloud.

I dont know if that tells you that I have to look elsewhere for the issue?

Claus_Jessing · January 27, 2025, 11:24am

sonarcloud.zip (298.4 KB)

This is a brand new Angular project with a single code line commented out in app.component.ts.

I have discovered a few interesting things:

Opening the solution in WebStorm without binding displays the expected issue message (“Remove this commented out code”). Binding to SonarCloud makes the error go away.

The funny thing is that opening the solution in IntelliJ and binding to SonarCloud works as expected. Ie the error is displayed both with and without binding.

A strange thing is, that if I use the same binding in IntelliJ as I have configured in WebStorm, I get an error in WebStorm, that the binding has been deleted. The same goes the other way around.

Hope this makes sense…

Colin · January 27, 2025, 1:50pm

Hm… thanks for that. I can’t reproduce even when binding.

Let’s try this: can you share the bits of logs of you see for SonarQube for IDE where it shows extraProperties and activeRules?

extraProperties: {sonar.updatecenter.cache.ttl=3600000, sonaranalyzer-cs.nuget.packageVersion=10.3.0.106239, sonaranalyzer.security.cs.pluginVersion=10.9.0.33961, sonar.auth.bitbucket.allowUsersToSignUp=true, sonar.cs.ignoreHeaderComments=true, sonar.c.file.suffixes=.c,.h, sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts, sonar.auth.github.enabled=false, sonar.python.coverage.reportPaths=coverage-reports/coverage-.xml, sonaranalyzer-vbnet.nuget.packageVersion=10.3.0.106239, sonar.text.activate=true, sonar.cobol.dialect=ibm-enterprise-cobol, provisioning.gitlab.enabled=false, sonar.go.file.suffixes=.go, sonar.cpd.cobol.minimumLines=30, sonar.cobol.exec.recoveryMode=true, sonar.cs.analyzeRazorCode=true, sonar.auth.saml.applicationId=sonarqube, dc5.mutationAnalysis.effort.survivedMutant=1.0, sonar.python.xunit.skipDetails=false, sonar.ipynb.file.suffixes=ipynb, sonar.dbcleaner.weeksBeforeKeepingOnlyAnalysesWithVersion=104, sonar.plsql.jdbc.driver.class=oracle.jdbc.OracleDriver, sonar.qualitygate.ignoreSmallChanges=true, sonar.auth.saml.signature.enabled=false, sonar.go.exclusions=/vendor/, sonar.php.exclusions=/vendor/, sonar.js.internal.bundlePath=/Users/colinmueller/Library/Application Support/JetBrains/WebStorm2024.3/plugins/sonarlint-intellij/plugins/eslint-bridge, sonar.terraform.file.suffixes=.tf, sonar.forceAuthentication=true, sonar.announcement.displayMessage=false, sonar.notifications.delay=60, sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m, sonar.swift.file.suffixes=.swift, sonar.vbnet.roslyn.ignoreIssues=false, sonar.plsql.ignoreHeaderComments=false, sonar.flex.file.suffixes=as, dc5.mutationAnalysis.pitest.sensor.reports.directory=target/pit-reports, sonar.multi-quality-mode.enabled=true, sonar.jcl.file.suffixes=.jcl, sonaranalyzer.security.cs.nuget.packageVersion=10.9.0.33961, sonar.filesize.limit=20, sonar.auth.gitlab.groupsSync=false, sonar.auth.github.apiUrl=https://api.github.com/, sonar.ruby.file.suffixes=.rb, sonaranalyzer-cs.ruleNamespace=SonarAnalyzer.Enterprise.CSharp, sonar.auth.github.allowUsersToSignUp=true, sonar.pli.extralingualCharacters=#@$, sonar.cs.analyzeGeneratedCode=false, sonar.azureresourcemanager.file.identifier=https://schema.management.azure.com/schemas/,http://schema.management.azure.com/schemas/, sonar.python.xunit.reportPath=xunit-reports/xunit-result-.xml, sonar.java.jvmframeworkconfig.file.patterns=/src/main/resources//