Getting Started Requirements
Page Item: Requirements SLUG: getting-started-requirements
Lorum ipsum
Lorum ipsum
PLACE ECLIPSE CONTENT HERE TO ENTERED INTO THE KONTENT.AI-SPECIFIC ASSET
Here are the requirements for SonarLint to work properly.
- Eclipse Platform Requirement: the minimal version of the Eclipse platform that SonarLint supports. If you are not familiar with Eclipse versioning scheme, see here.
- JVM requirement: the minimal version of the JVM that is used to run Eclipse.
- Node.js requirement: only for JavaScript analysis
- SonarQube minimal requirement: only if using connected mode. Usually means that the next LTS is also supported.
| SonarLint Version | Eclipse Platform Requirement | JVM Requirement | Node.js Requirement | SonarQube Min Requirement (for connected mode) |
|---|---|---|---|---|
| 6.x | 4.6+ (Neon+) | 1.8+ | 7.9+ | |
| 7.x | 4.8+ (Photon+) | 11+ | 7.9+ | |
| 7.4 | 4.8+ (Photon+) | 11+ | 12.22+ | 7.9+ |
- Analysis of Java code requires JDT
- Analysis of C and C++ requires CDT
- Analysis of Cobol requires specific integration provided only by some Cobol IDEs, like IBM Developer for z Systems (IDz) or BMC Compuware Topaz Workbench.
Please also note that recent versions of SonarLint and of our analyzers require a JRE 11+ in order to run. To this date, IBM IDz has not yet added support to Java 11 (see a request ticket here). This means that for the moment, you can only run Cobol analysis in IDz by using the following versions of Sonar products:
- SonarQube 8.9 LTS
- SonarLint for Eclipse v6.2 (download link here)
PLACE INTELLIJ CONTENT HERE TO ENTERED INTO THE KONTENT.AI-SPECIFIC ASSET
Node.js >= 8.x is required to perform JavaScript or TypeScript analysis.
NOTE: ARE THERE MORE REQUIREMENTS? THE ABOVE WAS FOUND ON THE README PAGE
PLACE VISUAL STUDIO CONTENT HERE TO ENTERED INTO THE KONTENT.AI-SPECIFIC ASSET
The only thing you need to install is the VSIX (in versions prior to v4.34, additional steps were required for some languages).
Sonar’s JavaScript and TypeScript analyzers require specific Node.js versions to be installed on the machine. If no compatible version is found, the analysis will not be performed. See the table below for minimal required Node.js version per SonarLint version:
| SonarLint for Visual Studio Version | Minimal Required Node.js Version |
|---|---|
| v6.9 | Node.js v14.17 and higher |
| v6.8 | Node.js v12.22 and higher |
| v6.7 and earlier | Node.js v10 and higher, excluding Node.js v11 |
SonarLint for Visual will attempt to locate a compatible Node.js version on the machine by searching on the %PATH%. It will also check whether there is a Node.js installation as part of the current Visual Studio installation.
If SonarLint cannot find a compatible Node.js version, it will show a notification in a gold bar like the following:
The Output Window will contain additional information about the Node.js versions that were located:
You can also set the environment variable SONAR_NODEJS_PATH to specify a custom location. The value should be the full file path to the node executable e.g. c:\custom\node.exe.
The environment variable takes precedence over the automatic detection. You will need to restart Visual Studio after setting or changing the environment variable.
If the machine does not have a compatible version of Node.js, you can manually install one.
Node.js versions can be downloaded from the official website nodejs.org.
Both the 32-bit and 64-bit versions are supported.
The simplest installation method on Windows is to use the appropriate .msi.
From time to time the Sonar JavaScript/TypeScript analyzer will increase the minimum required Node.js version as older versions go out of support. The dropping of support will be announced in advance in the Community Forum (e.g. this post regarding the deprecation of Node.js v12 and dropping of support for Node.js vs10).
This page will be updated as the minimum required Node.js version changes.
PLACE VISUAL STUDIO CONTENT HERE TO ENTERED INTO THE KONTENT.AI-SPECIFIC ASSET
The SonarLint language server needs a Java Runtime (JRE) 11+.
On the following platforms, SonarLint comes with its own Java runtime:
- Windows x86-64
- Linux x86-64
- macOS x86-64 (Intel Macs) and arm-64 (Apple Silicon Macs)
On other platforms and if a Java runtime is already installed on your computer, SonarLint should automatically find and use it. Here is how SonarLint will search for an installed JRE (in priority order):
-
the
sonarlint.ls.javaHomevariable in VS Code settings if set. For instance:{ "sonarlint.ls.javaHome": "C:\Program Files\Java\jre-11.0.11" }
-
embedded JRE for platform-specific installations
-
the value of the
JDK_HOMEenvironment variable if set -
the value of the
JAVA_HOMEenvironment variable if set -
on Windows the registry is queried
-
if a JRE is still not found then:
- the
PATHis scanned forjavac - on macOS, the parent directory of
javacis checked for ajava_homebinary. If that binary exists then it is executed and the result is used - the grandparent directory of
javacis used. This is similar to$(dirname $(dirname $(readlink $(which javac))))
- the
SonarLint then uses the first JRE found in these steps to check its version.
If a suitable JRE cannot be found at those places, SonarLint will ask for your permission to download and manage its own version.
To analyze JavaScript and TypeScript code, SonarLint requires Node.js executable. The minimal supported version is 14.17.0 for standalone analysis or Connected Mode with SonarCloud. For Connected Mode with SonarQube, it depends on the version of the JS/TS analyzer on your SonarQube server. SonarLint will attempt to automatically locate node, or you can force the location using:
{
"sonarlint.pathToNodeExecutable": "/home/yourname/.nvm/versions/node/v14.17.0/bin/node"
}Analysis of TypeScript in Connected Mode with SonarQube requires the server to use version 8.1 or above.
To analyze C and C++ code, SonarLint requires compile commands json file:
{
"sonarlint.pathToCompileCommands": "/home/yourname/repos/proj/compile_commands.json"
}Note: if you are using Microsoft compiler, the environment should be ready to build the code. For example, by launching VS Code from your Visual Studio Command Prompt
To enable the support for Java analysis, you need the Language support for Java VSCode extension (version 0.56.0 or higher). You also need to be in standard mode.
The support for Apex analysis is only available together with SonarQube Enterprise Edition or SonarCloud (see Connected Mode below). You also need the Salesforce Extension Pack VSCode extension.
The support for PL/SQL analysis is only available together with SonarQube Developer Edition or SonarCloud (see Connected Mode below). You also need the Oracle Developer Tools for VSCode extension.
Security vulnerabilities requiring taint engine analysis (taint vulnerabilities) are only available in Connected Mode because SonarLint pulls them from SonarQube or SonarCloud following a project analysis.
To browse injection vulnerabilities in SonarLint for VSCode, establish Connected Mode with your SonarQube Developer Edition (and above) or SonarCloud instance. Once a Project Binding is configured, SonarLint will synchronize with the SonarQube or SonarCloud server to report the detected injection vulnerabilities.
More information about security-related rules are available in the SonarQube or SonarCloud documentation.