SonarQube And SonarLint difference

How exactly is sonarQube different from SonarLint ? SonarQube has a server associated with it and Sonar lint works more like a plugin. But what are their specific difference ?

SonarLint lives only in the IDE (IntelliJ, Eclipse and Visual Studio). Its purpose is to give instantaneous feedback as you type your code. For this, it concentrates on what code you are adding or updating.

SonarQube is a central server that processes full analyses (triggered by the various SonarQube Scanners). Its purpose is to give a 360° vision of the quality of your code base. For this, it analyzes all the source lines of your project on a regular basis.

Both SonarLint and SonarQube rely on the same static source code analyzers - most of them being written using SonarSource technology.

It should be added that SonarQube also performs scans with 3rd party analyzers (findBugs, checkstyle, PMD) whereas SonarLint does not include those. I think the reason is a prioritization on performance and findBugs relying on java byte-code.

Thereby your findings in SonarQube and SonarLint can vary, if the underlying quality profile uses 3rd-party scanners.

SonarQube is a server where you can host your projects and execute analysis, whereas SonarLint is an agent that allow us to connect with this SonarQube and execute the analysis remotely. SonarLint can be used with IDE or can also be executed via CLI commands.

SonarLint contains its own set of default rules but when connected to SonarQube, users can import rules from SonarQube which are actually more than just standard set of rules. We can integrate PDM, CodeStyle and many other checker on SonarQube and create custom rules.

Two facts I want to mention that I learnt from my experience, SonarLint will not inherit those custom rules from SonarQube, secondly Sonar does not work on Test classes.

Sonarqube runs the rule valiations on the server We integrated it to our TFS builds. SonarLint runs in the IDE so before I commit my code I know what lines are violating which rules inside the IDE.

Also, SonarLint does have a "Secrets detection" solution focused on cloud credentials that apply to any config files, ie. are language agnostic, which SonarQube doesn't.