I'm looking at implementing sonarlint command line as the primary developer analysis tool, but there is a problem with differences between the results that sonarlint gives and those from sonar. We're using sonar 5.4 currently, and I'm evaluating sonarlint 2.0 for a Maven java 7 project (I'm using java 1.8 to run sonarlint though). I'm running sonarlint with a connection to the sonar server, which is working and I see output in the debug logging that tells me that it is using the same quality profile as the project uses on the server. We run sonar analysis through a Jenkins job that uses the Jenkins plugin. I have seen a number of posts that suggest that this could be due to the use of non-SSRI rules on the server, but I do not believe this to be the only factor involved.
When running sonar the rules seem to treat test code differently to that for core source. Almost all the test case classes use the standard approach to defining a test method;
public void testMethod Throws Exception {}
On the server this does not result in the message
'Generic Exceptions should never be thrown' yet sonarlint reports this issue for these methods.
Similarly, on the sonar server we see issues reported for '
Tests should include assertions' and '
Assertions should be complete' but sonarlint does not report these. As far as I can tell these are both standard sonarqube rules (but I may be wrong, I can't see a great deal of information that tells me the difference between non-standard rules and standard ones). perhaps the unit test rules are not standard, which may explain the lack of issues reported for them, but the fact that sonarlint is reporting issues for the 'Never throw generic exceptions' error means that it is doing something differently as well.
I have tried narrowing the scope of what sonarlint considers to be source - I started by pointing at the Maven **/src/ folders, picking up both main and test. Setting the value of --src to **/src/main reduces the number of issues reported, as would be expected because the test code is not being scanned, but adding --tests **/src/test does not report anything about the testing code.
Some of my differences in overall reporting of errors is likely to be due to the issue of missing dependency binaries; I have attempted to resolve this by pointing sonarlint at my .m2/repository folder, which works, but extends the time it takes to run the scan from < 1 minute to > 20 minutes (probably to be expected, it's a big repository), and does not impact the reporting of the issues discussed above, so I'm looking to understand the behaviour of sonarlint with respect to main vs test and these gross differences before examining the detail that is affected by the missing dependency binaries.
Can anyone offer any insight into how I can run a sonarlint such that it treats my project source in the same way as the server does? That is it allows test code to throw Exception and reports unit test issues such as missing assertions?
Thanks
Damon