I am bit confused regarding binding a visual studio project with sonarqube server.
We bind project to sonarqube server to :
1) See the analysis run by SonarLint on SonarQube server
OR
2) To use the Sonarqube quality profiles rule to detect warning/error in visual studio .
Which one is correct ?
It's for (2): binding the MSBuild solution to the server synchronises the ruleset used in Visual Studio with the Quality Profile defined in SonarQube. The goal is to have the same set of issues appearing in the IDE as would appear when an analysis is run on a CI machine and pushed to SonarQube. Note however that the issues will be slightly different due to some current limitations e.g. parameterised rules are not run in the Visual Studio at present as the connected mode doesn't yet synchronise the necessary configuration).
In addition, when a Visual Studio solution is bound to a SonarQube project, issues that are suppressed in SonarQube will not be reported in the IDE, and notifications will be displayed in the IDE when the quality gate changes.
Related
I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
I installed SonarLint plugin for Visual Studio.
Can I perform code analysis with SonarLint without connecting to SonarQube server?
From other blogs, I understand "code analysis" option is shown in menu. But this option is always available in Visual studio, even without this plugin and I think this is Visual studio code analysis. Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Yes. It will not be as robust as the scans performed by SonarQube server, but SonarLint has inline scanning that builds upon the native functionality of visual studio (or whatever supported IDE for that matter).
You can prove it to yourself - include SonarLint in your solution, but without connecting to a sonar server instance. Try out any of the rules, like S100 Methods and properties should be named in camel case (click References -> right click Analyzers -> Open Active Ruleset -> select the checkbox for S100). If you then create a method STUFFthingsSTUFF() you will get green line highlighting with a description telling you that it does not abide by camel case standards. Remove the rule and the highlighting goes away.
I have installed sonarqube locally version : sonarqube-6.7.2
I am able to login in sonarbube locally using http://localhost:9000
created project and bind to one of my visual studio project.
But when I update in visual studio using sonarlint but not able to find anything on locally published site.
No report no issue even no code.
Using windows 10.
SonarLint does not publish issues to SonarQube, you need to integrate SonarScanner for MSBuild into your CI build process to do that. You could do it as plain command line, as described in the documentation link above, or using the plugin for Jenkins or the VSTS/TFS extension.
I have installed SonarLint extension (V 2.8) for Visual Studio 2015.
Can the code be analysed locally WITHOUT connecting to a SonarQube server?
Do I need to install something else in order to analyze my code (if i dont have SonarQube)?
I dont see the rulesets added to my project. How do I add rulesets? and from where?
I checked the SonarLint GitHub page but couldn't find the relevant documentation
After you install SonarLint for Visual Studio, analysis results (warnings) will automatically show up in the Error Window. You might need to enable Tools/Options/Text Editor/C#/Advanced/Enable full solution analysis otherwise only open files will be analyzed.
Most of the rules are enabled by default, some of them are not. You can control this through the ruleset file, but when no ruleset file is present, the default rule activation is used. Rule enablement can be changed for each of your projects by right clicking on References/Analyzers/Open Active Rule Set. This part is documented on the SonarLint website here: FAQ. (Note that this is not specific to SonarLint though, it's the normal Visual Studio experience.)
newbie to Sonarqube
I have a Sonarqube instance up and running.
How do I go about creating a project for my VS2013 solution in Sonarqube and do an analysis. (Not using any version control for now)
Thanks
You're using an unofficial Visual Studio extension for SonarQube - which I would not recommend.
Within Visual Studio 2015+ (2013 is not supported), you can use the C# Code Analysis: http://docs.sonarqube.org/display/SONAR/SonarQube+C%23+Code+Analysis
Have a look at the following page to see how to analyze your project in SonarQube (not in Visual Studio): http://docs.sonarqube.org/display/PLUG/C%23+Plugin
you need to have the project first analysed in your sonar server, after that you can associate to that project and then it will allow you to run further local analysis. you need to have the correct permissions. please check documentation for more details