Using SonarLint for Java with IntelliJ, VS Code, and Eclipse IDE

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Learn about our editorial policies.
Updated March 9, 2024

Get a clear idea about Using SonarLint for Java with IntelliJ, VS Code, and Eclipse IDE through simple and easy code examples:

SonarLint is a free IDE Extension used for code analysis as the developers write the code. Some teams may also have a policy that before committing/merging the code to a Feature or Development branch, code analysis is mandatory and no SonarLint issues should be present.

So the IDE is a great place to discover coding issues and address them immediately.

SonarLint’s extension to the IDE provides immediate code improvement feedback during coding rather than waiting until a static code analysis step such as SonarQube towards the end.

So SonarLint is for the developers who analyze the code on the fly to help identify the bugs and other issues that help with code readability. SonarQube is more for teams that enable continuous inspection and analysis of the source code at frequent intervals.

SonarLint for Java with IntelliJ, VS Code, and Eclipse IDE

Using-SonarLint-for-Java-with-IntelliJ-VS-Vode-and-Eclipse-FI

In this article on SonarLint for Java, we will see how to use the SonarLint extension with IntelliJ, VS Code, and Eclipse IDE which will show us what is wrong with the code and give us best practices of fixes to be done.

logos

I am using the trial version of the Ultimate edition of the IDE for this article. IntelliJ trial can be downloaded for your OS from IntelliJ Trial. The community edition of IntelliJ IDEA is free.

VS Code is free and can be downloaded for your OS from VS Code. Eclipse IDE is free and can be downloaded from Eclipse IDE.

Pre-requisites:

  • IntelliJ, VS Code, and Eclipse IDE should be downloaded and installed.
  • JDK 11+
  • Internet connection to download and install the SonarLint plugin into the IDE.

Using SonarLint for Java in IntelliJ

Proxy Configuration

Organizations provide a proxy server to connect to the internet to download any file or connect to any internet site. Similarly, to download and install plugins from within the IDE you may need to set up a proxy.

To do so in IntelliJ go to File -> Settings -> Appearance & Behaviour -> System Settings -> HTTP Proxy

Set the proxy as per your organization’s needs. It could be an auto-detect or manual proxy configuration. This could be an optional configuration though.

Using SonarLint in IntelliJ – SonarLint for Java

On the Fly Analysis

To integrate the analysis within IntelliJ IDEA, we need to install the SonarLint plugin into IDE. Launch the IntelliJ IDEA and go to the Plugins section. Search for the SonarLint plugin and install the same.

SonarLint Plugin - SonarLint for Java

After the installation of the plugin restart the IDE for the plugin to take effect. With the IDE to install any other plugins, you can go to File -> Settings -> Plugins

Let’s see a scenario where a developer is working on a JSP file as shown and on the fly the analysis is done and the issues are immediately reported in the SonarLint view.

Below is a sample Maven project. The JSP file has the following contents:

<html>
<head>
<title> Hello World Maven App</title>
</head>
<body>
<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India</h2>
</body>
</html>
sample Maven project

In the SonarLint view, 2 issues are immediately listed for the current open file.

Once you fix it, the issue will be gone. The corrected code is as shown below in GREEN.

corrected code - SonarLint for Java
<!DOCTYPE>
<html lang="en">
<head>
<title>Hello World Maven App</title>
</head>
<body>
<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India </h2>
</body>
</html>
corrected code

Now we have a clean code as you fix them on the fly and SonarQube analysis during the build will not report these. The Current file view shows that there are no issues reported once the recommendations are added to the code.

So the above analysis has been done with the predefined set of rules.

To analyze the entire Maven project, right click on the project and select  Analyze -> Analyze with SonarLint or Ctrl+Shift+S.

Note here that it will take some time depending on the number of files to analyze.

Analyze with SonarLint - SonarLint for Java

In this case, the predefined rules are applied and can be seen as in File ->Settings ->Tools -> SonarLint.

