Plugins are available for Eclipse, IntelliJ. Can be used with systems such as Jenkins and SonarQube. OWASP TOP 10 and CWE coverage. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. Open for contributions. SonarLint supports all JetBrains IDE, including IntelliJ, WebStorm, PhpStorm, PyCharm and RubyMine. It can analyze code written in Java, JavaScript, TypeScript, Python, Kotlin, Ruby, HTML & PHP.
SonarQube provides a plugin for IntelliJ (and Eclipse as well) which is a great tool to perform dev-box code analysis before committing or checking-in your changes. It gives the developers a chance to check and make sure they aren’t introducing any new defects or technical debt in the code they have added or modified. Here’s how to set up the plugin and get going.
Install SonarQube IntelliJ Plugin
- Launch IntelliJ and go to File -> Settings -> Plugins
- Search for ‘sonarqube’ and install the plugin
Setting up SonarQube plugin
- In IntelliJ go to File -> Settings -> Other Settings -> SonarQube
- Add details about the sonar server here. The plugin will use this to download the quality profile/analyzers etc.
- This plugin executes the analysis in preview mode where no data is pushed to the server.
Associate your IntelliJ project with Sonar project
- Right click on the project in IntelliJ and select 'Associate with SonarQube…'
- Search for the sonar project and select it
Sonarlint Intellij Plugin
Running the analysis
- Make your code changes
- Right click on the project and select Analyze -> Run Inspection by Name…
- In the search box type 'Sonarqube' and select 'SonarQube Issue' from the result list
- In the 'Inspection Scope' dialog, select Custom Scope and set its value to Changed Files. This will ensure that the analysis is run on the files modified by you.
Sonarqube Ide Plugin
- The plugin will run the preview analysis and display the results in the inspection tab. The inspection shows issues in two files which were modified before the analysis.