I installed SonarLint plugin for Visual Studio.
Can I perform code analysis with SonarLint without connecting to SonarQube server?
From other blogs, I understand "code analysis" option is shown in menu. But this option is always available in Visual studio, even without this plugin and I think this is Visual studio code analysis. Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Yes. It will not be as robust as the scans performed by SonarQube server, but SonarLint has inline scanning that builds upon the native functionality of visual studio (or whatever supported IDE for that matter).
You can prove it to yourself - include SonarLint in your solution, but without connecting to a sonar server instance. Try out any of the rules, like S100 Methods and properties should be named in camel case (click References -> right click Analyzers -> Open Active Ruleset -> select the checkbox for S100). If you then create a method STUFFthingsSTUFF() you will get green line highlighting with a description telling you that it does not abide by camel case standards. Remove the rule and the highlighting goes away.
Related
Lately I have tried to get all quality and style rules for my team into an .editorconfig file. As ReSharper still has a larger scope of style rules than .NET Analyzers and other such things, and as it has grown to embrace the EditorConfig approach, I have exported all of our ReSharper rules to the .editorconfig file, and deleted our team's DotSettings file. I've been attempting to make almost all rules have a minimum severity of warning, and to have warnings be treated as errors. This goes for ReSharper and the standard VS rules. My end goal is to have our builds break, both locally and on our Azure DevOps Pipelines, if any of the rules in the .editorconfig, from ReSharper or otherwise, are violated.
So far, I have been unable to get ReSharper-specific errors or warnings to break the build in any of the following:
Visual Studio build (MSBuild)
dotnet build (local)
ReSharper Build
dotnet build (Azure DevOps YAML Pipeline)
Now I'm starting to suspect that the ReSharper rules are really only for assistance at design time, but that there are no mechanisms to make them actually cause a build to fail. I'm hoping I'm wrong and that I just need to change a configuration or install some kind of add-on locally and/or on Azure DevOps.
As you already suspected, some of your criteria cannot be met ootb, namely:
Visual Studio build (MSBuild)
dotnet build (local)
dotnet build (Azure DevOps YAML Pipeline)
This is because R# is an IDE feature and low(er)-level tools like MSBuild or the .NET global tools are simply unaware of R#, its rules, etc.
I think one had to write a Roslyn analyzer to enable this because this is Microsoft's intended way of integrating custom code checks into the build pipeline.
Another option would be to use InspectCode out of the R# Command Line Tools. If you integrate this tool into your build pipeline, it will fail when specific R# rules are violated.
But you should be able to make builds fail using R# Builds when setting the severity of all your relevant rules inside .editorconfig to error.
I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
I am bit confused regarding binding a visual studio project with sonarqube server.
We bind project to sonarqube server to :
1) See the analysis run by SonarLint on SonarQube server
OR
2) To use the Sonarqube quality profiles rule to detect warning/error in visual studio .
Which one is correct ?
It's for (2): binding the MSBuild solution to the server synchronises the ruleset used in Visual Studio with the Quality Profile defined in SonarQube. The goal is to have the same set of issues appearing in the IDE as would appear when an analysis is run on a CI machine and pushed to SonarQube. Note however that the issues will be slightly different due to some current limitations e.g. parameterised rules are not run in the Visual Studio at present as the connected mode doesn't yet synchronise the necessary configuration).
In addition, when a Visual Studio solution is bound to a SonarQube project, issues that are suppressed in SonarQube will not be reported in the IDE, and notifications will be displayed in the IDE when the quality gate changes.
I have installed SonarLint extension (V 2.8) for Visual Studio 2015.
Can the code be analysed locally WITHOUT connecting to a SonarQube server?
Do I need to install something else in order to analyze my code (if i dont have SonarQube)?
I dont see the rulesets added to my project. How do I add rulesets? and from where?
I checked the SonarLint GitHub page but couldn't find the relevant documentation
After you install SonarLint for Visual Studio, analysis results (warnings) will automatically show up in the Error Window. You might need to enable Tools/Options/Text Editor/C#/Advanced/Enable full solution analysis otherwise only open files will be analyzed.
Most of the rules are enabled by default, some of them are not. You can control this through the ruleset file, but when no ruleset file is present, the default rule activation is used. Rule enablement can be changed for each of your projects by right clicking on References/Analyzers/Open Active Rule Set. This part is documented on the SonarLint website here: FAQ. (Note that this is not specific to SonarLint though, it's the normal Visual Studio experience.)
newbie to Sonarqube
I have a Sonarqube instance up and running.
How do I go about creating a project for my VS2013 solution in Sonarqube and do an analysis. (Not using any version control for now)
Thanks
You're using an unofficial Visual Studio extension for SonarQube - which I would not recommend.
Within Visual Studio 2015+ (2013 is not supported), you can use the C# Code Analysis: http://docs.sonarqube.org/display/SONAR/SonarQube+C%23+Code+Analysis
Have a look at the following page to see how to analyze your project in SonarQube (not in Visual Studio): http://docs.sonarqube.org/display/PLUG/C%23+Plugin
you need to have the project first analysed in your sonar server, after that you can associate to that project and then it will allow you to run further local analysis. you need to have the correct permissions. please check documentation for more details