# Connected mode Connecting SonarQube for IDE to [SonarQube Server](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/LWhbesChsC4Yd1BbhHhS/), [SonarQube Cloud](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/B4UT2GNiZKjtxFtcFAL7/), or [SonarQube Community Build](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/bqrfLGeD0Y9vE5l9Le42/) is the first step in setting up the Sonar Solution, to take advantage of having consistent issues reported on both sides. Setting up connected mode will permit the transmission of information SonarQube for IDE needs, such as URLs and user credentials or file exclusions and marked issues, to communicate with SonarQube (Server, Cloud) or SonarQube Community Build. When binding your local workspace folder to your SonarQube (Server, Cloud) or SonarQube Community Build project(s), SonarQube for IDE will try to match, as much as possible, the same rules and settings as found on the server. While in connected mode, SonarQube for IDE receives notifications from SonarQube (Server, Cloud) or SonarQube Community Build about your quality gate changes and new issues. Smart notifications can be enabled or disabled from the UI while creating or editing the connection settings. Setting up connected mode is easy and you can easily share the [setup](https://docs.sonarsource.com/sonarqube-for-visual-studio/connect-your-ide/setup "mention") with your team. ## **Benefits** * Analyze more *languages* and detect more *issues* by combining supported rules in the IDE with those supported by SonarQube (Server, Cloud), or Sonarqube Community Build. * See [rules](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/rules "mention") in SonarQube for Visual Studio * See [Supported languages](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/analyzing-source-code/languages/overview "mention") in SonarQube Server * See [Supported languages](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/discovering-sonarcloud/overview "mention") in SonarQube Cloud * See [Supported languages](https://app.gitbook.com/s/bqrfLGeD0Y9vE5l9Le42/analyzing-source-code/languages/overview "mention") in SonarQube Community Build * Highlight advanced issues (in the IDE) like [taint-vulnerabilities](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/taint-vulnerabilities "mention"), detected by SonarQube (Server, Cloud). * An issue discovered in SonarQube (Server, Cloud) or SonarQube Community Build can be quickly explored in the IDE via a dedicated button. See the [#opening-issues-in-the-ide](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/investigating-issues#opening-issues-in-the-ide "mention") article for details. * Use the same *quality profile* locally as is defined by SonarQube (Server, Cloud), or SonarQube Community Build. * See the [Managing quality profiles](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/quality-standards-administration/managing-quality-profiles "mention") pages in SonarQube Server. * See the [Managing quality profiles](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/standards/managing-quality-profiles "mention") pages in SonarQube Cloud. * You’ll also see rules in the same rule mode as defined in SonarQube Server and Sonarqube Community Build. See the [Choosing a mode for your instance](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/instance-administration/analysis-functions/instance-mode "mention") page for more information * Apply settings, such as [#rule-selection](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/rules#rule-selection "mention") and [file-exclusions](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/file-exclusions "mention") defined on the server to your local analysis. * Define specific *analyzer parameters* on the server and have those parameters applied locally. * See the [Analysis parameters](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/analyzing-source-code/analysis-parameters "mention") page in SonarQube Server. * See the [Analysis parameters](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/analysis-parameters "mention") page in SonarQube Cloud. * See the [Analysis parameters](https://app.gitbook.com/s/bqrfLGeD0Y9vE5l9Le42/analyzing-source-code/analysis-parameters "mention") page in SonarQube Community Build. * Automatically suppress issues that are marked as **Accepted** or **False Positive** on the server. See the [#marking-issues](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/fixing-issues#marking-issues "mention") article to understand how this works locally. {% hint style="info" %} When running in connected mode with SonarQube Server 10.4 or newer, **Won’t Fix** becomes **Accept**. {% endhint %} * When you accept [#notifications](#notifications "mention") in your IDE, changes made to your quality gates on the server arrive in your IDE. * See the [Quality standards administration](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/quality-standards-administration "mention") pages in SonarQube Server. * See the [Setting your quality standards](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/standards "mention") pages in SonarQube Cloud. {% hint style="info" %} Connected mode does not push issues to the server. Rather, its purpose is to configure the IDE so that it uses the same settings, as much as possible, as it is defined on the server. {% endhint %} [Free and open-source](https://www.sonarsource.com/open-source-editions/) versions of [SonarQube Community Build](https://www.sonarsource.com/products/sonarqube/downloads/) and [SonarQube Cloud](https://www.sonarsource.com/products/sonarcloud/signup/) are available to work in connected mode. In [SonarQube Cloud](https://www.sonarsource.com/products/sonarcloud/), it’s always free to analyze your publicly accessible projects; if you want to link to a private repository, see the instructions found on SonarQube Cloud's [Subscription plans](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/administering-sonarcloud/managing-subscription/subscription-plans "mention") page. ## Prerequisites and supported languages To run SonarQube for Visual Studio in connected mode, you must have a SonarQube Server project in an active version (see the [Release cycle model](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/server-update-and-maintenance/update/release-cycle-model "mention") page) or a SonarQube Cloud project. Having a SonarQube Server project (in an Active Version), a SonarQube Cloud project, or a SonarQube Community Build project is required to run SonarQube for Visual Studio in connected mode. The following languages and Visual Studio project types are supported: * C# rules (.csproj) * VB.NET rules (.vbproj) * C++ rules (\*.vxcproj and CMake) * CSS rules (from SonarLint for Visual Studio v6.16) * JavaScript rules and TypeScript rules in MSBuild projects or folder workspaces (from SonarLint for Visual Studio v6.7) * Secrets rules When running SonarQube for Visual Studio in connected mode with SonarQube Server or SonarQube Community Build, security hotspots found in JS and CFamily files will be reported. See the [security-hotspots](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/security-hotspots "mention") page for more details. ## Branch awareness Branch awareness allows SonarQube for IDE to consider the branch currently checked out in the IDE and synchronize it with the most appropriate branch from the SonarQube (Server, Cloud) or SonarQube Community Build; we call this *branch matching*. In Connected Mode, SonarQube for IDE synchronizes some data from the issues found on the server, such as the issue’s status and resolution. It is important that SonarQube for IDE knows which branch the user is on at that moment to sync the local analysis with the correct branch analyzed by SonarQube (Server, Cloud) or SonarQube Community Build. SonarQube for Visual Studio only supports git and the git branch name with regard to branch matching. If the SonarQube for Visual Studio’s branch awareness algorithm fails to detect a best match, [taint-vulnerabilities](https://docs.sonarsource.com/sonarqube-for-visual-studio/using/taint-vulnerabilities "mention"), and issue suppressions will be pulled from the SonarQube (Server, Cloud) main branch by default. ### Checking which branches are analyzed on the server In SonarQube Server, open the highlighted drop-down list shown below (as it looks in SonarQube Server) for a list of analyzed branches and pull requests.
A view of your analyzed branches and pull request in SonarQube Server.
To analyze branches other than `master`|`main` , please check these pages on branch analysis: * The [Branch analysis](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/analyzing-source-code/branch-analysis "mention") pages in SonarQube Server. * The [Branch analysis](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/branch-analysis/branch-analysis "mention") page in SonarQube Cloud. ### How SonarQube for IDE selects which branch to sync SonarQube for IDE deploys these three methods to choose which branch (in SonarQube (Server, Cloud)) to sync with the local analysis. **Exact match** Branches with the same name are considered the same branch. If the branch that is currently checked out locally is analyzed on the server, SonarQube for IDE will pick this branch for synchronization. **Closest branch** SonarQube for IDE will consider all local branches that also exist on the server. For each branch, SonarQube for IDE will compute the distance between the current `HEAD` and the branch by the count of commits. The closest branch will be kept. In case the number of commits is the same for two or more branches and the main branch is among them, the main branch will be preferred; otherwise, the tie will be broken with a random choice (from the list of equidistant branches). **Default to main branch** All other cases will default to the branch marked as "main" on the server. For example, if there is an error in reading the branch, or if there is no Git repo, SonarQube for IDE will default to the main branch. **Long and short-lived branches** When using Connected Mode with SonarQube Cloud, issues on short-lived branches are not synchronized. When an issue is marked in SonarQube Cloud *accepted* or *false positive* on a short-lived branch, SonarQube for IDE will still show that issue in the IDE. SonarQube Server does not distinguish between long- and short-lived branches therefore, all issue resolutions are recognized. ## Connection setup SonarQube for Visual Studio provides a connection wizard to help you set up connected mode with SonarQube (Server, Cloud) or SonarQube Community Build. Please see the [setup](https://docs.sonarsource.com/sonarqube-for-visual-studio/connect-your-ide/setup "mention") page for detailed instructions to set up connected mode and bind your project. ### Sharing your setup From version 7.4, it is possible to share a setup configuration file with your team, simplifying the process. One team member must step through the first-time setup process, then export and commit the binding configuration to the repository. Any team member running SonarQube for Visual Studio will find the binding details inside of the project’s source folder and automatically receive a notification to bind the project. Please see the [#first-time-connection-setup-for-shared-binding](https://docs.sonarsource.com/sonarqube-for-visual-studio/setup#first-time-connection-setup-for-shared-binding "mention") article for detailed instructions. ## Local settings If you are running SonarLint for Visual Studio v6.16 or earlier, please see the [previous-versions](https://docs.sonarsource.com/sonarqube-for-visual-studio/resources/previous-versions "mention") page for information about how server synchronization is managed. Before v7.0 (released in June 2023), connected mode behaved a bit differently; check the [migrate-connected-mode-to-v7](https://docs.sonarsource.com/sonarqube-for-visual-studio/connect-your-ide/migrate-connected-mode-to-v7 "mention") page for more details. ## Types of updates ### Quality Profiles Quality profiles are a key part of using SonarQube for Visual Studio in connected mode with SonarQube (Server, Cloud) or SonarQube Community Build. SonarQube for Visual Studio periodically syncs the project’s quality profile from the server and applies its set of rules during code analysis. * See the [Managing quality profiles](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/quality-standards-administration/managing-quality-profiles "mention") pages in SonarQube Server. * See the [Managing quality profiles](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/standards/managing-quality-profiles "mention") pages in SonarQube Cloud. ### Other types of updates
