-
Notifications
You must be signed in to change notification settings - Fork 77
Home
SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, SonarLint squiggles flaws so they can be fixed before committing code. You can get it directly from the VS Marketplace and it will then detect new bugs and quality issues as you code (for C#, VB.NET, JavaScript, TypeScript, C and C++).
SonarLint is also available for VS Code, Eclipse and IntelliJ (the languages supported vary from IDE to IDE).
Simply open a project containing C#, VB, C++, JS or TS files.
For C# and VB.Net, new issues will be reported as you type. You do not have to select 'Run Code Analysis' from the 'Analyze' menu - the rules are run automatically. Note: by default, VS is configured to only run Roslyn analyzers on files that are currently open. You can choose to have the analysis run on the entire solution as described in the Microsoft docs, although this is obviously more processor-intensive.
For C, C++, JavaScript and TypeScript, new issues will be reported when you open or save a file. Issues are highlighted in your code, and also listed in the 'Error List'.
You can access the detailed rule description directly from the issue in the Error List, using the Show Error help option on the contextual menu.
Check the rules to see what SonarLint can do for you:
You will benefit from the following code analyzers: SonarC#, SonarVB, SonarCFamily for C/C++ and SonarJS.
The only thing you need to install is the VSIX (in versions prior to v4.34, additional steps were required for some languages).
By default SonarLint runs in standalone mode i.e. completely independent of SonarQube/SonarCloud.
The SonarC# and SonarVB rules are implemented as Roslyn VSIX analyzers, and you can configure which rules are executed using the normal ruleset mechanism in VS.
See Choosing which C, C++, JavaScript, TypeScript or Secrets detection rules to run in Standalone mode
In Connected Mode, the solution is linked to a project in SonarQube/SonarCloud. See Connected Mode for more information. Connected Mode is supported for all currently supported languages.
The rule severities defined by Visual Studio are different from the rule severities defined by SonarQube/SonarCloud. The mapping from Sonar to VS severities is as follows:
| SonarQube/SonarCloud | Visual Studio |
|---|---|
| Info | Info |
| Minor | Info |
| Major | Warning |
| Critical | Warning |
| Blocker | Warning |
By default Sonar Critical and Blocker issues are not mapped to Visual Studio Error as this would cause IDE builds to fail.
You can change that by enabling Treat warnings as errors in your project properties in Visual Studio.
If you are using Connected Mode, the rule severities defined in the Quality Profile will be used.
If you would like to see a new feature, please create a new thread in the forum "Suggest new features".
Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.
With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.
Make sure that you follow our code style and all tests are passing.
For SonarLint support questions ("How do I?", "I got this error, why?", ...), please first read the FAQ and then head to the SonarSource forum. There are chances that a question similar to yours has already been answered.
Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)
Copyright 2017-2023 SonarSource.
Licensed under the GNU Lesser General Public License, Version 3.0