SonarLint for Emacs

SonarLint™ is a free IDE extension that lets you fix coding issues before they exist!

Like a spell checker,it highlights Bugs and Security Vulnerabilities as you write code, with clear remediation guidance so you can fix them before the code is even committed.

In Emacs supports analysis of JavaScript, TypeScript, Python, Java, HTML, PHP, C/C++, Go, and XML out of the box!

:warning: This is not an official SonarSource extension

How it works

lsp-sonarlint relies on the official vscode extension, which is downloaded and unzipped.

The official VSCode extension typically contains :

• A language server (written in java)
• A Java runtime
• Analysers for 10+ languages
• A VSCode front-end

lsp-sonarlint is emacs's equivalent of the VSCode front-end, but only implements the base feature set, i.e linting and rules viewing.

Requirements

• emacs >= 25
• lsp-mode
• ht
• dash

To analyze JavaScript and TypeScript, SonarLint will also need Node.js.

To analyse C/C++ projects, SonarLint's CFamily analyzer will need both a working compiler and a compile_commands.json which is typically generated by cmake or bear.

Installation

Source

Download and include the main file lsp-sonarlint.el.

Melpa

You can then run the following commands to install lsp-sonarlint:

M-x package-refresh-contents RET      (to refresh your package database)
M-x package-install RET lsp-sonarlint RET   (to install and compile `lsp-sonarlint` and its dependencies)

Usage

The language server relies on java plugins to properly analyze the selected language source code.

By default all are enabled, but you can specify the ones you want.

(use-package lsp-sonarlint
  :custom
  ;; Allow sonarlint to download and unzip the official VSCode extension
  ;; If nil, you'll have to do that yourself. See also `lsp-sonarlint-download'
  ;; `lsp-sonarlint-download-url' and `lsp-sonarlint-download-dir'
  (lsp-sonarlint-auto-download t)

  ;; Choose which analyzers you want enabled. By default all are enabled
  ;; See command `lsp-sonarlint-available-analyzers' for the full list.
  (lsp-sonarlint-enabled-analyzers '("java" "cfamily" "python" "text")))

[!WARNING] On windows, lsp-sonarlint may encounter this issue while unzipping the VSCode extension. If you do, try the following :

(setq lsp-unzip-script lsp-ext-pwsh-script)

Static Analysis Rules

Out of the box, SonarLint automatically checks your code against the following rules:

• JavaScript rules
• TypeScript rules
• Python rules
• Java rules
• HTML rules
• PHP rules
• XML rules
• Go rules
• C rules
• C++ rules
• Bidi (bidirectional unicode characters) + Secrets

Supported settings

• lsp-sonarlint-auto-download - Set to t to enable auto-downloading of VSCode's extension on startup.
• lsp-sonarlint-download-url - Specify another URL for the VSCode extension.
• lsp-sonarlint-download-dir - Specify where VSCode's extension will be downloaded and unzipped.
• lsp-sonarlint-use-system-jre - If t, use the system Java runtime instead of the bundled one.
• lsp-sonarlint-enabled-analyzers - List of analyzers to enable. Defaults to 'all for all analyzers.
• lsp-sonarlint-modes-enabled - List of major modes where the lsp server will activate.
• lsp-sonarlint-disable-telemetry - Disable telemetry option (disabled by default).
• lsp-sonarlint-test-file-pattern - Regex to find test file, most rules are not evaluated on test files.
• lsp-sonarlint-show-analyzer-logs - Show analyzer logs.
• lsp-sonarlint-verbose-logs - Make SonarLint logs verbose.
• lsp-sonarlint-cfamily-compilation-commands-path - Path to compile_commands.json for C/C++ analysis.

Available commands

• lsp-sonarlint-download - Download the VSCode extension and unzip it. Called automatically if lsp-sonarlint-auto-downloadis set to t
• lsp-sonarlint-available-analyzers - List all available analyzers provided by the downloaded VSCode extension.

Plugins additional info

For most analyzers, lsp-sonarlint provides variables describing additional info.

• lsp-sonarlint-LANGUAGE-doc-url - Sonarsource official plugin documentation
• lsp-sonarlint-LANGUAGE-repository-url - Plugin source code

Plugins not tested yet

Currently, sonarlint's vscode extension also provides omnisharp and Infrastructure As Code (IAC) analyzers. They have not been tested yet, you may expect some additional configuration to make them work. You'll at least need to add the major-modes to `lsp-sonarlint-modes-enabled'.

Feel free to try them out and provide feedback.

Data and telemetry

This extension collects anonymous usage data and sends it to SonarSource.

Collection of telemetry is controlled via the setting: lsp-sonarlint-disable-telemetry, it is disable by default.

Click here to see a sample of the data that are collected.

Additional packages

• lsp-ui : Flycheck, documentation and code actions support.
• company-capf : Completion backend support.
• treemacs : Project viewer.
• lsp-treemacs : lsp-mode GUI controls implemented using treemacs.

Contributions

Contributions are very much welcome.

Copyright

SONARLINT and SONARSOURCE are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.