Suppressed issues As mentioned above, it is rare that you will need to manually retrieve suppressed issues from the server because SonarQube for Visual Studio automatically fetches them when the bound solution is opened. From v6.14, SonarQube for Visual Studio supports near-real-time sync of suppressed issues; note that previous releases periodically check for updates every 10 minutes, when a bound solution is opened, or the git branch changes in the IDE. Issue suppressions are reapplied automatically. {% hint style="info" %} If the code is different from when it was analyzed by SonarQube (Server, Cloud) or SonarQube Community Build, a suppressed issue might still appear in Visual Studio. {% endhint %}
File exclusions When running in connected mode, SonarQube for Visual Studio will fetch file exclusions from SonarQube Server or SonarQube Cloud when you bind a project. These settings are saved to a file named sonar.settings.json. Note that in SonarLint for Visual Studio 7.0, the settings file was moved outside of the solution directory; please check the **Legacy Connected Mode** article on the [previous-versions](https://docs.sonarsource.com/sonarqube-for-visual-studio/resources/previous-versions "mention") page for information about the settings file in versions 6.16 and older. For more information about how SonarQube for Visual Studio settings are handled by the server, look at the server documentation on setting your analysis scope: * See the [Setting analysis scope](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/project-administration/adjusting-analysis/setting-analysis-scope "mention") pages in SonarQube Server. * See the [Analysis scope](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/managing-your-projects/project-analysis/setting-analysis-scope "mention") pages in SonarQube Cloud. * See the [Setting analysis scope](https://app.gitbook.com/s/bqrfLGeD0Y9vE5l9Le42/project-administration/adjusting-analysis/setting-analysis-scope "mention") pages in SonarQube Community Build.
File exclusions, if you have any, must be defined on the SonarQube Server or Cloud server.
Known limitations for file exclusions: * Supported Languages: C# & VB (.NET support in SonarLint v6.15+), C, C++, CSS, JavaScript, TypeScript, and Secrets. * Patterns should start with `**/` * Multicriteria and Test exclusions are not supported. SonarQube for Visual Studio only supports Global Source File Exclusions, Source File Exclusions, and Source File Inclusions when setting the analysis scope. For more information about file inclusion and exclusion, see the pages about file inclusion and exclusion while you're working on the server: * [Excluding based on path-matching patterns](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/project-administration/adjusting-analysis/setting-analysis-scope/excluding-files-based-on-patterns "mention") in SonarQube Server * [Excluding based on path-matching patterns](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/managing-your-projects/project-analysis/setting-analysis-scope/excluding-files-based-on-patterns "mention") in SonarQube Cloud * [Excluding based on path-matching patterns](https://app.gitbook.com/s/bqrfLGeD0Y9vE5l9Le42/project-administration/adjusting-analysis/setting-analysis-scope/excluding-files-based-on-patterns "mention") in SonarQube Community Build
## Known issues The goal is to have the same issues reported in the IDE as are reported on the server. However, there are a number of reasons why a set of issues can be different: some technical, some bugs, or some work that just hasn’t been done yet. See our Jira ticket [SLVS-2283](https://sonarsource.atlassian.net/browse/SLVS-2283) for a summary of the known issues and their current status. ## Extended Rule descriptions From v6.14 and newer, Extended rule descriptions written in SonarQube (Server, Cloud) or SonarQube Community Build are available in the **Sonar Rule Help** view container. Because they are written in SonarQube (Server, Cloud) or SonarQube Community Build, you must be viewing your project while in connected mode. * You can extend rule descriptions on the server to let users know how your organization uses a particular rule or to give more insight into a rule. * See [SonarQube rules #Rule details](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/quality-standards-administration/managing-rules/rules#rule-details "mention") in the SonarQube Server documentation * See [rule-details](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/standards/managing-rules/rules#rule-details "mention") in the SonarQube Cloud documentation * See [SonarQube rules #Rule details](https://app.gitbook.com/s/bqrfLGeD0Y9vE5l9Le42/quality-standards-administration/managing-rules/rules#rule-details "mention") in the SonarQube Community Build documentation * Note that the extension will be available to non-admin users as a normal part of the rule details. In your SonarQube (Server, Cloud) or SonarQube Community Build instance, go to the Rule you want to edit in the **Rules** tab, then click the **Extend Description** button to open a field box that will accept your Markdown-formatted text. What you add to the rule from your SonarQube (Server, Cloud) or SonarQube Community Build server will be seen in your instance of SonarQube for Visual Studio.
