1

We are using sonarqube version 6.7. I would like to execute all sonar bugs and vulnerability java rules with blocker and critical severity locally on my Intellij Idea. I want to run these rules on multiple IDEA projects that are configured in my IDE.

I have installed the SonarLint plugin (version 3.2) and configured it to bind to the sonar server. On running the analysis from the "Project Files" tab I get errors for all iml files as

"File 'feature.iml' can't be analyzed. Skipping: F:/modules/feature.iml"

.

My goal is to identify all sonar rules that are failing on my projects so that I can activate them on the sonar server for periodic runs as part of CI. To get started I thought of starting with blocker and critical vulnerabilities.

Could someone guide me on this?

Andy Dufresne
  • 6,022
  • 7
  • 63
  • 113

1 Answers1

0

You should activate all rules with the desired severity in the quality profile assigned to your project in SonarQube. Then you can bind your project in IntelliJ to the project in SonarQube. SonarLint will use the same quality profile.

About the iml files, it's not an error. SonarLint will exclude certain files from analysis that doesn't make sense to be analyzed, such as binary files.

Duarte Meneses
  • 2,868
  • 19
  • 22
  • There are already some rules and profiles activated on the server. To see what other rules make sense for my projects I wanted to run the rules first locally and then activate on the server if appropriate. How can I do this? If the iml files are just skipped, there is no other analysis shown in the "Log" tab apart from these error logs. How do I know that sonarlint analysis is executed and where do I see the violations? – Andy Dufresne Feb 27 '18 at 11:33
  • 1
    Currently you can't costumize the rules directly in SonarLint. You can only do it by activating them in the server. When you run an analysis of all project files, the issues should appear in the same view - in the "Project files" tab of the SonarLint tool view. – Duarte Meneses Feb 27 '18 at 12:20
  • Any other approaches of running the rules locally if not through the ide? Can we export the rules (somehow?) and run them locally etc? Btw, when I run the analysis on all project files does it run on the rules that are activated by the default quality profile? – Andy Dufresne Feb 28 '18 at 04:29
  • 1
    When you say "running the rules locally", do you mean without publishing the result to SonarQube? If so, there is no non-deprecated way of doing that. Running the analysis on all project files has the same behaviour as any other analysis: it will run the default set of rules in the standalone mode. If it's connected to a project in a SonarQube project, it will use the quality profile that is assigned to that project in SonarQube. For further discussion, you can open a topic in the Sonarlint google group. – Duarte Meneses Mar 14 '18 at 08:43
  • Yes, I meant getting all the rules from the sonarQube server, running them locally in the IDE and not publishing the results back on the server. The goal as I mentioned is to determine which rules make sense to be enabled on the server without affecting the current quality profiles and the CI builds. – Andy Dufresne Mar 15 '18 at 05:22