SonarLint quality profile

1,126 views
Skip to first unread message

nicholas.rundle

unread,
Oct 26, 2016, 12:23:20 PM10/26/16
to SonarLint
Hi, can anyone point me to a SonarQube quality profile which has all of the SonarLint supported rules and only the SonarLint supported rules enabled?

I want to ensure that what a developer analyzes locally will be identical to what is seen in our CI setup.

Thanks,
Nick

matad...@googlemail.com

unread,
Oct 27, 2016, 5:58:47 AM10/27/16
to SonarLint
Good question I'm not aware of one however this might be useful e.g. you want to build on the core set and then extend to allow developers to add custom rules 

Julien HENRY

unread,
Oct 27, 2016, 6:11:48 AM10/27/16
to SonarLint
Hi guys,

SonarLint should be able to report all rules from SonarSource analyzers. So using "Sonar Way" profiles should be fine. The only exception I'm aware of are the common rules about insufficient coverage/duplication (but this rule will soon be removed from Sonar Way).

Note that this is not part of our vision that "what a developer analyzes locally will be identical to what is seen in CI setup". Of course we try to be as close as possible, but we think it is acceptable to miss some rules locally that will later be caught by CI. For example if a rule is too costly to be run "on the fly" or requires to access code from all other projects (like for duplication).

Another example: the Java analyzer will very soon do some cross procedural analysis. This can by nature lead to unlimited computation. So the analyzer will have some hardcoded thresholds (like max depth / max recursion /...). We can perfectly imagine to have higher thresholds in batch analysis (ie CI) than in SonarLint (to not burn developer CPU). As a result we could have some issues not detected in SonarLint but only later by the CI analysis.

Does it make sense?

++

Julien

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/431bf644-eaf3-4387-bcd0-1c46f260213d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

nicholas.rundle

unread,
Oct 27, 2016, 9:00:25 AM10/27/16
to SonarLint
Thanks for the detailed and quick response Julien.

I think that makes sense.  We are just now switching to SonarLint from using the SonarQube community plugin.  We have had a number of problems in the past of simple rules being missed locally so as we transition to SonarLint we just want to be sure that we start off with all of the stuff that SonarLint can do today configured on our quality profile.  We may add some additional things to the profile, but wanted to get the base set going first.

So if I understand correctly, I should be able to just use the Sonar Way quality profile which will contain all of the rules that SonarLint and only a couple of extras that you already mentioned.

-Nick


On Thursday, October 27, 2016 at 5:11:48 AM UTC-5, Julien HENRY wrote:
Hi guys,

SonarLint should be able to report all rules from SonarSource analyzers. So using "Sonar Way" profiles should be fine. The only exception I'm aware of are the common rules about insufficient coverage/duplication (but this rule will soon be removed from Sonar Way).

Note that this is not part of our vision that "what a developer analyzes locally will be identical to what is seen in CI setup". Of course we try to be as close as possible, but we think it is acceptable to miss some rules locally that will later be caught by CI. For example if a rule is too costly to be run "on the fly" or requires to access code from all other projects (like for duplication).

Another example: the Java analyzer will very soon do some cross procedural analysis. This can by nature lead to unlimited computation. So the analyzer will have some hardcoded thresholds (like max depth / max recursion /...). We can perfectly imagine to have higher thresholds in batch analysis (ie CI) than in SonarLint (to not burn developer CPU). As a result we could have some issues not detected in SonarLint but only later by the CI analysis.

Does it make sense?

++

Julien
2016-10-27 11:58 GMT+02:00 matadamson via SonarLint <sona...@googlegroups.com>:
Good question I'm not aware of one however this might be useful e.g. you want to build on the core set and then extend to allow developers to add custom rules 

On Wednesday, 26 October 2016 17:23:20 UTC+1, nicholas.rundle wrote:
Hi, can anyone point me to a SonarQube quality profile which has all of the SonarLint supported rules and only the SonarLint supported rules enabled?

I want to ensure that what a developer analyzes locally will be identical to what is seen in our CI setup.

Thanks,
Nick

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.

Julien HENRY

unread,
Oct 27, 2016, 9:13:10 AM10/27/16
to nicholas.rundle, SonarLint
To be precise "Sonar Way" is the rule set that SonarLint will use out of the box. But as soon as you use the connected mode, SonarLint will use the same quality profile as the bound project on the SonarQube server, as long as rules in the quality profiles are coming from an official SonarSource analyzer (for example squid:xxxx rules for the Java plugin).

++

Julien

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/076088cd-754c-40cd-badd-a38fac52ca99%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages