Get a clear idea about Using SonarLint for Java with IntelliJ, VS Code, and Eclipse IDE through simple and easy code examples:
SonarLint is a free IDE Extension used for code analysis as the developers write the code. Some teams may also have a policy that before committing/merging the code to a Feature or Development branch, code analysis is mandatory and no SonarLint issues should be present.
So the IDE is a great place to discover coding issues and address them immediately.
SonarLint’s extension to the IDE provides immediate code improvement feedback during coding rather than waiting until a static code analysis step such as SonarQube towards the end.
So SonarLint is for the developers who analyze the code on the fly to help identify the bugs and other issues that help with code readability. SonarQube is more for teams that enable continuous inspection and analysis of the source code at frequent intervals.
Table of Contents:
SonarLint for Java with IntelliJ, VS Code, and Eclipse IDE
In this article on SonarLint for Java, we will see how to use the SonarLint extension with IntelliJ, VS Code, and Eclipse IDE which will show us what is wrong with the code and give us best practices of fixes to be done.
I am using the trial version of the Ultimate edition of the IDE for this article. IntelliJ trial can be downloaded for your OS from IntelliJ Trial. The community edition of IntelliJ IDEA is free.
VS Code is free and can be downloaded for your OS from VS Code. Eclipse IDE is free and can be downloaded from Eclipse IDE.
Pre-requisites:
- IntelliJ, VS Code, and Eclipse IDE should be downloaded and installed.
- JDK 11+
- Internet connection to download and install the SonarLint plugin into the IDE.
Using SonarLint for Java in IntelliJ
Proxy Configuration
Organizations provide a proxy server to connect to the internet to download any file or connect to any internet site. Similarly, to download and install plugins from within the IDE you may need to set up a proxy.
To do so in IntelliJ go to File -> Settings -> Appearance & Behaviour -> System Settings -> HTTP Proxy
Set the proxy as per your organization’s needs. It could be an auto-detect or manual proxy configuration. This could be an optional configuration though.
On the Fly Analysis
To integrate the analysis within IntelliJ IDEA, we need to install the SonarLint plugin into IDE. Launch the IntelliJ IDEA and go to the Plugins section. Search for the SonarLint plugin and install the same.
After the installation of the plugin restart the IDE for the plugin to take effect. With the IDE to install any other plugins, you can go to File -> Settings -> Plugins
Let’s see a scenario where a developer is working on a JSP file as shown and on the fly the analysis is done and the issues are immediately reported in the SonarLint view.
Below is a sample Maven project. The JSP file has the following contents:
<html> <head> <title> Hello World Maven App</title> </head> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India</h2> </body> </html>
In the SonarLint view, 2 issues are immediately listed for the current open file.
Once you fix it, the issue will be gone. The corrected code is as shown below in GREEN.
<!DOCTYPE> <html lang="en"> <head> <title>Hello World Maven App</title> </head> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India </h2> </body> </html>
Now we have a clean code as you fix them on the fly and SonarQube analysis during the build will not report these. The Current file view shows that there are no issues reported once the recommendations are added to the code.
So the above analysis has been done with the predefined set of rules.
To analyze the entire Maven project, right click on the project and select Analyze -> Analyze with SonarLint or Ctrl+Shift+S.
Note here that it will take some time depending on the number of files to analyze.
In this case, the predefined rules are applied and can be seen as in File ->Settings ->Tools -> SonarLint.
With SonarQube Rules in IntelliJ IDE
In the previous section, we saw on the fly analysis in the IDE itself using the SonarLint predefined rules. In this section, we will look at another scenario where we can use SonarLint with SonarQube rules by integrating with SonarQube server.
To integrate both SonarQube and SonarLint within the IntelliJ IDE go to File -> Settings ->Tools ->SonarLint
Click on + under SonarQube/SonarCloud connections.
Select the SonarQube option and enter the connection name and the URL. Click on Next.
Enter a Token and click on Next.
Click on Next.
Click on Create to finish.
Click Apply and OK in the main Settings window.
Next, bind the project for this connection so that the analysis will be done as per the SonarQube rules defined.
Again, go to File -> Settings -> Tools -> SonarLint -> Project Settings
Click on the Checkbox Bind project to SonarQube/SonarCloud
Select the connection you just created and the project by clicking on ‘Search in list’.
Here the Project Key FSP is created in my SonarQube Server. Click on OK.
Go to the SonarLint view -> Log to look at the automatic analysis done using SonarQube server. The connection name is also shown.
The Report and Current File TAB will anyway have the details of the issue.
To get a holistic view of all the issues in the SRC folder or any other folder, click on the folder and select Analyze -> Analyze with SonarLint
The Report tab will have issues reported for all files in the folder for which analysis was triggered.
So the issues reported have to be fixed with the code shown in the previous section and the log will show that there are ZERO issues
To summarize, we have seen how to analyze using SonarLint predefined rules as well as with SonarQube rules.
Suggested Reading =>> Features, Installation, and Working of IntelliJ IDEA
Using SonarLint for Java in VS Code
Proxy Configuration
To set up proxy as it may be needed by your organization in VS Code go to File -> Preferences -> Settings. Search for proxy and add the IP address or hostname of your proxy server as provided by your proxy admin team.
