Sonar Lint for the Impatient

Tags:
2018 05 01 head

Remove issues before they reach customer sites. No quality problems shall reach your Git master branch.

SonarQube is a central server that processes full analyses (triggered by the various SonarQube Scanners).

Its purpose is to give a 360° vision about the quality of your code base. For this, it analyzes all the source lines of your product on a regular basis.

It should be added that SonarQube also performs scans with well-known third party analyzers (SpotBugs - previously FindBugs -, Checkstyle, PMD) whereas SonarLint does not include those.

I think the reason is a prioritization on performance and findBugs relying on java byte-code.

What is SonarLint?

SonarLint lives only in your IDE (IntelliJ, Eclipse, or Visual Studio). Its purpose is to give instantaneous feedback as you type your code. For this, it concentrates on what code you are adding or updating.

Findings are displayed in the source code with information such as rule violation, rating of the rule, and explanation. You have a window where all findings are displayed to provide an overview and navigation support. You are free to analyze a single file, a package, or the whole product; you can also exclude files or packages from the analysis.

Connect SonarLint to your preferred code quality application. It then uses the same code analyzers, rules, and settings locally that are used on the server.

Issues marked as Will not Fix or False Positive in SonarQube or SonarCloud disappear from your IDE.

Both SonarLint and SonarQube rely on the same static source code analyzers – most of them being written using SonarSource technology.

How to use It?

  1. the SonarLint in your favorite IDE

    1. configure the SonarCube instance to synchronize the rule set used in your product.

  2. Configure the plugin to access your SonarCube instance.

  3. Run it.

    1. See the messages in the next few seconds.

    2. Jump to the source and correct the problem.

    3. Iterate until all issues are solved.

  4. Run your unit tests and acceptance tests – TDD and ATDD -.

  5. Commit your changes.

This approach guarantees you always release source code with fewer SonarCube issues. SonarCube always shows no findings for new code and for refactored code.

And you have made a step on the journey to become a professional software developer and achieve craftsmanship.