Connected Mode
You can connect SonarLint to SonarQube >= 6.7 or SonarCloud to benefit from the same rules and settings that are used to inspect your project on the server. SonarLint then hides in VS the issues that are marked as Won’t Fix, False Positive or Fixed.
Note: Connected Mode does not push or pull issues to or from the server. Rather, its purpose is to configure the IDE so that it uses the same settings as the server.
The following languages and Visual Studio project types are supported:
- C# (.csproj)
- VB.NET (.vbproj)
- C++ (*.vxcproj and CMake) (requires SonarCloud, or SonarQube v7.6 or higher)
- JavaScript and TypeScript in MSBuild projects or folder workspaces (from SLVS v6.7)
SonarLint’s branch awareness attempts to find the best matching branch from the server to align your code with the most recent analysis and works automatically when running in Connected Mode. SonarLint for Visual Studio only supports git and the git branch name with regard to branch matching. If the SonarLint’s branch awareness algorithm fails to detect a best match, taint vulnerabilities and issue suppressions will be pulled from the main branch by default.
It is important that we know on which branch the user is at that moment in order to sync the active file with the server when using Connected Mode. When binding your project to the server, SonarLint finds the closest branch to suppress issues (for example, issues marked as “won’t fix”) as defined by the server.
Step (1) Click on Extensions → SonarLint → Connected mode → Bind to SonarQube or SonarCloud to open the "SonarQube Connections tab"
images/ConnectedMode/CM_Bind.png
This will display the SonarQube Connections tab:
images/ConnectedMode/CM_SonarQubeTeamExplorerTab_v4_14.png
images/ConnectedMode/CM_ConnectionDialogue_v4_14.png
The SonarQube tab is used for connecting to both SonarQube and SonarCloud. To connect to SonarCloud you should enter https://sonarcloud.io as the SonarQube server URL.
You can connect using either a User Token, or a Username and Password. We strongly recommend using User Tokens. The documentation on creating User Tokens is found here for SonarQube or SonarCloud.
When using a User Token, enter the token in the Username/Token field (in SLVS) and leave the Password field blank.
If you are connecting to SonarCloud, you will also be prompted to choose which of your organizations the project belongs to:
images/ConnectedMode/CM_OrgDialogue_v4_14.png
You can also connect to public third-party organizations by entering the organization key in the Other Organizations tab:
images/ConnectedMode/CM_Org_OtherOrgs_v4_14.png
To find the organization key for a third-party organization, browse to the project you want to bind to on SonarCloud. The organization key is displayed on the project page:
images/ConnectedMode/CM_ExampleOrgKeyOnSonarCloud.png
The final step is to select the Sonar project you want to bind the solution to. Select a project with a double-click or a right-click, and select Bind from the context menu:
images/ConnectedMode/CM_ProjectSelection_v4_14.png
SonarLint will then fetch the required settings from the server and create local configuration files.
SonarLint will automatically fetch suppressed issues when the bound solution is opened in Visual Studio, and will periodically check for changes every 10 minutes.
You can manually trigger a fetch by selecting Update in the context menu of the SonarQube tab in the Team Explorer window:
images/ConnectedMode/CM_RefreshBinding_v4_14.png
The suppressions will be applied next time an analysis is triggered.
Note: a suppressed issue might still appear in Visual Studio if the code is different from when it was analyzed on SonarQube/SonarCloud.
Note: there is a known issue in which suppressed issues can still be shown for C# and VB.Net. See SLVS-1005 for more information.
SonarLint will fetch file exclusions when a binding is made or updated and save to a file named sonar.settings.json under the .sonarlint folder. When a bound solution is opened, SonarLint will automatically check whether the server settings have changed. If the settings on the server have changed, SonarLint will warn you about this discrepancy and will ask you to update the binding.
images/ConnectedMode/CM_OutOfDateConfig_v4_14.png
Alternatively, you can manually trigger an update from a context menu of the SonarQube tab in the Team Explorer window:
images/ConnectedMode/CM_RefreshBinding_v4_14.png
- Supported Languages: C, C++
- Patterns should start with "**/"
- Multicriteria and Test exclusions are not supported. We only support Global Source File Exclusions, Source File Exclusions and Source File Inclusions.
The local Connected Mode configuration files can get out of step with settings on the SonarQube|SonarCloud servers—for example, the Quality Profile for the project is changed on the server.
SonarLint will automatically check whether the server configuration has changed whenever the bound solution is opened in Visual Studio, and will ask you whether you want to update the local configuration to match:
images/ConnectedMode/CM_OutOfDateConfig_v4_14.png
Alternatively, you can manually trigger an update from a context menu of the SonarQube tab in the Team Explorer window:
images/ConnectedMode/CM_RefreshBinding_v4_14.png
There is not an "unbind" command to disconnect a solution from SonarQube/SonarCloud. Instead, simply delete the .sonarlint folder and its contents.
Prior to version 4.0 (released May 2018), Connected Mode behaved slightly differently:
- the appropriate NuGet package for the
SonarAnalyzer.CSharp/SonarAnalyzer.VisualBasicanalyzers were added to each project - the Connected Mode settings were saved in a solution-level folder called
SonarQubein a file calledSolutionBinding.sqconfig.
In subsequent versions of SonarLint:
- the analyzer NuGet packages are no longer installed in any project
- the settings are saved in a solution-level folder called
.sonarlintin a file called[solution name].slconfig
The goal is to have the same issues reported in the IDE as are reported to the server during an analysis run. However, there are a number of reasons why a set of issues can be different: some technical, some bugs, or some work that just hasn't been done yet. See ticket #1336 for a summary of the known issues and their current status.