app.properties,/src/main/resources//app.yaml,/src/main/resources//app.yml, dc5.mutationAnalysis.effort.mutantKill=5min, sonar.pli.marginLeft=2, sonar.builtInQualityProfiles.disableNotificationOnUpdate=false, sonar.javascript.globals=angular,goog,google,OpenLayers,d3,dojo,dojox,dijit,Backbone,moment,casper,_,sap, sonar.dbcleaner.auditHousekeeping=Monthly, sonar.dbcleaner.hoursBeforeKeepingOnlyOneSnapshotByDay=24, sonar.yaml.file.suffixes=.yaml,.yml, sonar.dbcleaner.daysBeforeDeletingInactiveBranchesAndPRs=30, sonar.auth.bitbucket.enabled=false, sonar.terraform.activate=true, sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html, sonar.css.file.suffixes=.css,.less,.scss,.sass, sonar.cpd.abap.minimumTokens=100, sonar.docker.file.patterns=Dockerfile,.dockerfile, sonar.auth.github.webUrl=https://github.com/, sonar.dbcleaner.branchesToKeepWhenInactive=main,master,develop,trunk, sonar.dependencyCheck.useFilePath=false, sonar.ce.parallelProjectTasks=true, sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig, sonaranalyzer-vbnet.nuget.packageId=SonarAnalyzer.Enterprise.VisualBasic, sonar.php.frameworkDetection=true, sonar.auth.gitlab.enabled=false, sonar.vb.file.suffixes=.bas,.frm,.ctl, sonar.cpd.cross_project=false, sonaranalyzer-vbnet.pluginVersion=10.3.0.106239, sonar.dependencyCheck.summarize=false, sonar.vbnet.ignoreHeaderComments=true, sonar.rpg.leftMarginWidth=12, sonaranalyzer.security.cs.analyzerId=SonarAnalyzer.Security, sonaranalyzer.security.cs.nuget.packageId=SonarAnalyzer.Security, dc5.mutationAnalysis.missingCoverage.force2zero=false, sonar.auth.github.groupsSync=false, sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=4, dc5.mutationAnalysis.effort.missingCoverage=1.0, sonaranalyzer-vbnet.analyzerId=SonarAnalyzer.Enterprise.VisualBasic, sonar.scala.file.suffixes=.scala, sonar.cs.roslyn.ignoreIssues=false, sonar.cobol.byteBasedColumnCount=false, sonar.governance.report.project.branch.frequency=Monthly, sonar.cloudformation.activate=true, sonar.auth.token.max.allowed.lifetime=No expiration, sonar.pli.marginRight=72, sonaranalyzer-cs.pluginKey=csharpenterprise, sonar.kubernetes.activate=true, sonar.cpd.cobol.minimumTokens=100, sonar.java.ignoreUnnamedModuleForSplitPackage=False, sonar.json.file.suffixes=.json, dc5.mutationAnalysis.pitest.kotlin.sensor.enabled=true, sonaranalyzer.security.cs.pluginKey=securitycsharpfrontend, sonar.vb.ignoreHeaderComments=true, sonar.apex.file.suffixes=.cls,.trigger, sonaranalyzer-vbnet.ruleNamespace=SonarAnalyzer.Enterprise.VisualBasic, sonar.cloudformation.file.identifier=AWSTemplateFormatVersion, sonar.auth.saml.providerName=SAML, provisioning.github.project.visibility.enabled=true, sonar.dbcleaner.daysBeforeDeletingAnticipatedTransitions=30, sonar.javascript.ignoreHeaderComments=true, sonar.dbcleaner.daysBeforeDeletingClosedIssues=30, sonar.dependencyCheck.severity.high=7.0, sonar.java.enablePreview=False, sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=52, sonar.lf.gravatarServerUrl=https://secure.gravatar.com/avatar/{EMAIL_MD5}.jpg?s={SIZE}&d=identicon, sonar.dependencyCheck.skip=false, sonar.objc.file.suffixes=.m, sonar.ruby.coverage.reportPaths=coverage/.resultset.json, sonar.text.inclusions=/*.sh,/.bash,**/.zsh,/*.ksh,/.ps1,**/.properties,/*.conf,/.pem,**/.config,.env,.aws/config, sonar.governance.report.view.frequency=Monthly, sonar.cobol.sourceFormat=fixed, sonar.qualityProfiles.allowDisableInheritedRules=true, sonaranalyzer-cs.staticResourceName=SonarAnalyzer-10.3.0.106239.zip, sonar.notifications.runningDelayBeforeReportingStatus=600, sonar.auth.gitlab.allowUsersToSignUp=true, sonar.projectCreation.mainBranchName=main, sonar.cpd.cobol.ignoreLiteral=true, sonar.jsp.file.suffixes=.jsp,.jspf,.jspx, sonar.pli.ignoreHeaderComments=true, sonar.javascript.maxFileSize=1000, sonaranalyzer-cs.nuget.packageId=SonarAnalyzer.Enterprise.CSharp, sonar.javascript.environments=amd,applescript,atomtest,browser,commonjs,embertest,greasemonkey,jasmine,jest,jquery,meteor,mocha,mongo,nashorn,node,phantomjs,prototypejs,protractor,qunit,serviceworker,shared-node-browser,shelljs,webextensions,worker, sonar.authenticator.downcase=false, sonar.scm.disabled=false, sonar.ruby.exclusions=/vendor/, sonar.dart.file.suffixes=.dart, sonar.ansible.activate=true, sonar.auth.saml.enabled=false, sonar.vbnet.file.suffixes=.vb, sonaranalyzer-cs.analyzerId=SonarAnalyzer.Enterprise.CSharp, sonar.rpg.file.suffixes=.rpg,.rpgle,.sqlrpgle,.RPG,.RPGLE,.SQLRPGLE, dc5.mutationAnalysis.pitest.java.sensor.enabled=true, sonar.core.id=E3FE7274-AZRSgwcUY98Iyzjf5rq7, sonar.dependencyCheck.jsonReportPath=${WORKSPACE}/dependency-check-report.json, sonar.dependencyCheck.severity.medium=4.0, sonar.cfamily.generateComputedConfig=false, sonar.cobol.adaprep.activation=false, sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog, dc5.mutationAnalysis.experimentalFeatures.enabled=false, sonar.cfamily.ignoreHeaderComments=true, sonar.technicalDebt.ratingGrid=0.05,0.1,0.2,0.5, sonar.technicalDebt.developmentCost=30, sonar.lf.enableGravatar=false, sonar.validateWebhooks=true, sonar.docker.activate=true, sonar.python.file.suffixes=py, sonaranalyzer-cs.pluginVersion=10.3.0.106239, sonaranalyzer.security.cs.staticResourceName=SonarAnalyzer.Security-10.9.0.33961.zip, sonar.cs.file.suffixes=.cs,.razor, sonar.developerAggregatedInfo.disabled=false, sonar.plsql.file.suffixes=sql,pks,pkb, sonaranalyzer.security.cs.ruleNamespace=SonarAnalyzer.Security, sonar.plugins.downloadOnlyRequired=true, sonar.azureresourcemanager.file.suffixes=.bicep, sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue, sonar.cpd.abap.minimumLines=20, sonar.cobol.tab.width=8, sonar.allowPermissionManagementForProjectAdmins=true, sonaranalyzer-vbnet.staticResourceName=SonarAnalyzer-10.3.0.106239.zip, sonar.text.inclusions.activate=true, sonar.dependencyCheck.securityHotspot=true, sonar.vbnet.analyzeGeneratedCode=false, sonar.pli.file.suffixes=.pli, sonar.java.file.suffixes=.java,.jav, sonar.kotlin.file.suffixes=.kt,.kts, sonar.plugins.risk.consent=ACCEPTED, sonar.php.file.suffixes=php,php3,php4,php5,phtml,inc, sonar.auth.gitlab.url=https://gitlab.com, sonar.scanner.skipNodeProvisioning=false, sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config, sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260, sonar.portfolios.confidential.header=true, sonaranalyzer-vbnet.pluginKey=vbnetenterprise, sonar.azureresourcemanager.activate=true, sonar.java.jvmframeworkconfig.activate=true, sonar.dependencyCheck.severity.low=0.0, sonar.updatecenter.url=https://downloads.sonarsource.com/sonarqube/update/update-center.properties, sonar.tsql.file.suffixes=.tsql, sonar.core.startTime=2025-01-25T18:33:10+0100}
activeRules: [22 kubernetes, 251 python, 30 scala, 11 pythonbugs, 121 secrets, 40 docker, 132 plsql, 30 ruby, 49 Web, 23 xml, 178 php, 49 terraform, 26 cloudformation, 62 swift]
inputFiles: [
file:///Users/colinmueller/Downloads/sonarcloud/src/index.html (UTF-8)
]

