Scan my project
Scanning your project in SonarQube for VS Code is a simple, easy process.
SonarQube for IDE, a core component of the SonarQube solution, is a developer’s first line of defense to find and fix coding issues in real-time. The results of a SonarQube for IDE scan provide rich contextual guidance to help you improve your skills while enhancing productivity to help you resolve issues in code.
SonarQube for IDE scans your project to provide instant feedback against hundreds of language-specific rules. When running in connected mode with SonarQube Server or SonarQube Cloud, you can benefit from additional rules that identify security vulnerabilities and security hotspots as well as take advantage of team features that help your organization achieve high-quality code.
Every organization has custom policies and procedures; the SonarQube for IDE analyzer offers a level of customization to help you achieve those practices.
Overview
SonarQube for VS Code will automatically analyze all open files. Scanning a full project, including unopened files, is only available in the search for Security hotspots; please see the documentation on Reporting security hotspots In the Whole Folder for the full details.
First steps
SonarQube for VS Code will only analyze open files when a file is opened or saved. It is not possible to manually trigger an analysis.
Scanning while in Connected Mode
When running in Connected mode, SonarQube for IDE will sync with the SonarQube (Server, Cloud) or SonarQube Community Build quality profile to download issues and suppress those marked as safe or won’t fix on the server. The analyzer properties and rules will be respected and SonarQube for IDE will use locally what is defined on the server.
Language-specific information
C and C++ analysis
Please see the specific requirements for supported compilers and language standards described on the Running an analysis page.
Jupyter Notebooks
Jupyter Notebooks in VS Code
SonarQube for VS Code v3.16+ supports analysis of Python code inside Jupyter notebooks. When opening an .ipynb file, SonarQube Server, or SonarQube Community Build analyze the Python code and Python cells inside your Jupyter Notebooks.
There is nothing special to do to run a SonarQube for IDE analysis; simply open a Jupyter Notebook file. As with any Jupyter Notebook, you must set up your VS Code environment to run a project. The usual Quick Fix and issue investigation options you are accustomed to are available.
Managing rules
IPython Notebooks is a new rules category in the SonarQube for IDE explorer. Go to RULES > IPython Notebooks in the SONARQUBE SETUP view container to enable/disable rules, just as you would any rule for other languages.
The following rules have been disabled by default for Jupyter documents because they tend to be noisy in the notebook environment:
Connected mode
Connected mode will be ignored when working with Jupyter Notebooks. You will only have local analysis; this is because analysis of Jupyter Notebooks is not yet supported by SonarQube (Server, Cloud) or SonarQube Community Build.
Magic commands
All Magic commands are ignored by SonarQube for VS Code (for example, %matplotlib inline and %%timeit). When a line magic command is found, that line will be ignored. Similarly, when a cell magic command is found, the entire cell will be ignored. The next image below shows a normal Jupyter cell; the second image illustrates the same cell with a cell magic command. Note how SonarQube for VS Code ignores issues in the cell with the magic command.
Specify additional analyzer properties
It is possible to specify extra analyzer properties that will be used for analysis.
// <project>/.vscode/settings.json
{
"sonarlint.analyzerProperties": {
"sonar.javascript.node.maxspace": "4096"
}
}Last updated
Was this helpful?