SonarLint™ is a free IDE extension that lets you fix coding issues before they exist!
Like a spell checker,it highlights Bugs and Security Vulnerabilities as you write code, with clear remediation guidance so you can fix them before the code is even committed.
In Emacs supports analysis of JavaScript, TypeScript, Python, Java, HTML, PHP, C/C++, Go, and XML out of the box!
lsp-sonarlint relies on the official vscode extension, which is downloaded and unzipped.
The official VSCode extension typically contains :
- A language server (written in java)
- A Java runtime
- Analysers for 10+ languages
- A VSCode front-end
lsp-sonarlint is emacs's equivalent of the VSCode front-end, but only implements the base feature set, i.e linting and rules viewing.
To analyze JavaScript and TypeScript, SonarLint will also need Node.js.
To analyse C/C++ projects, SonarLint's CFamily analyzer will need both a working compiler and a compile_commands.json which is typically generated by cmake or bear.
Download and include the main file lsp-sonarlint.el.
You can then run the following commands to install lsp-sonarlint:
M-x package-refresh-contents RET (to refresh your package database)
M-x package-install RET lsp-sonarlint RET (to install and compile `lsp-sonarlint` and its dependencies)
The language server relies on java plugins to properly analyze the selected language source code.
By default all are enabled, but you can specify the ones you want.
(use-package lsp-sonarlint
:custom
;; Allow sonarlint to download and unzip the official VSCode extension
;; If nil, you'll have to do that yourself. See also `lsp-sonarlint-download'
;; `lsp-sonarlint-download-url' and `lsp-sonarlint-download-dir'
(lsp-sonarlint-auto-download t)
;; Choose which analyzers you want enabled. By default all are enabled
;; See command `lsp-sonarlint-available-analyzers' for the full list.
(lsp-sonarlint-enabled-analyzers '("java" "cfamily" "python" "text")))Warning
On windows, lsp-sonarlint may encounter this issue while unzipping the VSCode extension. If you do, try the following :
(setq lsp-unzip-script lsp-ext-pwsh-script)Out of the box, SonarLint automatically checks your code against the following rules:
- JavaScript rules
- TypeScript rules
- Python rules
- Java rules
- HTML rules
- PHP rules
- XML rules
- Go rules
- C rules
- C++ rules
- Bidi (bidirectional unicode characters) + Secrets
lsp-sonarlint-auto-download- Set to t to enable auto-downloading of VSCode's extension on startup.lsp-sonarlint-download-url- Specify another URL for the VSCode extension.lsp-sonarlint-download-dir- Specify where VSCode's extension will be downloaded and unzipped.lsp-sonarlint-use-system-jre- If t, use the system Java runtime instead of the bundled one.lsp-sonarlint-enabled-analyzers- List of analyzers to enable. Defaults to 'all for all analyzers.lsp-sonarlint-modes-enabled- List of major modes where the lsp server will activate.lsp-sonarlint-disable-telemetry- Disable telemetry option (disabled by default).lsp-sonarlint-test-file-pattern- Regex to find test file, most rules are not evaluated on test files.lsp-sonarlint-show-analyzer-logs- Show analyzer logs.lsp-sonarlint-verbose-logs- Make SonarLint logs verbose.lsp-sonarlint-cfamily-compilation-commands-path- Path to compile_commands.json for C/C++ analysis.
lsp-sonarlint-download- Download the VSCode extension and unzip it. Called automatically iflsp-sonarlint-auto-downloadis set to tlsp-sonarlint-available-analyzers- List all available analyzers provided by the downloaded VSCode extension.
For most analyzers, lsp-sonarlint provides variables describing additional info.
lsp-sonarlint-LANGUAGE-doc-url- Sonarsource official plugin documentationlsp-sonarlint-LANGUAGE-repository-url- Plugin source code
Currently, sonarlint's vscode extension also provides omnisharp and Infrastructure As Code (IAC) analyzers. They have not been tested yet, you may expect some additional configuration to make them work. You'll at least need to add the major-modes to `lsp-sonarlint-modes-enabled'.
Feel free to try them out and provide feedback.
This extension collects anonymous usage data and sends it to SonarSource.
Collection of telemetry is controlled via the setting: lsp-sonarlint-disable-telemetry, it is disable by default.
Click here to see a sample of the data that are collected.
- lsp-ui : Flycheck, documentation and code actions support.
- company-capf : Completion backend support.
- treemacs : Project viewer.
- lsp-treemacs :
lsp-modeGUI controls implemented using treemacs.
You will need make and eask to run lsp-sonarlint tests.
See also (Requirements)(#requirements) section.
If you do not have eask installed, you can install it locally with:
npm install @emacs-eask/cli
export EASK="$PWD/node_modules/@emacs-eask/cli/eask"Or globally with:
npm install -g @emacs-eask/cliWe use Emacs ERT for testing. You can run tests with:
make package
make install
make compile
make download-sonarlint
make testYou can also run the tests one-by-one interactively.
Open a test file from tests/*.el in Emacs.
Evaluate the file contents (eval-buffer) to load test definitions into the session.
Run ert command to run all or selected tests.
To run the integration tests, you will have to shut down all your lsp workspaces
to ensure consistent starting state.
Check out *lsp-log*, *lsp-log: sonarlint:NNNNNNNN*, *sonarlint*, *sonarlint:stderr*
for logs when troubleshooting a test.
You can start with test/trivial-test.el to check that your testing harness works.
Contributions are very much welcome.
SONARLINT and SONARSOURCE are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.