With SonarQube Rules in IntelliJ IDE

In the previous section, we saw on the fly analysis in the IDE itself using the SonarLint predefined rules. In this section, we will look at another scenario where we can use SonarLint with SonarQube rules by integrating with SonarQube server.

To integrate both SonarQube and SonarLint within the IntelliJ IDE go to File -> Settings ->Tools ->SonarLint

Click on + under SonarQube/SonarCloud connections.

Click on +

Select the SonarQube option and enter the connection name and the URL. Click on Next.

Connection name and URL

Enter a Token and click on Next.

Enter a Token
Receive notification

Click on Next.

Create - SonarLint for Java

Click on Create to finish.

Click Apply and OK in the main Settings window.

Settings window

Next, bind the project for this connection so that the analysis will be done as per the SonarQube rules defined.

Again, go to File -> Settings -> Tools -> SonarLint -> Project Settings

Click on the Checkbox Bind project to SonarQube/SonarCloud

Select the connection you just created and the project by clicking on ‘Search in list’.

Select the connection - SonarLint for Java

Here the Project Key FSP is created in my SonarQube Server. Click on OK.

Go to the SonarLint view -> Log to look at the automatic analysis done using SonarQube server. The connection name is also shown.

automatic analysis

The Report and Current File TAB will anyway have the details of the issue.

To get a holistic view of all the issues in the SRC folder or any other folder, click on the folder and select Analyze -> Analyze with SonarLint

SRC folder

The Report tab will have issues reported for all files in the folder for which analysis was triggered.

So the issues reported have to be fixed with the code shown in the previous section and the log will show that there are ZERO issues

Report tab

To summarize, we have seen how to analyze using SonarLint predefined rules as well as with SonarQube rules.

Suggested Reading =>> Features, Installation, and Working of IntelliJ IDEA

Using SonarLint for Java in VS Code

Proxy Configuration

To set up proxy as it may be needed by your organization in VS Code go to File -> Preferences -> Settings. Search for proxy and add the IP address or hostname of your proxy server as provided by your proxy admin team.

Search for proxy

This could be an optional configuration though.

On the Fly Analysis

In this section we will look at how SonarLint works with VS Code IDE for on the fly code analysis.

First, the SonarLint extension needs to be installed. Launch the VS Code IDE and go to Extensions.

Launch the VS Code IDE

Search for SonarLint and install the same.

Search for SonarLint_ Install

To view the analysis output of your files/projects in the VS Code IDE, open the Command Palette.

Command Palette

Search for and select SonarLint: Show SonarLint Output.

Show SonarLint Output

Let’s now look at it on the fly or real-time analysis of the file. I have an index.jsp file which is open in the IDE.

You can see that SonarLint has found 2 issues immediately in the Output TAB

found 2 issues

Below listed is the code added and SonarLint has found 2 issues:

<html>
<head>
<title> Hello World Maven App</title>
</head>
<body>
<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India</h2>
</body>
</html>

PROBLEMS TAB has details of the issues.

PROBLEMS TAB

With the recommendations received, the code fixed is as shown below in GREEN.

code fixed
<!DOCTYPE html>
<html lang="en">
<head>
<title>Hello World Maven App</title>
</head>
<body>

<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India </h2>

</body>
</html>

The PROBLEMS view is now clear and no issues have been reported.

no issues have been reported

Predefined SonarLint rules are applied in this case and can be seen from the SonarLint Pane.

Predefined SonarLint rules

With SonarQube Rules in VS Code

In the previous section we saw on the fly analysis using SonarLint predefined rules. In this section let’s look at running the analysis rules and configurations from our SonarQube server

Click on the SonarLint icon in the last pane. Click on the button Add SonarQube Connection.

Add SonarQube Connection

Add the Server URL. For Token, click on the Generate Token and update the field. Enter a Connection Name. Save the Connection.

Using SonarQube connection

We now need to bind our SonarQube project to this connection. Click on the + in the SonarLint Connected Mode window.

SonarLint Connected Mode window

Select the appropriate project created on our SonarQube server.

