I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
Related
I installed SonarLint plugin for Visual Studio.
Can I perform code analysis with SonarLint without connecting to SonarQube server?
From other blogs, I understand "code analysis" option is shown in menu. But this option is always available in Visual studio, even without this plugin and I think this is Visual studio code analysis. Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Yes. It will not be as robust as the scans performed by SonarQube server, but SonarLint has inline scanning that builds upon the native functionality of visual studio (or whatever supported IDE for that matter).
You can prove it to yourself - include SonarLint in your solution, but without connecting to a sonar server instance. Try out any of the rules, like S100 Methods and properties should be named in camel case (click References -> right click Analyzers -> Open Active Ruleset -> select the checkbox for S100). If you then create a method STUFFthingsSTUFF() you will get green line highlighting with a description telling you that it does not abide by camel case standards. Remove the rule and the highlighting goes away.
I am bit confused regarding binding a visual studio project with sonarqube server.
We bind project to sonarqube server to :
1) See the analysis run by SonarLint on SonarQube server
OR
2) To use the Sonarqube quality profiles rule to detect warning/error in visual studio .
Which one is correct ?
It's for (2): binding the MSBuild solution to the server synchronises the ruleset used in Visual Studio with the Quality Profile defined in SonarQube. The goal is to have the same set of issues appearing in the IDE as would appear when an analysis is run on a CI machine and pushed to SonarQube. Note however that the issues will be slightly different due to some current limitations e.g. parameterised rules are not run in the Visual Studio at present as the connected mode doesn't yet synchronise the necessary configuration).
In addition, when a Visual Studio solution is bound to a SonarQube project, issues that are suppressed in SonarQube will not be reported in the IDE, and notifications will be displayed in the IDE when the quality gate changes.
I've been setting up SonarQube analysis for one of our builds in VSTS, and I've noticed that there's a difference in the code analysis / build warnings if the advanced option "include full analysis report in build summary" is enabled in VSTS.
We have a custom ruleset enabled for our local builds in Visual Studio, which combines Microsoft CodeAnalysis warnings and StyleCop analyzers. When we run the build in VSTS with the full analysis report setting enabled, these warnings don't show up, and only the SonarQube warnings are displayed. I thought this was expected for all builds using SonarQube, as mentioned here in the link below.
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS#AnalyzingwithSonarQubeExtensionforVSTS-TFS-Note
However, if we disable this setting, we get additional SonarQube warnings, but the Microsoft and StyleCop warnings also show up.
Can anyone explain why the two behaviors are different? Ideally, we'd like warnings from Microsoft, StyleCop and SonarQube to show up, AND for the build to include the full analysis report - is there any way to do this?
I'm using SonarQube v6.7.1.35068, SonarC# v6.7.1 (build 4347), and v3.* of the VSTS SonarQube task.
The Include full analysis report in the build summary setting doesn't change the ruleset or analyzers that are run during the analysis. All it does is cause the End task to poll the SonarQube server until the server-side part of the analysis has completed so that it can show the final analysis results on the VSTS build summary page.
To work out what is different between the builds you could try enabling more verbose logging:
for SonarQube, set the Additional Settings property of the VSTS Begin task /d:sonar.verbose=true
for VSTS, set the system.debug build to true
You're right, the Begin task does limit the analyzers and rules that are run to those that are configured on the SonarQube server.
To have the Microsoft FxCop rules run as past of the analysis run you would install the FxCop plugin for SonarQube and include its rules in your Quality Profile.
To run the StyleCop rules (assuming you're using the new Roslyn-base StyleCop analyzers) you would first have to create a SonarQube plugin for it using the SonarQube Roslyn SDK, then install the plugin and add the rules to Quality Profile.
First, the Include full analysis report in build summary shouldn’t affect the result in Issues section of build summary, it is used to upload the report to build summary and the result will be show in the bottom of build summary (below Work items linked to associated changes section).
Secondly, the Issues section of build summary can’t show all analysis result, just part of it.
You can upload the result files to build through Logging Command (e.g. Write-Host "##vso[task.addattachment type=Distributedtask.Core.Summary;name=testsummaryname;]c:\testsummary.md") and it will show in the bottom of build summary (The sonarqube task uses this way too).
I have installed SonarLint extension (V 2.8) for Visual Studio 2015.
Can the code be analysed locally WITHOUT connecting to a SonarQube server?
Do I need to install something else in order to analyze my code (if i dont have SonarQube)?
I dont see the rulesets added to my project. How do I add rulesets? and from where?
I checked the SonarLint GitHub page but couldn't find the relevant documentation
After you install SonarLint for Visual Studio, analysis results (warnings) will automatically show up in the Error Window. You might need to enable Tools/Options/Text Editor/C#/Advanced/Enable full solution analysis otherwise only open files will be analyzed.
Most of the rules are enabled by default, some of them are not. You can control this through the ruleset file, but when no ruleset file is present, the default rule activation is used. Rule enablement can be changed for each of your projects by right clicking on References/Analyzers/Open Active Rule Set. This part is documented on the SonarLint website here: FAQ. (Note that this is not specific to SonarLint though, it's the normal Visual Studio experience.)
I have a build template which was created with VS2010 or lower version of VS. Now, I have VS2013. I want to enable code coverage for that build, but I do not see such option as in this page:
http://www.codewrecks.com/blog/index.php/2013/06/08/code-coverage-during-tfs-2012-build/
If I select the default build template when creating a new build definition - then I see the option to enable code coverage.
Am I missing something?
Another question if I should re-create (with VS2013) all my custom build templates that were created with VS2010 or lower versions in order for everything to work fine and in order too see the features such as code coverage?
You should recreate your build in 2013 and make sure that you only use custom PowerShell. The new build system in TFS 2015 does not use xaml builds.
If you use PowerShell to customize you will minimize conversion cost.