Claus_Jessing · January 28, 2025, 5:08am

This is after removing readonly from one of the injected services in the constructor in an angular component and clicking “Analyze Current File”:

  extraProperties: {sonar.js.internal.bundlePath=C:\Users\cbj\AppData\Roaming\JetBrains\WebStorm2024.3\plugins\sonarlint-intellij\plugins\eslint-bridge}
  activeRules: [13 kubernetes, 214 python, 24 css, 109 kotlin, 29 secrets, 265 javascript, 26 docker, 28 ruby, 45 Web, 14 xml, 155 php, 7 terraform, 267 typescript, 7 cloudformation]

This is with binding and no errors are shown.

Claus_Jessing · January 28, 2025, 5:13am

I got a message from Nicolas Quinquenel about using both WebStorm and IntelliJ on the same project. I normally use WebStorm for TypeScript/Javascript and IntelliJ for Java. In this particular case, I just opened my Angular project in IntelliJ to verify the WebStorm behavior (which I couldn’t). But I did encounter the known issue with using two IDE on the same project.

Claus_Jessing · January 28, 2025, 8:13am

Okay, so a strange thing is that SonarQube for IDE actually detects an empty method (S1186) but not injections missing readonly and not commented out code…

nicolas.quinquenel · January 28, 2025, 10:08am

It would be ideal if you could share the SQ:IDE logs after binding and analyzing the file on both WebStorm and IntelliJ.

Claus_Jessing · January 28, 2025, 2:31pm

Here are logs from both WebStorm and IntelliJ. For some reason WebStorm has startet recognizing commented out code, but still refuses to report missing readonly on injected services which is the test I’ve performed to create the attached logs. This differs from the pipeline where readonly is reported as expected.
sonarqube-logs.zip (6.8 KB)

nicolas.quinquenel · February 4, 2025, 3:54pm

Hey @Claus_Jessing, sorry for the relatively late reply. I couldn’t find an explanation yet. Could you please provide logs with Analysis logs and Verbose output enabled, as explained in our documentation?

Also, it would be best if you could share a reproducible example of the issue you have with readonly; as I understand, the commented code is not an issue anymore.

Thanks!

Claus_Jessing · February 5, 2025, 6:45am

To the best of my knowledge, I have provided the logs in my previous post (sonarqube-logs.zip).

I’m a bit overloaded atm but will try to recreate an example over the weekend.

nicolas.quinquenel · February 5, 2025, 7:26am

To the best of my knowledge, I have provided the logs in my previous post (sonarqube-logs.zip).

Yes, but they do not include the Analysis logs or the Verbose output. You can set this option within the log tab to include further information that would be helpful for us. Thanks.

Claus_Jessing · February 5, 2025, 7:46am

sonaqube-logs-ii.zip (7.9 KB)
I’ll try again Here’s what I did:

Open an angular component in WebStorm (see version below)
Open the SonarQube window and go to the Log tab
Click the three dots an the upper right corner and enable Analysis and Verbose
Go to the constructor of the component and remove the “readonly” annotation from one of the injected services.

Hope this helps.

WebStorm 2024.3.2.1
Build #WS-243.23654.157, built on January 23, 2025
Runtime version: 21.0.5+8-b631.30 amd64 (JCEF 122.1.9)
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Toolkit: sun.awt.windows.WToolkit
Windows 10.0
GC: G1 Young Generation, G1 Concurrent GC, G1 Old Generation
Memory: 8192M
Cores: 12
Registry:
debugger.new.tool.window.layout=true
ide.experimental.ui=true
terminal.new.ui=true
Non-Bundled Plugins:
com.jetbrains.space (243.23654.19)
com.intellij.properties (243.22562.9)
com.oxygenxml.xsdtojsonschema (2024.2.0)
XPathView (243.22562.13)
com.intellij.aqua (243.23654.177)
com.intellij.grazie.pro (0.3.359)
mdx.js (243.21565.120)
com.github.copilot (1.5.32-242)
org.sonarlint.idea (10.15.0.80347)

nicolas.quinquenel · February 7, 2025, 3:38pm

Thank you for the information you provided. To keep you updated, I investigated but couldn’t find an explanation yet. The logs show that this specific rule S2933 is enabled and part of the analysis; however, it has still not been raised. We are continuing the investigation and will keep you updated.

It would also be beneficial if you could give a reproducible example of the exact file where you’re having this problem.

Claus_Jessing · February 10, 2025, 6:31am

Good morning Nicolas

I did try to create an example by creating a new almost empty Angular project but of course everything works just fine there (attached for reference
my-project.zip (302.3 KB)).

The project at hand has almost 400 components and a similar amount of services. On top of that it uses a very rare (and discontinued) package from the EU Commission called @eui/dynamic-forms. The entire project uses yarn over npm. I will try to make a copy and reduce it to a manageble size for you, but it might be a couple of days in between my normal work

nicolas.quinquenel · February 20, 2025, 9:05am

Hey @Claus_Jessing, to keep you updated, we still haven’t found the reason for this behavior. The logs do not show anything in particular, and not having a reproducer makes this difficult for us to investigate. Nonetheless, we are still working on it, and I will keep you up-to-date with the progress.

Claus_Jessing · February 20, 2025, 9:17am

Thanks @nicolas.quinquenel

And I’m still trying to slim my solution down to something tangible for you to see, but it’s complicated and has to be done outside my normal work…