{"id":29340,"date":"2022-03-31T10:08:09","date_gmt":"2022-03-31T10:08:09","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=29340"},"modified":"2022-12-23T06:19:59","modified_gmt":"2022-12-23T06:19:59","slug":"what-is-sonarlint-and-how-it-works-an-overview-and-its-use-cases","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/what-is-sonarlint-and-how-it-works-an-overview-and-its-use-cases\/","title":{"rendered":"What is Sonarlint and How it works? An Overview and Its Use Cases"},"content":{"rendered":"

History & Origin of Sonarlint<\/h3>\n

More than your average linting tool<\/p>\n

Your current linting tools may come with overhead \u2013 specialized tools for languages or longer setup and config time. With SonarLint, you can settle on a single solution to address your Code Quality and Code Security issues. We have you covered with hundreds of unique, language-specific rules to catch Bugs, Code Smells, and Security Vulnerabilities right in the IDE, as you code.<\/p>\n

What is\u00a0 Sonarlint<\/h3>\n

SonarLint\u00a0enables you to code better with on-the-fly analysis and support for hundreds of deep static analysis rules to detect common mistakes, tricky bugs, and security issues<\/b>.<\/p>\n

\n
\n

eal-time feedback as you code<\/h3>\n
\n

Your IDE is the best place to catch coding issues. SonarLint enables you to code better with on-the-fly analysis and support for hundreds of deep static analysis rules to detect common mistakes, tricky bugs, and security issues.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n

easy to use, no configuration required<\/h3>\n
\n

Get maximum coverage for your programming language with no installation overhead or lengthy setup. Just install the plugin and continue to code while SonarLint assists you in the background. It’s the only in-IDE solution you’ll ever need.<\/p>\n<\/div>\n

How Sonarlint works aka Sonarlint architecture?<\/h3>\n

SonarLint in IntelliJ.\u00a0The SonarLint IntelliJ plug-in allows you to see an easy report about code issues right inside IntelliJ<\/b>. It runs an immediate analysis as you change code, and by ‘binding’ your plug-in with the OpenLMIS SonarQube server, it uses the same set of rules and checks.<\/p>\n

Ways to Use Sonar<\/h1>\n

There are three main use cases for Sonar that we are encouraging during the OpenLMIS v3 development:<\/p>\n

1)\u00a0SonarLint plug-in in IntelliJ<\/strong>. We encourage all developers to use it. We want to clean up code as we touch it (fix as we go).
\n2)\u00a0During Reviews<\/strong>: Open Sonar to look at errors and issues in the code during a review. Also look at test coverage to consider whether the new code has enough tests. Bring up issues in the Fisheye review process.
\n3)\u00a0Periodically Triage<\/strong>: The teams map pull up Sonar periodically to look at our most common issues and to look at broader trends in test coverage. We can use this to guide our discussions about what to prioritize as we work towards improved test coverage and quality.<\/p>\n

False Positives<\/h1>\n

Sometimes SonarQube and SonarLint will show errors or issues that are not really a problem. A good time to discuss this is the code review process. If peers agree that something isn’t really a bug, we can leave it coded that way.<\/p>\n

Although Sonar metrics are aligned with OpenLMIS coding standards, you may disagree with the filters and metrics that Sonar is using. If so, it’s worth bringing that up for team discussion. There may be rules we want to adjust or change. It is possible for us to adjust the rulesets and change our coding standards, but only after significant consideration. There is also good reason to stick with the industry-standard rules and best practices.<\/p>\n<\/div>\n

Feature and Advantage of using Sonarlint<\/h3>\n

Get the power to write better code<\/h1>\n

\"\"<\/p>\n

\n
\n
\n

Bug detection<\/h2>\n

Benefit from\u00a0thousands of rules<\/span>\u00a0; which detect common mistakes, tricky bugs and known vulnerabilities.<\/p>\n

Instant feedback<\/h2>\n

On-the-fly! Issues are detected and reported as you code, just like a spell-checker.<\/p>\n

Know what to do<\/h2>\n

SonarLint precisely pinpoints where the problem is, and gives you recommendations on how to fix it.<\/p>\n<\/article>\n

\n
\n
\"\"<\/div>\n

\"\"<\/div>\n<\/div>\n<\/section>\n

\n
\n
\"\"<\/div>\n<\/div>\n
\n

Learn from your mistakes<\/h2>\n

Rich documentation lets you understand issues in detail and discover coding best practices.<\/p>\n

Uncover old issues<\/h2>\n

See which issues were already existing, and become a hero for fixing them.<\/p>\n

Best Alternative of Sonarlint<\/h3>\n
Top Alternatives to SonarLint<\/b><\/div>\n
\n
    \n
  • ReSharper. It is a popular developer productivity extension for Microsoft Visual Studio.<\/li>\n
  • SonarQube. SonarQube provides an overview of the overall health of your source code and.<\/li>\n
  • FindBugs. It detects possible bugs in Java programs.<\/li>\n
  • PMD.<\/li>\n
  • JSLint.<\/li>\n
  • ESLint.<\/li>\n
  • Pylint.<\/li>\n
  • Checkstyle.<\/li>\n<\/ul>\n

    Best Resources, Tutorials and Guide for\u00a0 Sonarlint<\/h3>\n
      \n
    1. devopsschool.com<\/li>\n
    2. sonarlint.org<\/li>\n
    3. sonarsource.com<\/li>\n<\/ol>\n

      Free Video Tutorials of\u00a0 Sonarlint<\/h3>\n