0

I'd like SonarQube so we installed it and using it during jenkins builds. The problem is how to get results back from the server. I tried some plugin, which apparently worked. So I have seen the errors in my IDE, but I suspect the errors are result of jenkins build, thus are not accurate.

I have investigated SonarLint as I thought it is some kind of local version of SonarQube, but the plugin failed in my IDE(server not found) so I dug deeper and found out this

Currently SonarLint for Eclipse uses https://update.sonarlint.org/ as SonarQube instance

So it is using SonarQube undercoat anyway, I can probably somehow switch to our dev SonarQube.

But can anybody explain to me how it will work from multiple dev machines. If I will run analysis over my code which has different version then other dev has, will it not influence all of us? Is only solution to this really running the SonarQube on each machine locally?

Or is it maybe running locally, but downloading the rules only from remote? Which I do not guess is right as it will need local database somewhere. As it is said here

Community
  • 1
  • 1
Zveratko
  • 2,663
  • 6
  • 35
  • 64

1 Answers1

0

You are right: currently, SonarLint is intended to be used locally. It uses the plugins and rules from the update Server, so everyone using SonarLint should have the same issues raised on the same code (assuming it is up to date).

The results of the analysis and the code are not sent to the server. It runs a local analysis (using issues mode and not publish mode)

We plan to support connecting it to a custom SonarQube server later. It will then be possible to match local issues with issues known to the server and use information from it.

Duarte Meneses
  • 2,868
  • 19
  • 22
  • So my code is sent to remote location? Or just the rules are downloaded and the process runs locally? My concern here is about security of the code. And I still dont't get how one server can analyse more code revisions (in case of sonarLint it is even local changes of each developer). In the server GUI you always see just the results of latest analysis, will not the result for each individual be overwritten when other runs the tool? Can you please explain it to me. – Zveratko Jan 15 '16 at 03:41
  • It is processed locally; SonarLint does not send anything to the server. I'll update the answer. – Duarte Meneses Jan 15 '16 at 07:38
  • And in case of SonarQube? Multiple users using one SonarQube, skipping SonarLint for a while as I think it is not possible to change rules for SonarLint, because the remoter "rules" server is hardcoded. It will not work predictably for all users and will be just for review ONE jenkins build. – Zveratko Jan 15 '16 at 08:21