SonarLint for VS Code Overview | a free and open source IDE extension

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

foreign [Music] we'll be highlighting sonar Lin for vs code we'll talk about how to install the extension the experience while coding as well as the advantages of and how to set up connected mode documentation for sonar Lin is available on our docs.sonarsource.com website where you'll see a separate documentation for each of the supported IDE families and you can dive into additional details Beyond what's been featured in this video getting sonar lint is Easy A simply search for us in the extensions Marketplace in vs code and click install out of the box sonar Lin will immediately start giving you feedback for example when you open up a file sonarlin will analyze the existing contents of the file and if it finds any issues alert you to them both with some feedback directly within the code when we Mouse over as well as a summary of all the problems found in the problems pane of vs code if you'd like more information regarding a particular finding all you have to do is click to open the description and you'll be able to learn in depth why we regard this particular problem as an issue what you can do to fix it and where you can go for some more information about it sooner lint will also give you feedback as you interact with your code so for example if we work on fixing the issue that we've just learned about we can go ahead and do that we see sonarlane continuously giving us feedback as we interact with the code and once we've finished resolving the issue we'll have the comforting site of an indication that there are no problems in our current file and now that's some clean code it's possible within sonar lint to manage the rules that are active while we interact with the code for example we can deactivate particular Rules by mousing over them and clicking the x button to deactivate them however there is a better way to manage this if you've got a sonar Cloud subscription or a sonar Cube instance that would allow you to synchronize the settings within sonar lint with the quality profile settings that you may have already established with your project team and we call this connected mode to set up connected mode we simply need to find the connected mode pane within the sonar lint area in the IDE and we can choose to add a sonar Cube or a sonar Cloud Connection in my case I'll add a sonar Cube connection all we need to know is the URL for our server and then we can click the button to interact with our sonar Cube instance and generate a token we can say to allow the connection from sonar lint go back to our IDE and now as soon as we save the connection we should be good to go sonar lint as you notice here will also prompt to see if the project that you have already opened within the IDE matches a project that's known to your sonar Cube or sonar Cloud instance it's best here if it makes sense to click to configure The Binding and now you're automatically set up both connected to your server as well as synchronized with your project settings once connected mode is set up what we'll see is if we interact with other files in our project we'll get not only the local results that come from sonar lints on the Fly analysis of the code but we'll also be notified if our previous sonar Cube or sonar Cloud analysis had found a problem that perhaps spans multiple files within the project we can of course choose to take a look at the documentation to understand more about these issues why in this particular case it thinks that there's a database injection vulnerability how we can fix it note for many of our issues we can also provide some feedback specific to the Frameworks you may actually be interacting with and there's also a capability with these types of issues to take a look at multiple locations so we can see not only where the vulnerability actually manifests itself but really all of the locations in the project that contribute to this particular problem since after all it will be up to you as a developer to choose the most appropriate place for a fix it's not necessarily always the final line where for example a vulnerability manifests itself we can also choose to open the issue to view it within our sonar Cube instance or on Sonar cloud we might choose to do this for example to add a comment so that we can collaborate with our teammates over how to fix the problem or even perhaps to assign the issue to another member of the team other advantages of connected mode include synchronization of other details about issues so not only finding issues that were previously discovered by sonar Cube or sonar Cloud analysis but also the suppression of any issues that you've previously marked as a false positive or that you won't fix for some other reason will also synchronize the quality profiles so if you've already worked with your project team to deactivate some rules or activate additional rules or change rule configurations within your sonar settings that will be synchronized to the IDE you'll also get the ability to analyze more languages so all of the languages that are included in your sonar commercial subscription if you have one will be unlocked in the IDE as long as your IDE supports that language and you'll even receive notifications of key events in the life cycle of your project such as the changing of a quality gate status for example on your main branch for more information about sonar lint as well as to stay synchronized with our latest features you can also find us at sonarsource.com products slash sonarlint [Music]

Info

Channel: Sonar

Views: 15,738

Rating: undefined out of 5

Keywords:

Id: m8sAdYCIWhY

Channel Id: undefined

Length: 6min 32sec (392 seconds)

Published: Fri Aug 25 2023