使用SonarLint一次分析整个项目-按文件分析文件会产生不完整的结果 [英] Analyse complete project at once with SonarLint - Analysis file by file yields incomplete results

问题描述

我正在使用SonarLint eclipse插件评估SonarQube 5.4。

I'm evaluating SonarQube 5.4 with SonarLint eclipse plugin.

SonarQube以及该插件均已安装并正在运行。但是现在我很困惑SonarLint应该如何在连接模式下运行：

SonarQube as well as the plugin are set up and are running. But now I'm pretty confused how SonarLint is supposed to run in 'connected mode':

• SonarLint与SonarQube连接并绑定到相应的项目。但是某些问题仅在SonarQube中显示。据我了解，SonarLint应该能够识别诸如恶意代码漏洞之类的问题-通过合并对可变对象的引用可能暴露内部表示。但事实并非如此。 SonarQube可以。


• 使用SonarLint分析单个文件时，SonarLint控制台中有很多调试消息，例如在资源缓存中找不到类：org / company / project / CommonSuperClass 。但更糟糕的是：在资源缓存中找不到类：java / lang / Class 。


• 我们特别希望强调开发人员引入的问题。 SonarQube已连接到我们的存储库，并在责怪提交者方面做得很好。但是似乎无法在sonarlint中显示我自己的问题。


• 我想在自己选择的时间运行SonarLint分析，因此我决定停用自动运行SonarLint。但是似乎我只能手动分析文件，而不能分析软件包或项目。我又想念什么吗？我不想单击我的〜2000个文件中的每个文件，并进行手工分析。

• SonarLint is connected with SonarQube and is bound to the corresponding project. But some issues are only shown in SonarQube. It was my understanding SonarLint should be able to identify issues like Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object. But it does not. SonarQube does.
• When analysing a single file with SonarLint, there are a lot of debug messages in the SonarLint Console like Class not found in resource cache : org/company/project/CommonSuperClass. But even worse: Class not found in resource cache : java/lang/Class. Is it supposed to do that?
• We are specifically interested in highlighting the issues introduced by developer. SonarQube is connected our repo and does a nice job in blaming the committer. But it seems there is no way of showing my own issues in sonarlint.
• I'd like to run the SonarLint analysis at a time of my choice, so I decided to deactivated "Run SonarLint automatically". But it seems I can only analyze files manually, not packages or projects. Am I missing something again? I do not want to click on every one of my ~2000 files and analyze it by hand.

推荐答案

SonarLint和SonarQube是2种不同的产品：

SonarLint and SonarQube are 2 different products:

• 您想要对正在处理的代码进行快速反馈，以确保您不会注入问题=> SonarLint在打开文件时会分析文件以编写或查看代码


• 您希望对代码质量有360度的了解=> SonarQube分析项目的所有文件

连接模式是两个世界之间的桥梁，其发展仍在进行中。例如，我们计划使在SonarLint中看到SonarQube在项目中发现的所有问题（请参阅并投票 SLE-54 ）。

The "connected mode" is the bridge between the 2 worlds, and its development is still underway. For instance, we plan to make it possible to see inside SonarLint all the issues found on the project by SonarQube (see and vote for SLE-54).

这篇关于使用SonarLint一次分析整个项目-按文件分析文件会产生不完整的结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！