I have installed SonarLint extension (V 2.8) for Visual Studio 2015.
Can the code be analysed locally WITHOUT connecting to a SonarQube server?
Do I need to install something else in order to analyze my code (if i dont have SonarQube)?
I dont see the rulesets added to my project. How do I add rulesets? and from where?
I checked the SonarLint GitHub page but couldn't find the relevant documentation
After you install SonarLint for Visual Studio, analysis results (warnings) will automatically show up in the Error Window. You might need to enable Tools/Options/Text Editor/C#/Advanced/Enable full solution analysis otherwise only open files will be analyzed.
Most of the rules are enabled by default, some of them are not. You can control this through the ruleset file, but when no ruleset file is present, the default rule activation is used. Rule enablement can be changed for each of your projects by right clicking on References/Analyzers/Open Active Rule Set. This part is documented on the SonarLint website here: FAQ. (Note that this is not specific to SonarLint though, it's the normal Visual Studio experience.)
Related
I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
I installed SonarLint plugin for Visual Studio.
Can I perform code analysis with SonarLint without connecting to SonarQube server?
From other blogs, I understand "code analysis" option is shown in menu. But this option is always available in Visual studio, even without this plugin and I think this is Visual studio code analysis. Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Is there any Sonar analysis that can be done just by installing SonarLint plugin.
Yes. It will not be as robust as the scans performed by SonarQube server, but SonarLint has inline scanning that builds upon the native functionality of visual studio (or whatever supported IDE for that matter).
You can prove it to yourself - include SonarLint in your solution, but without connecting to a sonar server instance. Try out any of the rules, like S100 Methods and properties should be named in camel case (click References -> right click Analyzers -> Open Active Ruleset -> select the checkbox for S100). If you then create a method STUFFthingsSTUFF() you will get green line highlighting with a description telling you that it does not abide by camel case standards. Remove the rule and the highlighting goes away.
We have SonarQube 5.4 and SonarLint 2.0 setup in "connected mode" for Visual Studio 2015. Everything seems to work fine, except when we customize the severity of rules on the server then those custom severity settings don't show in the Visual Studio rule set.
Here are the steps we follow:
Customize a rule's severity on the server, say from it default of "Info" to "Critical".
Since we have "connected mode" setup, now synchronize the solution to pull down a new version of the rule set.
Note: To rule out "connected mode" as a problem, we also manually downloaded the rule set from the "Quality Profiles" page in SonarQube using the permalink for "SonarLint for Visual Studio Rule Set".
Open the newly downloaded ruleset file and notice the rule is still set to it's default severity (In this example, the ruleset still shows the default "Info" severity as a "Warning" in the ruleset file. I would expect it to have been updated to "Error").
The only thing that seems to change the downloaded ruleset file is when we activate/deactivate a rule on the server, and then it is added/removed correctly.
Is this a bug in SonarQube? Or are we just missing some workflow?
This leads to a followup question: How do severity settings on the SonarQube server map to Visual Studio ruleset settings? We've noticed that "Info" on SonarQube does not map to "Info" in Visual Studio. I would have expected something like the following mapping:
SonarQube Visual Studio
--------- -------------
Blocker = Error
Critical = Error
Major = Error
Minor = Warning
Info = Info
The problem is that there's no one-on-one severity mapping between SonarQube and Visual Studio, so we chose a safe solution and export everything as warning, and nothing as error, because that would break the compilation.
You can change the ruleset locally, and strengthen the ruleset file, so marking the issues as errors. The re-synchronization with SonarQube will not revert back your changes if they made the quality profile stronger.
Note that the following ticket has been created to address this issue: https://jira.sonarsource.com/browse/SONARCS-591
newbie to Sonarqube
I have a Sonarqube instance up and running.
How do I go about creating a project for my VS2013 solution in Sonarqube and do an analysis. (Not using any version control for now)
Thanks
You're using an unofficial Visual Studio extension for SonarQube - which I would not recommend.
Within Visual Studio 2015+ (2013 is not supported), you can use the C# Code Analysis: http://docs.sonarqube.org/display/SONAR/SonarQube+C%23+Code+Analysis
Have a look at the following page to see how to analyze your project in SonarQube (not in Visual Studio): http://docs.sonarqube.org/display/PLUG/C%23+Plugin
you need to have the project first analysed in your sonar server, after that you can associate to that project and then it will allow you to run further local analysis. you need to have the correct permissions. please check documentation for more details
Our build system runs Style Cop somehow against rules in a file Settings.StyleCop.
My files break many rules. Since most of the transgressions are trivial, I'd like my computer to help fix them. I installed the StyleCop Visual Studio extension from http://stylecop.codeplex.com/ . Then I right-clicked on my project in Visual Studio and ran 'run StyleCop'.
This came up with a whole DIFFERENT set of trangressions to the build system. How can I get the Style Cop Visual Studio extension to run with the rules in the file Settings.StyleCop?
It sounds like you either have a different version of StyleCop installed (so its triggering on new errors), or you have a parent settings file that is different to that on the build server. The easiest way I found to stop this was to stop merging in StyleCop settings from the solution root settings file (this can be configured via the StyleCop settings dialog in the IDE). Note that if you do this, you should also copy all the relevant settings from the parent settings file (usually found in the StyleCop installation folder).
The specific setting you're looking for is
<StringProperty Name="MergeSettingsFiles">NoMerge</StringProperty>