This could be an optional configuration though.
On the Fly Analysis
In this section we will look at how SonarLint works with VS Code IDE for on the fly code analysis.
First, the SonarLint extension needs to be installed. Launch the VS Code IDE and go to Extensions.
Search for SonarLint and install the same.
To view the analysis output of your files/projects in the VS Code IDE, open the Command Palette.
Search for and select SonarLint: Show SonarLint Output.
Let’s now look at it on the fly or real-time analysis of the file. I have an index.jsp file which is open in the IDE.
You can see that SonarLint has found 2 issues immediately in the Output TAB
Below listed is the code added and SonarLint has found 2 issues:
<html> <head> <title> Hello World Maven App</title> </head> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India</h2> </body> </html>
PROBLEMS TAB has details of the issues.
With the recommendations received, the code fixed is as shown below in GREEN.
<!DOCTYPE html> <html lang="en"> <head> <title>Hello World Maven App</title> </head> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India </h2> </body> </html>
The PROBLEMS view is now clear and no issues have been reported.
Predefined SonarLint rules are applied in this case and can be seen from the SonarLint Pane.
With SonarQube Rules in VS Code
In the previous section we saw on the fly analysis using SonarLint predefined rules. In this section let’s look at running the analysis rules and configurations from our SonarQube server
Click on the SonarLint icon in the last pane. Click on the button Add SonarQube Connection.
Add the Server URL. For Token, click on the Generate Token and update the field. Enter a Connection Name. Save the Connection.
We now need to bind our SonarQube project to this connection. Click on the + in the SonarLint Connected Mode window.
Select the appropriate project created on our SonarQube server.
Post the connection to our SonarQube server we can see that the rules have been run from the server and not from the pre-defined SonarLint rules. Look at the Output and Problems Tab.
Once the code is fixed with the changes as done in the previous section, the Output TAB will show as ZERO issues.
To summarize we have seen how to analyze using SonarLint predefined rules as well as with SonarQube rules using VS Code.
Also Read => Top Visual Studio Extensions
Using SonarLint for Java in Eclipse
Proxy Configuration
As we have seen in previous sections, organizations provide proxy servers to connect to the internet to download any file or connect to any internet site. Similarly, to download and install plugins from within the IDE you may need to setup proxy.
To do so in Eclipse go to Windows -> Preferences -> General Network Connections
Set the proxy as per your organization’s needs. It could be an auto detect or manual proxy configuration. This could be an optional configuration though.
On the Fly Analysis
In this section we will look at how SonarLint works with Eclipse IDE for on the fly code analysis.
First, the SonarLint plugin needs to be installed. Launch the Eclipse IDE and go to Help-> Eclipse Marketplace.
Search for SonarLint and install the same.
Let’s now look at it on the fly or real-time analysis of the file. I have an index.jsp file which is open in the IDE.
You can see that SonarLint has found 2 issues immediately in the Output TAB
The JSP file has the below contents:
<html> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India, 560078</h2> </body> </html>
In Eclipse go to Window -> Show View -> Other. Select SonarLint On-The-Fly view.
The analysis based on predefined rules of SonarLint is shown in the view.
Based on the analysis report I have modified the JSP file as shown below in GREEN.
<!DOCTYPE> <html lang="en"> <head> <title>Welcome to SonarLint</title> </head> <body> <h2>Hello World from Niranjan Bengaluru, KARNATAKA, India, 560078</h2> </body> </html>
Now Save the file and look at the SonarLint On-The-Fly view. It does not contain any issues.
With SonarQube Rules in Eclipse
In the previous section we saw on the fly analysis using SonarLint predefined rules. In this section let’s look at running the analysis rules and configurations from our SonarQube server
To bind an Eclipse project to SonarQube server so as to use the rules right-click o the project and select SonarLint -> Bind to SonarQube or SonarCloud
Select SonarQube and click on Next. Enter the server URL and click Next.
Select the option token and click Next.
In the next screen, select the button Generate Token. Follow the steps and the token is added in this screen. Click on Next.
Provide the connection name and click on Next.
Click on Next. You should see the Configuration completed message in the last.
Click on Finish.
In the window which comes up click on Add to bind the Eclipse project.
Click on Next. In the last step, provide the Sonar Project Key and click on Finish.
Open the SonarLint Console from view. The analysis result is displayed once the file is saved.
Similarly as above fix the code as done in the previous section and the issue will no longer be seen in the console.
To summarize, we have seen how to analyze using SonarLint predefined rules and with SonarQube rules in Eclipse.
Also Read => Creating a new Java project in the Eclipse IDE
Conclusion
In this article on SonarLint for Java, we have seen how to use SonarLint Extension/Plugin within IntelliJ, VS Code and Eclipse IDE’s to analyze your code on the fly or in real time to fix any code issues, vulnerabilities or bugs before you can commit your code to the repository and also ensure that these issues do not show up in your build process.
Truly SonarLint extension/plugin helps the developers to get clean code free of any issues early in the development cycle which will help in a proper production deployment.