Install Free

Troubleshooting

What to do when you have problems running an analysis in SonarQube for Visual Studio.

Knowing where to begin looking for information is the first step to reaching out for help. Many answers to commonly found problems can be found on the SonarQube for IDE channel of the Sonar Community Forum. See below for the basic steps to access the SonarQube for IDE logs when the analysis results are not what you expected.

Before posting to the Community, make sure that you have your logs ready by following the instructions below.

How to get the SonarQube for Visual Studio logs

  • Select Show Logs from the SonarQube help menu: Extensions > SonarQube > Help > Show Logs

To dig deeper, enable the Verbose output in the SonarQube Options, then repeat the action that caused the problem:

  • Navigate to Extensions > SonarQube > Options… > General and set your Logging level to Verbose.

Troubleshooting connected mode setup

No matching project found

No matching project is found because:

  • It’s best if you already have the project open in your IDE, otherwise SonarQube for Visual Studio might not be able to find a matching file.

  • The current bound project or solution does not match the SonarQube Server or SonarQube Cloud project or solution. Please check your binding configuration.

If these solutions don’t help, follow the instructions about Project binding to manually configure your project binding.

No matching issue found

SonarQube for Visual Studio can’t find your issue because:

  • You might not be on the same branch.

  • The issue was fixed, or the source code may be different from the analyzed version.

Updating your credentials

Unfortunately, you cannot update your SonarQube Server or SonarQube Cloud credentials in SonarQube for Visual Studio. Please see the Updating your credentials article on the Connection setup page.

SSL/TLS errors

If you’re having trouble connecting to the server due to SSL/TLS errors, it might be because SonarQube for Visual Studio can’t verify the server certificate chain due to the fact that it can’t check the Certificate Revocation List. To troubleshoot and find out why, begin with making sure you’re using the latest version of SonarQube for Visual Studio, then check your logs:

  1. Enable verbose logs. See How to get the SonarQube for Visual Studio logs above for details.

  2. Make sure that your analyzers have had a chance to load and run (run Ctrl+S to be certain) and search for [CertificateChainValidator] in the logs. Next, you’ll work to fix the issue that prevents the chain validation.

  3. Manually add the certificate to the SonarLint trust store:

  4. The documentation described in the Server SSL certificates article will explain how to do this.

SonarQube for Visual Studio expects the truststore.p12 to exist under ~/.sonarlint/ssl, where ~sonarlint refers to the C:\Users\username\~sonarlint folder; if the folder doesn’t exist, it can be added manually.

If all else fails, ask for help on The Sonar Community.

Troubleshooting unexpected analysis results

Sometimes, issues found on the server differ from those found locally by SonarQube for IDE. Usually, the server-side rule configuration (your quality profile) is to blame; however, it could be something more than that. Maybe your local build configuration and system dependencies don’t align with your DevOps pipeline, or it could simply be that the issue, due to its complexity, is only detectable by SonarQube Server or SonarQube Cloud.

The collapsible below lists some of the most commonly encountered reasons, along with some details that will help you troubleshoot discrepancies.

Why your local analysis might be different than found on the server

Some issues might be detected by third-party analyzers

SonarQube for IDE will only run rules from Sonar analyzers including custom rules extending Sonar analyzers. Third-party analyzers usually have their own IDE integration, and there is no plan to run them inside of SonarQube for IDE.

Your test files might be mistaken as source files

Test files can be defined in SonarQube (Server, Cloud) or SonarQube Community Build at either the project or global levels. In addition, test files can be defined in the IDE however, each IDE handles test files a bit differently:

  • For example, SonarQube for Visual Studio does not distinguish between project and test code, and SonarQube for IntelliJ relies on the IDE to detect if a file is a test file. In the case where the IntelliJ IDE detects the test file for SonarQube for IntelliJ:

    • The file is under a test sources root. Those roots can be manually created by users or automatically populated by the IDE by relying on the build system such as Maven or Gradle, for example.

