Connected Mode

You can connect the SonarLint extension of your IDE to SonarQube 8.9+ or SonarCloud to take advantage of having consistent issues reported on both sides. Setting up Connected Mode will permit the transmission of information SonarLint needs, such as URLs and user credentials, to communicate with SonarQube or SonarCloud. Binding your local workspace folder to your SonarQube/SonarCloud project(s), you can benefit from the same rules and settings that are used to inspect the project on the server.

While in Connected Mode, SonarLint receives notifications from SonarQube/SonarCloud about your Quality Gate changes and new issues. Notifications can be enabled or disabled from the UI while creating or editing the connection settings. 

Features when Connected Mode is used:

• Use the same quality profile locally as is defined on the server.  For example, applying the same rules activation, parameters, severity, etc.
•  Apply settings, such as rule exclusions and analyzer parameters, defined on the server to the local analysis. 
• Automatically suppress issues that are marked as Won’t Fix or False Positive on the server to the issues reported locally.

Prerequisites and supported languages

Having a SonarQube 8.9+ project or a SonarCloud project is required to run SonarLint for VS Code in Connected Mode. In addition to the published languages on the Rules page, you can unlock Apex rules, COBOL rules, and PL/SQL rules when using Connected Mode.

Branch awareness

It is important that SonarLint knows on which branch the user is at that moment in order to sync the active file with the server when using Connected Mode. Therefore, SonarLint will automatically detect when the local git branch changes; and while running in Connected Mode, it will recalculate the closest Sonar branch in the background to know which taint issues and suppressions to fetch from the server (for example, issues marked as “safe” or “won’t fix” in SonarQube).

In Connected Mode, SonarLint synchronizes some data from the issues that were found on the server side, most importantly the status and resolution. Branch awareness allows SonarLint to consider the branch currently checked out in the IDE and synchronize with the most appropriate branch from the server.

Sonarlint for VS Code shows the name of the branch used to reference issues synchronized in the IDE's status bar. In the picture below, the checked-out git branch is named "current_branch", and the analyzed branch on the SonarQube server is named "branch_to_analyze".

How SonarLint selects which branch to sync

1. If the branch that is currently checked out locally was analyzed on the server, SonarLint will pick this branch for synchronization. You commonly have a master|main branch analyzed on the server, so if you check out this branch locally, the reference branch will be the same. Important detail: branches with the same names are considered the same branch.
2. If the current branch was not analyzed, SonarLint will try to climb up on the git tree checking if the parent or grandparent branch was analyzed, all the way up to master. This case is illustrated in the picture above: branch_to_analyze was analyzed on the server, and it is the parent branch for current_branch.
3. All other cases will lead to defaulting to the branch marked as "main" on the server, either explicitly (displaying it on UI) or implicitly (without displaying Sonarlint branch UI at all). The latter can happen in case of errors related to local git repository access.

Checking which branches are analyzed on the server

In SonarQube, open on the highlighted drop-down list shown below for a list of analyzed branches and pull requests (see screenshot below for SonarQube):

In SonarCloud, Branches have their own element in the left sidebar. Check the SonarCloud documentation on Branch Analysis and Branch Analysis Setup for the most up-to-date information.

PR analysis synchronization

Currently, this feature does not support synchronization with pull request analysis.

Connection setup

SonarLint for VS Code version 3.8 and above provides a connection wizard to help you set up Connected Mode. To set up a SonarQube or SonarCloud connection, navigate to the SONARLINT > CONNECTED MODE view container in the VS Code Activity Bar.

Select either Add SonarQube Connection or Add SonarCloud Connection, and complete the fields.

For SonarQube connections, provide your SonarQube Server URL and User Token. For SonarCloud connections, provide your Organization Key and User Token. User Tokens should be generated on the SonarQube/SonarCloud side and pasted in the User Token field.

