Skip to content
duncanp-sonar edited this page May 5, 2022 · 25 revisions

SonarLint for Visual Studio

SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, SonarLint squiggles flaws so they can be fixed before committing code. You can get it directly from the VS Marketplace and it will then detect new bugs and quality issues as you code (for C#, VB.NET, JavaScript, TypeScript, C and C++).

SonarLint is also available for VS Code, Eclipse and IntelliJ (the languages supported vary from IDE to IDE).

How it works

Simply open a project containing C#, VB, C++, JS or TS files.

For C# and VB.Net, new issues will be reported as you type. You do not have to select 'Run Code Analysis' from the 'Analyze' menu - the rules are run automatically. Note: by default, VS is configured to only run Roslyn analyzers on files that are currently open. You can choose to have the analysis run on the entire solution as described in the Microsoft docs, although this is obviously more processor-intensive.

For C, C++, JavaScript and TypeScript, new issues will be reported when you open or save a file. Issues are highlighted in your code, and also listed in the 'Error List'.

You can access the detailed rule description directly from the issue in the Error List, using the Show Error help option on the contextual menu.

Rules

Check the rules to see what SonarLint can do for you:

You will benefit from the following code analyzers: SonarC#, SonarVB, SonarCFamily for C/C++ and SonarJS.

Requirements

The only thing you need to install is the VSIX (in versions prior to v4.34, additional steps were required for some languages).

Standalone mode

By default SonarLint runs in standalone mode i.e. completely independently of SonarQube/SonarCloud.

Choosing which C#/VB.NET rules to run in Standalone mode

The SonarC# and SonarVB rules are implemented as Roslyn VSIX analyzers, and you can configure which rules are executed using the normal ruleset mechanism in VS.

Choosing which C/C++/JavaScript/TypeScript/Secrets detection rules to run in Standalone mode

See Choosing which C, C++, JavaScript, TypeScript or Secrets detection rules to run in Standalone mode

Connected mode

In connected mode, the solution is linked to a project in SonarQube/SonarCloud. See Connected Mode for more information.

Note: Connected mode is currently only supported for C#, VB.NET, and C++ projects. Support for JavaScript and TypeScript will be added in the future - see #770.

Rule severities

The rule severities defined by Visual Studio are different from the rule severities defined by SonarQube/SonarCloud. The mapping from Sonar to VS severities is as follows:

SonarQube/SonarCloud Visual Studio
Info Info
Minor Info
Major Warning
Critical Warning
Blocker Warning

By default Sonar Critical and Blocker issues are not mapped to Visual Studio Error as this would cause IDE builds to fail. You can change that by enabling Treat warnings as errors in your project properties in Visual Studio. If you are using Connected Mode the rule severities defined the Quality Profile will be used.

Contributions

If you would like to see a new feature, please create a new thread in the forum "Suggest new features".

Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.

With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.

Make sure that you follow our code style and all tests are passing.

Have Question or Feedback?

For SonarLint support questions ("How do I?", "I got this error, why?", ...), please first read the FAQ and then head to the SonarSource forum. There are chances that a question similar to yours has already been answered.

Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)

License

Copyright 2017-2021 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0