Troubleshooting

Some issues might be detected by third-party analyzers

SonarQube for IDE will only run rules from SonarSource analyzers including custom rules extending SonarSource analyzers. Third-party analyzers usually have their own IDE integration, and there is no plan to run them inside of SonarQube for IDE.

Your test files might be mistaken as source files

Test files can be defined in SonarQube Server, on SonarQube Cloud, or in the IDE, and each IDE handles test files a bit differently. For example, SonarQube for Visual Studio does not distinguish between project and test code, and SonarQube for IntelliJ relies on the IDE to detect if a file is a test file.  

In the case where the IntelliJ IDE detects the test file for SonarQube for IntelliJ:

• The file is under a test sources root. Those roots can be manually created by users or automatically populated by the IDE by relying on the build system such as Maven or Gradle, for example.
• The file is flagged as a test file by any plugin that you have installed. The IDE bundles some internal plugins like the “JavaScript and TypeScript” plugin; these internal plugins can infer if a file should be considered as a test file. Third-party plugins can also infer test files, and SonarQube for IDE will recognize these as such.

Some rules are too complex to run locally

Some rules can report issues at the project level or require extensive resources to analyze, such as injection vulnerabilities and some advanced bug detection rules; such issues are not displayed in SonarQube for IDE, only in SonarQube Server and SonarQube Cloud. Please check the SonarQube for IDE roadmap for a list of features and enhancements on the horizon.

File or language types are not supported

Check your IDE’s Rules and languages page for a list of supported languages and file types.

The analyzer version may be different

Improvements are constantly being made to the Sonar analyzers during the CI/CD development cycle. Depending on the product version you are running, you may have a different analyzer therefore, the results might be different.

• SonarQube Cloud is always running the latest analyzers.
• SonarQube Server and SonarQube Community Build runs the latest available analyzer at the time of its release.
• SonarQube for IDE runs the latest available analyzer at the time of its release.
• Sometimes SonarQube for IDE downloads and uses the same SonarQube Server or SonarQube Cloud analyzer when running in connected mode.

Your project configuration may be different

Discrepancies in C and C++ analysis may result from different project builds and system dependencies. For example, you might have one set up in your local build configuration and another set up for your CI build configuration (or the configuration created by Autoscan).

Troubleshooting C or C++ Analysis

If you’re using SonarQube for Visual Studio version 8.20 or older, troubleshooting CFamily analysis works a bit differently. Please see these instructions for more information.

You can create a reproducer file for C and C++ analysis that contains diagnostic information to help the developers at SonarSource investigate problems that occur in your analyses. Beginning in SonarQube for Visual Studio 8.10, the reproducer file may contain sensitive data about your machine's environment variables. *Please take this into account when sharing your files.

If you encounter a problem with C or C++ analysis, please contact us in the Sonar Community forum and include the reproducer file. Follow the instructions below for complete instructions on how to do this.In case the analysis is not working or obvious false positives are raised, here are the recommended actions in order:

1. Investigate the logs:

• If there is no obvious sign in the logs, enable the Verbose output and check again. 

2. Enable Rule `S2260`:

• In case of obvious false positives in the raised issues, enable the cpp:S2260 or c:S2260 rule and check if it raises issues in the culprit file. This rule indicates that the analyzer failed to parse part of the code and might give hints or indicate a configuration problem.
• Note that if you are using connected mode, you must enable it in your quality profile on SonarQube Server or Cloud to activate the rule locally. If not using connected mode, see the Enable or disable rule for local analysis instructions. 
• If it raises issues, follow the rule description to fix your code; if not, move to the step in troubleshooting.

3. Generate a CFamily reproducer file and report the issue:

• When none of the previous suggestions work, please report the problem you encountered in the Sonar Community forum. 
• In case of a false positive or an analysis failure, we need the CFamily reproducer file to investigate the issue. To generate the reproducer file, add the following analyzer option to the settings.json:
  • Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties, select Add and add sonar.cfamily.reproducer as the property name and  <YOUR_FILE_PATH>.cpp as the value.
• The sonar.cfamily.reproducer should point to the source or header file on which you face the issue. After setting that option, trigger the analysis on the culprit file. You should see in the logs that a file name sonar-cfamily.reproducer is generated in a temporary directory. 
  • Because your reproducer file may contain sensitive information, ask us how to share it privately when you post on the Community.

4. Finally, after you’re finished generating your reproducer file, delete the sonar.cfamily.reproducer property:

• Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties and select Delete.