Rules and languages

The Sonar Rules catalog is the entry point where you can discover all the existing Sonar rules. While running an analysis, SonarQube for IDE raises an issue every time a piece of code breaks a coding rule. Software quality classification and severity show the impact of the issue on your code.

See the Software qualities page for more information about understanding how rules are classified.

Overview

SonarQube for the JetBrains family IDEs currently supports the following programming languages:

Supported out of the box: SonarQube for IDE automatically checks your code in these languages and formats. Connected Mode required: Running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build unlocks analysis for these languages and formats.

In addition, SonarQube for IntelliJ supports the IaC domains for:

The full list of available rules can be found in the IntelliJ settings menu. See the article below about Using Sonar rules for details. Open the Supported language versions expandable to learn how to see which versions are supported for a given language.

There are commercial-level rules available in SonarQube Cloud (all plans) and SonarQube Server. For these rules to appear in SonarQube for IDE, it must be in connected mode. See Commercial-level rules for more information.

For more details about languages and new features under consideration for the JetBrains family IDEs, you can refer to the SonarQube for IDE roadmap where we list all of our coming soon and newly released features.

Sonar Rule Descriptions

Simply select an issue in the SonarQube for IDE view or choose SonarQube for IDE: Show rule description from the tooltip to open the Rule tab. Here, you will find a brief explanation of the rule as well as Noncompliant and Compliant code samples.

SonarQube for IntelliJ supports syntax highlighting. In addition, users are able to visualize a diff view for the non & compliant code samples which should help you fix your issue. Note that diff highlighting is only available for rules descriptions migrated to the new format, and we’re progressively migrating all existing rules to the new format.

An issue’s coding attribute, software qualities, and severity are found when opening the SonarQube Rule tab. Below the rule title, you will find the coding attributes that highlight an issue’s classification. Check the SonarQube glossary for details about coding attributes, and the Software qualities page to better understand how they help classify your issue.

When in Connected Mode

If you’re running SonarQube for IntelliJ while in connected mode with SonarQube Server or SonarQube Community Build, your view will change according to the server settings. Standard Experience mode encompasses the use of rule types such as bugs, code smells, and vulnerabilities.

Also, if SonarQube Server is set to Multi-Quality Rule mode, you will more accurately represent the impact an issue has on all software qualities. Please see the pages about the MQR mode and Standard Experience for detailed information about the available rule modes for your instance:

• Choosing a mode for your instance in SonarQube Server

• Choosing a mode for your instance in SonarQube Community Build

Be sure to check out the Investigating issues page for more details about how issues appear in your IDE.

Language-specific requirements

See the Language-specific requirements article on the Requirements page.

Rules for AI CodeFix

A select set of rules are eligible for AI CodeFix when running in connected mode. Please see the Rules covered with AI CodeFix article for a full list.

Other rule types

Commercial-level rules

There are commercial-level rules available in SonarQube Cloud (all plans) and SonarQube Server (as listed). This availability is indicated on the Sonar rules page.

In order for these rules to appear in SonarQube for IDE, you must be running in Connected mode. In the standalone mode these rules are not visible.

Commercial-level rules are not available in SonarQube for Community Build.

Using Sonar rules

When not running in connected mode (also known as standalone mode), all Sonar rules for your language can be configured in the IDE. In addition, some Sonar rules have parameters that you can modify. Here are a few reasons you might want to edit a rule locally:

• Disable a rule that is enabled by default. Maybe the rule doesn't apply to your specific project. See Rule selection for more information.

• Enable a rule that is disabled by default. By reviewing which rules are disabled, you might notice that some rules could be useful in the context of your project. See Rule selection for more information.

• To improve a rule. In some cases rules have parameters. For example, regarding cognitive complexity, you can customize the threshold at which the rule will raise issues. See Edit rules for more information.

Rule selection

The full list of available rules is found by navigating to the IntelliJ Settings… > Tools > SonarQube for IDE > Rules tab. There, Sonar Rules can individually be toggled on or off while running SonarQube for IDE in standalone mode; simply select or deselect the appropriate checkbox. See the screenshot below in Edit rules to understand what it looks like in the settings window.

When your project is bound to SonarQube Server or SonarQube Cloud using Connected mode, the rule set is managed on the server side as defined by the quality profile. See Rules while in Connected Mode, for details.

Edit rules

To edit a rule in SonarQube for IntelliJ, navigate to IntelliJ > Settings > SonarQube for IDE > Rules and select the rule you want to edit. Select or deselect any rule in the list to enable or disable it. If a rule has options, you’ll see them at the bottom of the rule description.

1. Navigate to the Rules tab.

2. Set your visibility filter, if desired, and select the rule you want to modify.

3. Look for Options at the bottom of the rule description. In this example, giraffes are added to the list of at-rules to ignore in rule css:S4662.

Unsupported rules

Some rules are simply too advanced to run locally, in SonarQube for IDE. Because some rules report issues at the project level, apply to the architecture of your code base, or require extensive resources to analyze, they are not included when SonarQube for IDE runs an analysis. Unsupported rule types include architecture, injection vulnerabilities, and some advanced bug detection rules.

However, these advanced issues will be reported in the IDE when you are running in connected mode with SonarQube (Server, Cloud) or SonarQube Community Build. See these links for more information:

• Sonar Architecture (Beta) in SonarQube Cloud

• Injection vulnerabilities in SonarQube for VS Code

• Commercial-level rules and DBD rules

Rules while in Connected Mode

Connected Mode syncs your SonarQube Server or SonarQube Cloud Quality Profile with the local analysis to suppress issues reported in the IDE. Therefore, when running in Connected Mode, SonarQube for IntelliJ will ignore rule settings that are defined locally. See the Connected mode page for more information about running connected mode and the Benefits it brings when working in teams.

Edit rules in connected mode

If you’re running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, you can share customized active rules with your team because you’ll all be using the same quality profile to share rule sets. Please see the relevant instructions for the server you are connecting to:

• Understanding quality profiles in SonarQube Cloud

• Understanding quality profiles in SonarQube Server

• Understanding quality profiles in SonarQube Community Build