I installed the SonarLint 6.6 for Eclipse (neno) using Eclipse marketplace.
It successful scanned my java project and returned 4725 items found.
I bind the project to SonarQube server which installed at the same PC
After anaylized the project again, I click "update all project bindings" at the SonarQube at Eclipse server to syn the result to SonarQube
My Questions
1) How can I syn the analyzed result to my server?
2) Are there any tool to category the analyzed result such as by severity? as I only interest on the "BUG"?
3) How can I configure the rule of SonarLint in Eclipse Environment?
May I have your help? Many thanks!
1) How can I syn the analyzed result to my server?
To analyze your project and see the result on SonarQube, you need to use one of the scanners. For example, if you build your project with Maven, then you can use the scanner for Maven. Or if you build your project with Ant or Gradle, there is a dedicated scanner for those too (as I linked). If you don't use any build tool, then you can use the scanner for CLI.
2) Are there any tool to category the analyzed result such as by severity? as I only interest on the "BUG"?
I'm not aware of such tool. And, at the time of this writing, the SonarLint On-The-Fly view is not configurable to do this (unlike the "native" Problems view of Eclipse). (This might be a good idea for future improvement, if there's enough interest for it.)
3) How can I configure the rule of SonarLint in Eclipse Environment?
It seems your project is bound to a project on SonarQube.
You can configure this on SonarQube.
In SonarQube, each project is associated with a quality profile.
After you can configure what rules to include,
you can update the bindings in Eclipse to apply the same configuration for SonarLint in Eclipse.
Related
i have integrated sonarLint with sonarQube. In my eclipse i can see the issues after analysis.
I wanted to know the rules are taken from sonarQube or not
I depends on whether or not you have bound to the SonarQube Server.
You can check this by right clicking on the project => Sonar Lint => Bind to a SonarQube project.
If you bind to it then the rules will be used from the SonarQube.
I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
We are using sonarqube version 6.7. I would like to execute all sonar bugs and vulnerability java rules with blocker and critical severity locally on my Intellij Idea. I want to run these rules on multiple IDEA projects that are configured in my IDE.
I have installed the SonarLint plugin (version 3.2) and configured it to bind to the sonar server. On running the analysis from the "Project Files" tab I get errors for all iml files as
"File 'feature.iml' can't be analyzed. Skipping:
F:/modules/feature.iml"
.
My goal is to identify all sonar rules that are failing on my projects so that I can activate them on the sonar server for periodic runs as part of CI. To get started I thought of starting with blocker and critical vulnerabilities.
Could someone guide me on this?
You should activate all rules with the desired severity in the quality profile assigned to your project in SonarQube. Then you can bind your project in IntelliJ to the project in SonarQube. SonarLint will use the same quality profile.
About the iml files, it's not an error. SonarLint will exclude certain files from analysis that doesn't make sense to be analyzed, such as binary files.
We will be using sonarqube for code analysis and reviews .
How get my Visual Studio projects visible on sonar dashboard ?
Any leads regarding same will be appreciated.
Thanks.
To get your projects into SonarQube, you'll need to analyze them.
Since you're dealing with Visual Studio projects, take a look at the SonarQube Scanner for MSBuild (once you've set up your SonarQube instance, that is).
I have heard about the sonar source that manage source code quality. I have VS-2015. I have installed Sonar extension in VS (SonarLint) but not to know how to use that. I mean i add the extension in VS which is enabled. My local site is hosted in IIS server so that i don't need to Build + compile and run it on VS. also tell me that is it necessary to use SonarQube with SonarLint ?. if yes than why?