The Scope of the Proposed SonarLint
SonarLint is a free IDE extension that lets you fix coding issues before they exist! Like a spell checker, SonarLint highlights Bugs and Security Vulnerabilities as you write code, with clear remediation guidance so you can fix them before the code is even committed.
The Problem Statement of a Traditional Development Process
We must always deal with credentials, passwords, and secrets during the software development life cycle.
The Overall Architecture
SonarLint is connecting through Visual Studio Code IDE with the support of SonarLint Plugin to analyze real-time code advice by SonarQube Server over the API access.
SonarLint is a free IDE extension that lets you fix coding issues before they exist, Like a spell checker.
SonarLint highlights Bugs and Security Vulnerabilities as you write code, with clear remediation guidance so you can fix them before the code is even committed.
Supported Languages
onarLint integrates with most JetBrains IDEs including IntelliJ IDEA, CLion, WebStorm, PHPStorm, PyCharm, Rider, Android Studio & RubyMine. Supported languages include
- C
- C++
- Java
- JavaScript
- TypeScript
- Python
- C#
- Kotlin
- Ruby
- HTML
- CSS
- PHP
Quick Setup
Create a SonarQube Token
- Click on the User icon and click on My Account as follows
- Click on the Security section as follows
- Generate User Token as follows
- Access Token: squ_fb9a4421b6ba7ac82d14ead90afafb9ab23416b3
Install the SonarLint Plugin
Config SonarQube Server URL and API Key to connect from IDE.
Go to File > Preferences > Settings under the Users tab go to extensions ions and then expand SonarLint.
Configure SonarLint for analysis and connected mode
click on “Edit in settings.json” and enter this object in the file to make a connection to your SonarQube server.
"sonarlint.connectedMode.connections.sonarqube": [
{
"connectionId": "CMB",
"serverUrl": "https://sonarqube.example.com/",
"token": "squ_391a2bb4c17e1ab2ecd00583375b38aef375cd db",
"disableNotifications": true
}
]