Select the appropriate project

Post the connection to our SonarQube server we can see that the rules have been run from the server and not from the pre-defined SonarLint rules. Look at the Output and Problems Tab.

Output and the Problems Tab
Problems Tab

Once the code is fixed with the changes as done in the previous section, the Output TAB will show as ZERO issues.

Output TAB will show as ZERO issues

To summarize we have seen how to analyze using SonarLint predefined rules as well as with SonarQube rules using VS Code.

Also Read => Top Visual Studio Extensions

Using SonarLint for Java in Eclipse

Proxy Configuration

As we have seen in previous sections, organizations provide proxy servers to connect to the internet to download any file or connect to any internet site. Similarly, to download and install plugins from within the IDE you may need to setup proxy.

To do so in Eclipse go to Windows -> Preferences -> General Network Connections

Network Connection

Set the proxy as per your organization’s needs. It could be an auto detect or manual proxy configuration. This could be an optional configuration though.

On the Fly Analysis

In this section we will look at how SonarLint works with Eclipse IDE for on the fly code analysis.

First, the SonarLint plugin needs to be installed. Launch the Eclipse IDE and go to Help-> Eclipse Marketplace.

Search for SonarLint and install the same.

Eclipse Marketplace

Let’s now look at it on the fly or real-time analysis of the file. I have an index.jsp file which is open in the IDE.
You can see that SonarLint has found 2 issues immediately in the Output TAB

The JSP file has the below contents:

<html>
<body>
<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India, 560078</h2>
</body>
</html>

In Eclipse go to Window -> Show View -> Other. Select SonarLint On-The-Fly view.

Select SonarLint On-The-Fly

The analysis based on predefined rules of SonarLint is shown in the view.

analysis

Based on the analysis report I have modified the JSP file as shown below in GREEN.

analysis report - SonarLint for Java
<!DOCTYPE>
<html lang="en">
<head>
<title>Welcome to SonarLint</title>
</head>
<body>
<h2>Hello World from Niranjan Bengaluru, KARNATAKA, India, 560078</h2>
</body>
</html>

Now Save the file and look at the SonarLint On-The-Fly view. It does not contain any issues.

SonarLint On-The-Fly view.

With SonarQube Rules in Eclipse

In the previous section we saw on the fly analysis using SonarLint predefined rules. In this section let’s look at running the analysis rules and configurations from our SonarQube server

To bind an Eclipse project to SonarQube server so as to use the rules right-click o the project and select SonarLint -> Bind to SonarQube or SonarCloud

Bind to SonarQube or SonarCloud - SonarLint for Java

Select SonarQube and click on Next. Enter the server URL and click Next.

SonarQube server URL

Select the option token and click Next.

authentication method

In the next screen, select the button Generate Token. Follow the steps and the token is added in this screen. Click on Next.

Generate Token

Provide the connection name and click on Next.

Provide a connection name
Configure Notification - SonarLint for Java

Click on Next. You should see the Configuration completed message in the last.

Configuration completed

Click on Finish.

In the window which comes up click on Add to bind the Eclipse project.

Select project to bind
Add the project - SonarLint for Java

Click on Next. In the last step, provide the Sonar Project Key and click on Finish.

provide the Sonar Project Key

Open the SonarLint Console from view. The analysis result is displayed once the file is saved.

SonarLint Console

Similarly as above fix the code as done in the previous section and the issue will no longer be seen in the console.

fix the code

To summarize, we have seen how to analyze using SonarLint predefined rules and with SonarQube rules in Eclipse.

Also Read => Creating a new Java project in the Eclipse IDE

Conclusion

In this article on SonarLint for Java, we have seen how to use SonarLint Extension/Plugin within IntelliJ, VS Code and Eclipse IDE’s to analyze your code on the fly or in real time to fix any code issues, vulnerabilities or bugs before you can commit your code to the repository and also ensure that these issues do not show up in your build process.

Truly SonarLint extension/plugin helps the developers to get clean code free of any issues early in the development cycle which will help in a proper production deployment.

Was this helpful?

Thanks for your feedback!

Leave a Comment