search
Install Free

Troubleshooting

What to do when you have problems running an analysis in SonarQube for Visual Studio.

Knowing where to begin looking for information is the first step to reaching out for help. Many answers to commonly found problems can be found on the SonarQube for IDE channel of the Sonar Community Forumarrow-up-right. See below for the basic steps to access the SonarQube for IDE logs when the analysis results are not what you expected.

Before posting to the Community, make sure that you have your logs ready by following the instructions below.

hashtag
How to get the SonarQube for Visual Studio logs

  • Select Show Logs from the SonarQube help menu: Extensions > SonarQube > Help > Show Logs

To dig deeper, enable the Verbose output in the SonarQube Options, then repeat the action that caused the problem:

  • Navigate to Extensions > SonarQube > Options… > General and set your Logging level to Verbose.

hashtag
Troubleshooting connected mode setup

hashtag
No matching project found

No matching project is found because:

  • It’s best if you already have the project open in your IDE, otherwise SonarQube for Visual Studio might not be able to find a matching file.

  • The current bound project or solution does not match the SonarQube Server or SonarQube Cloud project or solution. Please check your binding configuration.

If these solutions don’t help, follow the instructions about Project binding to manually configure your project binding.

hashtag
No matching issue found

SonarQube for Visual Studio can’t find your issue because:

  • You might not be on the same branch.

  • The issue was fixed, or the source code may be different from the analyzed version.

hashtag
Updating your credentials

Unfortunately, you cannot update your SonarQube Server or SonarQube Cloud credentials in SonarQube for Visual Studio. Please see the Updating your credentials article on the Connection setup page.

hashtag
SSL/TLS errors

If you’re having trouble connecting to the server due to SSL/TLS errors, it might be because SonarQube for Visual Studio can’t verify the server certificate chain due to the fact that it can’t check the Certificate Revocation List. To troubleshoot and find out why, begin with making sure you’re using the latest version of SonarQube for Visual Studio, then check your logs:

  1. Enable verbose logs. See How to get the SonarQube for Visual Studio logs above for details.

  2. Make sure that your analyzers have had a chance to load and run (run Ctrl+S to be certain) and search for [CertificateChainValidator] in the logs. Next, you’ll work to fix the issue that prevents the chain validation.

  3. Manually add the certificate to the SonarLint trust store:

  4. The documentation described in the Server SSL certificates article will explain how to do this.

SonarQube for Visual Studio expects the truststore.p12 to exist under ~/.sonarlint/ssl, where ~sonarlint refers to the C:\Users\username\~sonarlint folder; if the folder doesn’t exist, it can be added manually.

If all else fails, ask for help on The Sonar Community.

hashtag
Troubleshooting unexpected analysis results

Sometimes, issues found on the server differ from those found locally by SonarQube for IDE. Usually, the server-side rule configuration (your quality profile) is to blame; however, it could be something more than that. Maybe your local build configuration and system dependencies don’t align with your DevOps pipeline, or it could simply be that the issue, due to its complexity, is only detectable by SonarQube Server or SonarQube Cloud.

The collapsible below lists some of the most commonly encountered reasons, along with some details that will help you troubleshoot discrepancies.

chevron-rightWhy your local analysis might be different than found on the serverhashtag

hashtag
Some issues might be detected by third-party analyzers

SonarQube for IDE will only run rules from Sonar analyzersarrow-up-right including custom rules extending Sonar analyzersarrow-up-right. Third-party analyzers usually have their own IDE integration, and there is no plan to run them inside of SonarQube for IDE.

hashtag
Your test files might be mistaken as source files

Test files can be defined in SonarQube (Server, Cloud) or SonarQube Community Build at either the project or global levels. In addition, test files can be defined in the IDE however, each IDE handles test files a bit differently:

  • For example, SonarQube for Visual Studio does not distinguish between project and test code, and SonarQube for IntelliJ relies on the IDE to detect if a file is a test file. In the case where the IntelliJ IDE detects the test file for SonarQube for IntelliJ:

    • The file is under a test sources root. Those roots can be manually created by users or automatically populated by the IDE by relying on the build system such as Maven or Gradle, for example.

