Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
686 views
in Technique[技术] by (71.8m points)

eclipse - Analyse complete project at once with SonarLint - Analysis file by file yields incomplete results

I'm evaluating SonarQube 5.4 with SonarLint eclipse plugin.

SonarQube as well as the plugin are set up and are running. But now I'm pretty confused how SonarLint is supposed to run in 'connected mode':

  • SonarLint is connected with SonarQube and is bound to the corresponding project. But some issues are only shown in SonarQube. It was my understanding SonarLint should be able to identify issues like Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object. But it does not. SonarQube does.
  • When analysing a single file with SonarLint, there are a lot of debug messages in the SonarLint Console like Class not found in resource cache : org/company/project/CommonSuperClass. But even worse: Class not found in resource cache : java/lang/Class. Is it supposed to do that?
  • We are specifically interested in highlighting the issues introduced by developer. SonarQube is connected our repo and does a nice job in blaming the committer. But it seems there is no way of showing my own issues in sonarlint.
  • I'd like to run the SonarLint analysis at a time of my choice, so I decided to deactivated "Run SonarLint automatically". But it seems I can only analyze files manually, not packages or projects. Am I missing something again? I do not want to click on every one of my ~2000 files and analyze it by hand.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

SonarLint and SonarQube are 2 different products:

  • You want very fast feedback on the code you are working on to make sure you don't inject issues => SonarLint analyses the files as you open them to write or review code
  • You want a 360° vision of the quality of your code => SonarQube analyses all the files of your project

The "connected mode" is the bridge between the 2 worlds, and its development is still underway. For instance, we plan to make it possible to see inside SonarLint all the issues found on the project by SonarQube (see and vote for SLE-54).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...