    • The file is flagged as a test file by any plugin that you have installed. The IDE bundles some internal plugins like the "JavaScript and TypeScript" plugin; these internal plugins can infer if a file should be considered as a test file. Third-party plugins can also infer test files, and SonarQube for IDE will recognize these as such.

Please review your IDE's page about File exclusions and check these pages to define your analysis scope on the server:

Some rules are too complex to run locally

Some rules can report issues at the project level or require extensive resources to analyze, such as injection vulnerabilities and some advanced bug detection rules; such issues are not displayed in SonarQube for IDE, only in SonarQube (Server, Cloud). Please check the SonarQube for IDE roadmap for a list of features on the horizon and review the server documentation to understand more about these issue types:

File or language types are not supported

Check your IDE’s Rules and languages page for a list of supported languages and file types.

The analyzer version may be different

Improvements are constantly being made to the Sonar analyzers during the CI/CD development cycle. Depending on the product version you are running, you may have a different analyzer therefore, the results might be different.

  • SonarQube Cloud is always running the latest analyzers.

  • SonarQube Server and SonarQube Community Build run the latest available analyzer at the time of its release.

  • SonarQube for IDE runs the latest available analyzer at the time of its release.

  • Sometimes SonarQube for IDE downloads and uses the same SonarQube Server or SonarQube Cloud analyzer when running in connected mode.

Your project configuration may be different

Discrepancies in C and C++ analysis may result from different project builds and system dependencies. For example, you might have one set up in your local build configuration and another set up for your CI build configuration (or the configuration created by Autoscan).

Language-specific examples

C or C++ Analysis

Troubleshooting C or C++ Analysis

If you’re using SonarQube for Visual Studio version 8.20 or older, troubleshooting CFamily analysis works a bit differently. Please see information inside theDefine C, C++, CSS, JS, TS or secrets detection rules for local analysis exapandable for more information.

You can create a reproducer file for C and C++ analysis that contains diagnostic information to help the developers at Sonar investigate problems that occur in your analyses. Beginning in SonarQube for Visual Studio 8.10, the reproducer file may contain sensitive data about your machine’s environment variables. *Please take this into account when sharing your files.

If you encounter a problem with C or C++ analysis, please contact us in the Sonar Community forum and include the reproducer file. Follow the instructions below for complete instructions on how to do this.In case the analysis is not working or obvious false positives are raised, here are the recommended actions in order:

1. Investigate the logs:

  • If there is no obvious sign in the logs, enable the Verbose output and check again.

2. Enable Rule `S2260`:

  • In case of obvious false positives in the raised issues, enable the cpp:S2260 or c:S2260 rule and check if it raises issues in the culprit file. This rule indicates that the analyzer failed to parse part of the code and might give hints or indicate a configuration problem.

  • Note that if you are using connected mode, you must enable it in your quality profile on SonarQube Server or Cloud to activate the rule locally. If not using connected mode, see Define C, C++, CSS, JS, TS or secrets detection rules for local analysis for instructions.

  • If it raises issues, follow the rule description to fix your code; if not, move to the step in troubleshooting.

3. Generate a CFamily reproducer file and report the issue:

  • When none of the previous suggestions work, please report the problem you encountered in the Sonar Community forum.

  • In case of a false positive or an analysis failure, we need the CFamily reproducer file to investigate the issue. To generate the reproducer file, add the following analyzer option to the settings.json:

    • Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties, select Add and add sonar.cfamily.reproducer as the property name and <YOUR_FILE_PATH>.cpp as the value.

  • The sonar.cfamily.reproducer should point to the source or header file on which you face the issue. After setting that option, trigger the analysis on the culprit file. You should see in the logs that a file name sonar-cfamily.reproducer is generated in a temporary directory.

    • Because your reproducer file may contain sensitive information, ask us how to share it privately when you post on the Community.

4. Finally, after you’re finished generating your reproducer file, delete the sonar.cfamily.reproducer property:

  • Navigate to Extensions > SonarQube > Solution Settings > Analysis Properties and select Delete.

PreviousHelpNextPrevious versions

Last updated

Was this helpful?