SonarQube Now Supports Rust!
The popularity of Rust has been trending up for some time, and it has been making headway even into the conversation around the Linux kernel. A lot of people are considering adopting Rust, and some have already started their journey on this path. We know from your requests that a fair share of our users are Rustaceans. For all these reasons, we decided it is time for SonarQube to offer support for the Rust language!
What we support
With this first release, we aim at making it possible for you to adopt Rust in your toolkit and onboard your project in SonarQube to help you write more maintainable code.
Rust itself comes with a lot of bells and whistles, including a de-facto standard linter, Clippy, that most Rustaceans have adopted as a daily driver. It is a trusted part of the Rust ecosystem maintained by the community. We decided to start by building on the shoulders of giants and offer the integration of 85 Clippy rules as first-party rules within SonarQube. This means you can manage these rules in your Quality Profiles and pick and choose which ones you want in your standards.
In addition, we provide rule descriptions and issue messaging so developers get the information they need to understand and correct the issues that are detected. This helps developers learn about the issues and avoid repeating them in the future.
Of course, code coverage is a must, so you can import your coverage data in LCOV or Cobertura format.
Lastly, we also calculate the code metrics you are used to, such as Cognitive Complexity or Cyclomatic Complexity, so you can see areas of your code that need some love and attention.
Requirements
Because the analyzer is built around Clippy, you will need a Rust toolchain with Clippy installed on the machine running the SonarQube analysis.
You can also choose not to use the SonarQube Clippy integration and instead, directly ingest the list of issues generated by Clippy. In that case SonarQube will not run Clippy for you. If you were already doing this with the existing community plugin, then you can maintain this workflow. However, if you don’t use the SonarQube Clippy integration and ingest your Clippy issues directly, SonarQube will consider those issues as “external issues” and the Quality Profile settings in SonarQube will not apply to them, nor will you see the SonarQube-provided rule descriptions or messages for those issues.
Availability
The Rust analyzer is available today on SonarQube Cloud. It will also be included in the upcoming SonarQube Server 2025 Release 3 and in the next release of SonarQube Community Build.
Please note that, for now, Rust is not supported in Automatic Analysis on SonarQube Cloud. This will come at a later time.
Getting Started
To start using the Rust analyzer, ensure that Clippy is installed on the machine running the analysis. Then, configure your SonarQube project to analyze Rust code using the Scanner-CLI. You can manage the rules in your Quality Profile or ingest Clippy findings from a file.
We believe this new addition will significantly benefit Rust developers using SonarQube. We are committed to providing the best tools for integrated code quality and code security. Stay tuned for more updates!
If you haven't yet started using SonarCloud, try it out for free!