It is possible to write an extended description for your rule in SonarQube Server or on SonarQube Cloud, and see it in SonarQube for IDE.
## Legacy Connected Mode Before SonarLint for Visual Studio version 7.0 (released in June 2023), connected mode behaved a bit differently: * In versions 6.16 and earlier, SonarLint saved all of its configuration files *inside the solution project folder*, and it was up to the user to commit or exclude the Sonar settings. This caused some version control management problems, especially when syncing with the server in connected mode. Please check the [previous-versions](https://docs.sonarsource.com/sonarqube-for-visual-studio/resources/previous-versions "mention") page for important details when running in connected mode. * From version 7.0 and newer, the settings folder was moved outside of the solution directory to the `%AppData%\Roaming\SonarLint for Visual Studio\Bindings` folder. Before SonarLint for Visual Studio version 4.0 (released in May 2018), connected mode behaved a bit differently: * The appropriate NuGet package for the `SonarAnalyzer.CSharp/SonarAnalyzer.VisualBasic` analyzers were added to each project. * The connected mode settings were saved in a solution-level folder called SonarQube in a file called `SolutionBinding.sqconfig`. * If you are upgrading to version 7.0 from Sonarlint version 3.10 or earlier, please check the [#migrating-from-a-legacy-version](https://docs.sonarsource.com/sonarqube-for-visual-studio/migrate-connected-mode-to-v7#migrating-from-a-legacy-version "mention") paragraph for instructions. In SonarLint for Visual Studio version 4.0 and later: * The analyzer NuGet packages are no longer installed in any project * The settings are saved in a solution-level folder called `.sonarlint` in a file called `[solution name].slconfig`. ## SonarQube for IDE-SonarQube Server version support policy SonarQube for IDE enables users to establish a connection to the latest SonarQube Server version and to the latest LTA (Long-Term Active) version. When a new LTA version is released, we still enable connecting SonarQube for IDE to the previous LTA version for a certain period of time (currently 9 months after the latest LTA release) to allow enough time for organizations to update their SonarQube Server version. {% hint style="warning" %} *The 8.9LTA reached its support expiration date (in November ’23)*. {% endhint %} For more information about long-term support of SonarQube Server, check out our page describing SonarQube Server's [Release cycle model](https://app.gitbook.com/s/LWhbesChsC4Yd1BbhHhS/server-update-and-maintenance/update/release-cycle-model "mention"). Review your SonarQube for IDE-specific requirements for version-to-version differences. ## Notifications Connected mode allows SonarQube (Server, Cloud) and SonarQube Community Build to send smart alerts to individuals or teams as soon as something appears on the server that something failed, when new issues are discovered or when the Sonar Quality Profile is updated, for example. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery. The notification will include a link to call back to SonarQube (Server, Cloud) and SonarQube Community Build where you can learn more about the issues that were introduced. You’ll receive smart notifications in your IDE when: * the quality gate status of a project *open in your IDE* changes (see the [#project-binding](#project-binding "mention") article above for links to the quality gate pages on SonarQube (Server, Cloud)) * a SonarQube (Server, Cloud) and SonarQube Community Build analysis raises new issues *that you’ve introduced in a project open in your IDE* You can activate or deactivate smart notifications in SonarQube for IDE on the IDE side for a server-by-server basis. Sonar Smart Notifications are available in all editions of SonarQube (Server, Cloud) and SonarQube Community Build.