SonarQube Lint Scanner

Scan without server requirement!

Scan your full project for SonarQube for IDE issues directly inside VS Code.

This extension automates “scan everything” and then collects what SonarQube for IDE reports, so you can export/browse all findings at once.

SonarQube for IDE is still required (install the official SonarSource extension). This extension builds on top of it; it does not replace it.

The extension adds a Sonar Problems panel (next to VS Code's Problems) that supports selection and copy (including Ctrl+A + Copy All).

Quick start

1. Install SonarQube for IDE.
2. Install this extension.
3. Run: sonarlintscanner: Scan Workspace or press the Scan button in the Sonar Problems panel.
4. Either Copy All (or per‑group copy) or point your AI agent at the /.problems/ folder with your prompt so it can read issues directly.

How it works

• You still need the SonarQube for IDE extension installed. This extension does not ship analyzers; it relies on SonarQube for IDE to produce diagnostics.
• When you run Scan Workspace, the extension triggers analysis and then reads issues from VS Code diagnostics.
  • If SonarQube for IDE supports workspace-level analysis in your environment, it will use that (fast).
  • Otherwise, it can fall back to analyzing by opening files one-by-one (slower, but works for “scan everything”).
• After analysis, it waits for diagnostics to “settle” (so it doesn’t export too early and miss issues).
• It then exports what SonarQube for IDE reported into the /.problems/ folder as structured report files.

These exported /.problems/ files are intentionally AI-friendly: you can attach them to your AI workflow (or point an agent at the folder) to help automatically triage and fix issues.

AI workflow tips

SonarQube for IDE doesn’t scan a full workspace on its own without a server, but this extension does. It scans all files in your workspace, writes the results to /.problems/, and keeps the Sonar Problems panel in sync. After fixes, simply rescan to refresh the reports. You can point your AI agent at the /.problems/ folder to triage issues, apply fixes, and re-run the scan to verify progress. To start, click Scan Workspace and wait for the scan to finish.

Commands

• sonarlintscanner: Scan Workspace
• sonarlintscanner: Collect Diagnostics
• sonarlintscanner: Refresh Problems Panel
• sonarlintscanner: Open Report (JSON)
• sonarlintscanner: Open Report (Text)
• sonarlintscanner: Open Report (TOON)
• sonarlintscanner: Copy Summary
• sonarlintscanner: Open Settings
• sonarlintscanner: Open Dashboard

Output

By default the extension writes reports under /.problems/ in your workspace:

• /.problems/json/index.json (index)
• /.problems/json/<group>/<rule>.json (per-rule grouped issues)
• optionally: /.problems/txt/<group>/<rule>.txt
• optionally: /.problems/toon/index.toon and /.problems/toon/<group>/<rule>.toon

The <group> folder can be controlled via sonarlintscanner.outputGrouping:

• severity (default): blocker/critical/major/minor/info
• type: bug/code_smell/vulnerability/security_hotspot

Settings (most useful)

• sonarlintscanner.outputFile (string): output index JSON path (workspace-relative or absolute)
• sonarlintscanner.outputFormat (string): choose exactly one output format (toon default, or json, txt)
• sonarlintscanner.problemsPanelPollSeconds (number): auto-refresh interval for the Sonar Problems panel (default 5). Set to 0 to disable polling.
• sonarlintscanner.includeGlob / sonarlintscanner.excludeGlob
• sonarlintscanner.maxFiles
• sonarlintscanner.analyzeAllFilesOnScan (boolean)
• sonarlintscanner.onlyAnalyzeKnownSourceFiles + sonarlintscanner.analyzeExtensions (big performance win)
• sonarlintscanner.analyzeDelayMs / sonarlintscanner.diagnosticWaitMaxMs

UI

• Activity Bar: SonarQube Lint Scanner (Dashboard)
• Panel: Sonar Problems (search, grouping, severity filter, copy)
  • Copy actions: Copy All, group header copy buttons, and right-click context menu copy