/sonarlint-vscode

SonarLint for Visual Studio Code

Primary LanguageTypeScriptGNU Lesser General Public License v3.0LGPL-3.0

SonarLint for Visual Studio Code

SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, SonarLint squiggles flaws so they can be fixed before committing code. You can get it directly from the VS Code Marketplace and it will then detect new bugs and quality issues as you code (JavaScript, TypeScript, PHP and Python)

How it works

Simply open a JS, TS, Python or PHP file, start coding, and you will start seeing issues reported by SonarLint. Issues are highlighted in your code, and also listed in the 'Problems' panel.

sonarlint on-the-fly

You can access the detailed rule description directly from your editor, using the provided contextual menu.

rule description

Rules

Check the rules to see what SonarLint can do for you:

You will benefit from the following code analyzers: SonarJS, SonarTS, SonarPython and SonarPHP

Requirements

The only thing you need is a Java Runtime (JRE) 8 or 11 installed on your computer.

SonarLint should automatically find it but you can also explicitly set the path where the JRE is installed using the 'sonarlint.ls.javaHome' variable in VS Code settings. For example:

{
    "sonarlint.ls.javaHome": "C:\\Program Files\\Java\\jre1.8.0_131"
}

Connected mode

You can connect SonarLint to SonarQube >= 6.7 or SonarCloud to benefit from the same rules and settings that are used to inspect your project on the server. SonarLint then hides in VSCode the issues that are marked as Won’t Fix or False Positive.

To configure the connection, have a look at SonarLint in default user settings.

Configuring a project binding at the workspace level mutes Won’t Fix and False Positive issues in any of the project's sub-folders added to the workspace.

If you change something on the server such as the quality profile, you can trigger an update of the local cache using the "Update SonarLint binding to SonarQube/SonarCloud" command on the command palette (search for "sonarlint").

For security reasons, the token should not be stored in SCM with workspace settings.

Contributions

If you would like to see a new feature, please create a new thread in the forum "Suggest new features".

Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.

With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.

Make sure that you follow our code style and all tests are passing.

Have Question or Feedback?

For SonarLint support questions ("How do I?", "I got this error, why?", ...), please first read the FAQ and then head to the SonarSource forum. There are chances that a question similar to yours has already been answered.

Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)

Issue tracker: https://jira.sonarsource.com/browse/SLVSCODE

License

Copyright 2017-2019 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0