Connected mode

SonarQube for IDE is a free IDE extension that integrates with SonarQube Community Build. Like a spell checker, SonarQube for IDE highlights issues as you type.

Connected mode binds your SonarQube Community Build project to a project open in SonarQube for IDE so that you can catch issues immediately, even before you commit them.

SonarQube for IDE is a free IDE extension that integrates with SonarQube Community Build using connected mode. Like a spell checker, SonarQube for IDE highlights issues as you type. When an issue is identified, SonarQube for IDE provides you with clear remediation guidance so you can fix it before the code is even committed. In many cases, it also provides a quick fix that can automatically fix the issue for you.

Supported IDEs

SonarQube for VS Code will automatically identify and fix quality and security issues as you code with enhanced linting capabilities directly in your VS Code IDE.

  • Combining SonarQube for IDE-supported rules with those Supported language versions allows you to analyze more languages and detect more issues.

  • Highlight advanced issues (in the IDE) like some Security-related rules detected by SonarQube Community Build.

  • Use the same Quality profiles locally as is defined on SonarQube Community Build.

  • Apply settings, such as rule selection and file exclusion defined on SonarQube Community Build, to your local analysis.

  • Define specific Analysis parameters on SonarQube Community Build, and have those parameters applied locally.

  • Automatically suppress issues that are marked as Accepted or False Positive on SonarQube Server so that locally reported issues match those found on the server.

  • Use the SonarQube for IDE focus on new code features to concentrate detection of issues only in new code. SeeQuality standards and new code for more information.

  • Changes in your SonarQube Community Build Quality gates will arrive in your IDE when you accept Smart notifications.

Using the Open in IDE feature

If you’re using SonarQube for IDE (Investigating issues, Investigating issues, Investigating issues, or Investigating issues), it’s possible to use the Open in IDE button to open most issues in the code editor, speeding up the time it takes to find and fix the issue. Simply select the Open in IDE button from SonarQube Community Build to view it in your IDE; you’ll be prompted to set up Connected Mode if the project is not already bound.

Opening Security hotspots using the Open in IDE feature is available for all of the supported IDEs. See Opening issues in your IDE for more details.

Reviewing issues in your IDE

Seeing an issue directly in the IDE can help you better understand its context. This is the purpose of the Open in IDE button that you’ll see as an authenticated user.

This feature is available if you’re using a compatible version and flavor of SonarQube for IDE. The project must be open in the appropriate IDE and bound to the server through connected mode. To learn more about managing issues locally, please check the SonarQube for IDE documentation for your IDE:

Simply open a file of a supported language and start coding, and you will start seeing issues highlighted in your code. For example, here is SonarQube for VSCode:

Keep in mind that the revision or branch analyzed by SonarQube Community Build may not be the same as what you have opened in the IDE. In this case, SonarQube for IDE will do its best to locate the issue in your local code.

Understanding SonarQube for IDE usage

SonarQube Community Build Instance Admins can get an overview of users’ usage of SonarQube for IDE by going to Administration > Security > Users.

The Last SonarQube for IDE connection column indicates the last time the user used SonarQube for IDE in connected mode.

You can filter users based on their activity. The available options are:

  • All users

  • Active users with SonarQube for IDE: users of SonarQube for IDE in connected mode who were active at least once in the past 30 days.

  • Active users without SonarQube for IDE: users who have connected to SonarQube Community Build at least once in the past 30 days.

  • Inactive users: users who have not connected to SonarQube Community Build or used SonarQube for IDE in connected mode in the past 30 days.

Smart notifications

Connected mode allows SonarQube Community Build to send smart alerts to individuals or teams when new issues are discovered. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery. You’ll receive smart notifications in your IDE when:

  • the Understanding quality gates status of a project open in your IDE changes

  • a SonarQube Community Build analysis raises new issues that you’ve introduced in a project open in your IDE

Each developer must individually activate or deactivate SonarQube for IDE smart notifications directly in SonarQube for IDE on the IDE side. When setting up connected mode for the first time, there’s a box to check to decide whether or not you want to receive Smart Notifications from SonarQube Community Build in your IDE.

For all the details about managing notifications, check the SonarQube for IDE documentation that matches your IDE:

Troubleshooting unexpected analysis results

Unexpected analysis results

Observing different analysis results between SonarQube (Server, Cloud) and SonarQube for IDE can have different causes.

Some issues might be detected by a third-party

Due to extensive resource requirements, injection vulnerability and some advanced bug detection rules are ignored by SonarQube for IDE. Please check the analyzer (PMD, Checkstyle, ESLint, PyLint, …). SonarQube for IDE will only run rules from SonarSource analyzers including custom rules extending SonarSource analyzers. Third-party analyzers usually have their own IDE integration, so we have no plan to run them in SonarQube for IDE.

Your test files might be mistaken as source files

Test files can be defined on the server or in the IDE and when running in connected mode, these test sources will be used by SonarQube for IDE. Each SonarQube for IDE flavor has its own way of detecting which file is considered a test file; in SonarQube for IntelliJ, you must define your test files as a Test Sources Root. To define test files on the server, please see the Introduction page to set the scope of your analysis.

Only line-level issues are reported

Such issues are not displayed in SonarQube for IDE, only in SonarQube Community Build.

Some complex rules are not run in SonarQube for IDE

Due to extensive resource requirements, injection vulnerabilities and some advanced bug detection rules are ignored by SonarQube for IDE. Please check the SonarQube for IDE roadmap for a list of features and enhancements on the horizon.

When analyzing Java files, the analyzer might need some context for some issues to be found

In IntelliJ, there is no incremental compilation of the .class files found in the compiler output folder; these are only produced or refreshed when the project is built. The workaround is to simply build your project with the green hammer (when using SonarQube for IntelliJ) in the top-right toolbar. The project should be built on a regular basis to keep the compiled files up-to-date and overcome this known limitation.

Last updated

Was this helpful?