    • The file is flagged as a test file by any plugin that you have installed. The IDE bundles some internal plugins like the "JavaScript and TypeScript" plugin; these internal plugins can infer if a file should be considered as a test file. Third-party plugins can also infer test files, and SonarQube for IDE will recognize these as such.

Please review your IDE's page about File exclusions and check these pages to define your analysis scope on the server:

hashtag
Some rules are too complex to run locally

Some rules can report issues at the project level or require extensive resources to analyze, such as injection vulnerabilities and some advanced bug detection rules; such issues are not displayed in SonarQube for IDE, only in SonarQube (Server, Cloud). See the article on Unsupported rules for more detail.

Please check the SonarQube for IDE roadmaparrow-up-right for a list of features on the horizon.

hashtag
File or language types are not supported

Check your IDE’s Rules and languages page for a list of supported languages and file types.

hashtag
The analyzer version may be different

Improvements are constantly being made to the Sonar analyzers during the CI/CD development cycle. Depending on the product version you are running, you may have a different analyzer therefore, the results might be different.

  • SonarQube Cloud is always running the latest analyzers.

  • SonarQube Server and SonarQube Community Build run the latest available analyzer at the time of its release.

  • SonarQube for IDE runs the latest available analyzer at the time of its release.

  • Sometimes SonarQube for IDE downloads and uses the same SonarQube Server or SonarQube Cloud analyzer when running in connected mode.

hashtag
Your project configuration may be different

Discrepancies in C and C++ analysis may result from different project builds and system dependencies. For example, you might have one set up in your local build configuration and another set up for your CI build configuration (or the configuration created by Autoscan).

hashtag
Language-specific examples

chevron-rightC or C++ Analysishashtag

Troubleshooting C or C++ Analysis

If you’re using SonarQube for Visual Studio version 8.20 or older, troubleshooting CFamily analysis works a bit differently. Please see information inside theRules and languages exapandable for more information.

You can create a reproducer file for C and C++ analysis that contains diagnostic information to help the developers at Sonar investigate problems that occur in your analyses. Beginning in SonarQube for Visual Studio 8.10, the reproducer file may contain sensitive data about your machine’s environment variables. *Please take this into account when sharing your files.

If you encounter a problem with C or C++ analysis, please contact us in the Sonar Community forumarrow-up-right and include the reproducer file. Follow the instructions below for complete instructions on how to do this.In case the analysis is not working or obvious false positives are raised, here are the recommended actions in order:

1. Investigate the logs:

  • If there is no obvious sign in the logs, enable the Verbose output and check again.

2. Enable Rule `S2260`:

  • In case of obvious false positives in the raised issues, enable the cpp:S2260arrow-up-right or c:S2260arrow-up-right rule and check if it raises issues in the culprit file. This rule indicates that the analyzer failed to parse part of the code and might give hints or indicate a configuration problem.

  • Note that if you are using connected mode, you must enable it in your quality profile on SonarQube Server or Cloud to activate the rule locally. If not using connected mode, see Rules and languages for instructions.

  • If it raises issues, follow the rule description to fix your code; if not, move to the step in troubleshooting.

3. Generate a CFamily reproducer file and report the issue:

  • When none of the previous suggestions work, please report the problem you encountered in the Sonar Community forumarrow-up-right.

  • In case of a false positive or an analysis failure, we need the CFamily reproducer file to investigate the issue. To generate the reproducer file, add the following analyzer option to the settings.json:

    • Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties, select Add and add sonar.cfamily.reproducer as the property name and <YOUR_FILE_PATH>.cpp as the value.

  • The sonar.cfamily.reproducer should point to the source or header file on which you face the issue. After setting that option, trigger the analysis on the culprit file. You should see in the logs that a file name sonar-cfamily.reproducer is generated in a temporary directory.

    • Because your reproducer file may contain sensitive information, ask us how to share it privately when you post on the Community.

4. Finally, after you’re finished generating your reproducer file, delete the sonar.cfamily.reproducer property:

  • Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties and select Delete.

PreviousHelpNextPrevious versions

Last updated

Was this helpful?