问题
I'm evaluating SonarQube 5.4 with SonarLint eclipse plugin.
SonarQube as well as the plugin are set up and are running. But now I'm pretty confused how SonarLint is supposed to run in 'connected mode':
- SonarLint is connected with SonarQube and is bound to the corresponding project. But some issues are only shown in SonarQube. It was my understanding SonarLint should be able to identify issues like
Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object. But it does not. SonarQube does. - When analysing a single file with SonarLint, there are a lot of debug messages in the SonarLint Console like
Class not found in resource cache : org/company/project/CommonSuperClass. But even worse:Class not found in resource cache : java/lang/Class. Is it supposed to do that? - We are specifically interested in highlighting the issues introduced by developer. SonarQube is connected our repo and does a nice job in blaming the committer. But it seems there is no way of showing my own issues in sonarlint.
- I'd like to run the SonarLint analysis at a time of my choice, so I decided to deactivated "Run SonarLint automatically". But it seems I can only analyze files manually, not packages or projects. Am I missing something again? I do not want to click on every one of my ~2000 files and analyze it by hand.
回答1:
SonarLint and SonarQube are 2 different products:
- You want very fast feedback on the code you are working on to make sure you don't inject issues => SonarLint analyses the files as you open them to write or review code
- You want a 360° vision of the quality of your code => SonarQube analyses all the files of your project
The "connected mode" is the bridge between the 2 worlds, and its development is still underway. For instance, we plan to make it possible to see inside SonarLint all the issues found on the project by SonarQube (see and vote for SLE-54).
来源:https://stackoverflow.com/questions/37694372/analyse-complete-project-at-once-with-sonarlint-analysis-file-by-file-yields-i