• User Token can be generated using these pages:
  • SonarQube: https://<your-sonarqube-url>/account/security/
  • SonarCloud: https://sonarcloud.io/account/security/
• Connection Name is a friendly name for your connections. In the case of multiple connections, it also acts as a connectionId.
• Notifications can be enabled or disabled at this time, or you can return to the Edit SonarQube / SonarCloud  Connection page at any time.

Select Save Connection and verify that the new connection was set up successfully in the Connected Mode view.

Project Binding

SonarLint keeps server-side data in local storage. If you change something on the server such as the quality profile, SonarLint will automatically attempt to synchronize with configured servers at startup and once every hour and will do its best to synchronize with the most appropriate branch from the server. 

SonarLint keeps server-side data in local storage and uses a binding process to synchronize with configured servers at startup; one example would be the quality profile defined by your Organization in SonarQube. SonarLint will automatically attempt a binding update once every hour and will do its best to synchronize with the most appropriate branch from the server. 

How to bind a project

Once a connection is established, SonarLint for VSCode tries to automatically detect a remote SonarQube or SonarCloud project to bind with the locally opened workspace folder. If the locally opened folder contains a sonar-project.properties or a .sonarcloud.properties file, SonarLint will try to configure the binding with the remote project defined in that configuration file.

If no remote match is found, you will be prompted to configure binding manually as we describe below.

To manually configure a project binding, open the CONNECTED MODE view and select Add Project Binding for the desired connection.

If your open workspace contains multiple folders, you will be prompted to choose a specific folder.

After selecting the folder, choose the remote SonarQube/SonarCloud project you would like to bind.

Select the desired project and enjoy Connected Mode! You can also edit or delete bindings from the CONNECTED MODE view.

Action buttons in the UI used to edit/delete existing or create additional connections will be revealed when hovering over each connection.

Update a binding

Simply mouseover the SonarLint CONNECTED MODE view and select the update icon: ↻

Additionally, you can trigger an update of the local storage using the SonarLint: Update all project bindings to SonarQube/SonarCloud command on the Command Palette.

Known issues

When running in Connected Mode with SonarQube 8.9 and above, and browsing a security hotspot, a button will be available offering to open the hotspot in SonarLint (with SonarLint already running in VSCode). Limitation: this feature relies on local communication between your web browser and SonarLint, and consequently is not available in some remote environments such as GitPod, or GitHub CodeSpaces.

Jupyter notebooks

Connected Mode will be ignored when working with Jupyter Notebooks. You will only have local analysis; this is because analysis of Jupyter Notebooks is not yet supported by SonarQube or SonarCloud.

SonarLint for previous versions

Please see the Legacy Connected Mode article on the Previous versions page to read about activating Connected Mode in earlier releases of SonarLint for VSCode (v3.7 and earlier).

SonarLint-SonarQube version support policy

SonarLint enables users to establish a connection to the latest SonarQube version and to the latest LTS version. When a new LTS version is released (approximately every 18 months), we still enable connecting SonarLint to the previous LTS version for a certain period of time (currently 12 months after the latest LTS release) to allow enough time for organizations to upgrade their SonarQube version.

For more information about long-term support of SonarQube, check out our page describing "what is an LTS". And, to review IDE-specific requirements, please check the respective pages of the documentation as listed in the next paragraph.

Notifications

Connected Mode allows SonarQube to send smart alerts to individuals or teams as soon as something appears on the server that something failed, when new issues are discovered or when the Sonar Quality Profile is updated, for example. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery. The notification will include a link to call back to SonarQube or SonarCloud where you can learn more about the issues that were introduced. 

You'll receive smart notifications in your IDE when:

• the quality gate status of a project open in your IDE changes (see the SonarQube or SonarCloud documentation for details about using quality gates in your project)
• a SonarQube or SonarCloud analysis raises new issues that you've introduced in a project open in your IDE

You can activate or deactivate smart notifications in SonarLint on the IDE side on a server-by-server basis.

Sonar Smart Notifications are available in all editions of SonarQube and SonarCloud.

More on how to manage Smart Notifications in SonarLint for VS Code will be coming soon...