SonarLint for Visual Studio is based on and benefits from the .NET Compiler Platform ("Roslyn") and its code analysis API to provide a fully-integrated user experience in Visual Studio 2015.

SonarLint is free, open source, and available in the Visual Studio Gallery.

SonarLint in Visual Studio

Connected Mode

With version 2.0 you can now establish a connection to a SonarQube server and bind your Visual Studio solution to a SonarQube project. This operation automatically updates the rulesets of the solution and attaches the solution to the required Roslyn analyzers.

Connected Mode

News

  • July 27, 2016 - Version 2.5 was released. We have improved our data flow analysis engine to evaluate expressions. Now four rules are based on this symbolic execution engine, all of them benefit from this improvement. We also added a new rule (Rule S3655) to report on Nullable<T>.Value accesses when the nullable is known to be empty. Check out the release notes for the full list of changes, and let us know what you think.
  • June 28, 2016 - Version 2.4 was released. We have implemented the first version of our data flow analysis engine, and two new rules have been implemented on top of it. Check out the release notes for the full list of changes, and let us know what you think.
  • June 9, 2016 - Version 2.3 was released today. In this version we have added three new rules and improved the dead store rule (Rule S1854) to not have false negatives. Check out the release notes for the full list of changes, and let us know what you think.
  • May 18, 2016 - Version 2.2.1 was released today. This version is a minor bug fix/improvement release. Small inconveniences have been fixed in the connected mode. Furthermore, several rules have been improved to handle more cases and not report false positives. The release notes contain detailed information on all the changes.
  • May 4, 2016 - Version 2.2 was released today. We improved functionality for the connected mode with notification when the local quality profile is out-of-date. Also 8 new C# rules have been added to the product and many have been improved. Check out the release notes for the full list of changes, and let us know what you think.
  • April 13, 2016 - Version 2.1 was released with improved functionality for the connected mode, and also 6 new C# rules have been added to the product. Check out the release notes for the full list of changes, and let us know what you think.
  • March 17, 2016 - Version 2.0 was released with the ability to establish a connection to a SonarQube server and bind your Visual Studio solution to a SonarQube project. This operation automatically updates the rulesets of the solution and attaches the required Roslyn analyzers to the solution.
  • February 29, 2016 - Version 1.9.0 was released with ten new C# rules and several code fixes. We've fixed some rules to handle more cases and reduced the number of reported false positives. Let us know if you like this new version. And don't forget to check out the full release notes here.
  • February 15, 2016 - Version 1.8.0 was released with seven new C# rules, which makes it 142 C# rules altogether. One of the most valuable rules is Rule S1698, which looks for possibly mistaken == usages instead of Equals calls. Don't forget to check out the full release notes in JIRA if you are interested in all changes.
  • February 10, 2016 - A new post was released on the SonarQube blog, where we highlighted a couple of issues found recently in Roslyn project. Go check out the post, it shows the value of SonarLint. If you are convinced, download the product from the Visual Studio Gallery.
  • January 25, 2016 - Version 1.7.0 was released with 5 new C# rules and several code fixes. We've fixed all known bugs and rules that reported false positives, so the overall developer experience improved a lot. Let us know if you like this new version. And don't forget to check out the full release notes, which was moved to JIRA.
  • December 9, 2015 - SonarLint for Visual Studio Version 1.6.0 was released with 11 new C# rules and many nice enhancements. We've put effort into finding method overloads that might not behave as expected. Specifically Rule S3427 checks for overloads where default parameter values are hidden by other overloads, and Rule S3220 reports on method calls that resolve to methods with params, but could also match another overload of the same method. Check out the release notes for the full list of new rules, and let us know what you think.
  • November 16, 2015 - SonarLint for Visual Studio Version 1.5.0 was released with 12 C# and 10 Visual Basic .NET rules. Feel free to come back to us with suggestions and feedbacks.
  • October 28, 2015 - SonarLint for Visual Studio Version 1.4.0 has been released with 20 Visual Basic .NET rules. 7 of these are also implemented for C#, and 5 have code fixes. Let us know what you think about the new release.
  • October 6, 2015 - Version 1.3.0 of SonarLint for Visual Studio was released today. With 11 new rules and 10 new code fixes, there are now more than 100 rules for C# available out of the box and 28 of them have code fixes. As usual your feedback is highly welcome on this new version. We'll be back in few weeks with version 1.4.0 containing some rules for VB.NET.
  • August 24, 2015 - Today we released Version 1.2.0 of SonarLint for Visual Studio. This is our first release with codefixes; we have added almost 20 of them. If you want to contribute, code fixes are the easiest ways to get started. Two new rules were also added to SonarLint for Visual Studio during the sprint.
  • August 7, 2015 - Version 1.1.0 with 13 new rules was released today. In addition to the new rules, we focused mainly on user experience. Unused or unneeded code is faded out in the IDE, so low severity warnings don't pollute the Error Window any more. We also fixed a few false positives. Don't forget to check out the release notes.
  • July 20, 2015 - SonarSource is pleased to announce the release of Version 1.0.0 of SonarLint for Visual Studio. This is the first major version of the product, released on the same day as Visual Studio 2015. This initial version of the product contains 76 rules.

Real Bugs in Real Projects

Using the same value on either side of a binary operator is almost always a mistake. In the case of logical operators, it is either a copy-paste error and therefore a bug, or it is simply wasted code, and should be simplified. Rule S1764 Found in Roslyn, Nuget
Identical sub-expression in binary operation
Performing a null-check before referencing an object is a good practice, but when either the equality operator in the null test or the logical operator that follows it is reversed, it leads to a guaranteed null pointer dereference. Rule S1697 Found in DasBlog
Null dereferencing
A static field of a generic class is not shared among instances of different close-constructed types. So using such a field might result in unexpected behavior. Rule S2743 Found in Akka.NET
Static field of a generic class

Contribute

SonarLint for Visual Studio is open source under the LGPL v3 license. You can fork us on GitHub, and submit Pull Requests. Feel free to fix bugs or to implement new features.

Feedback

The preferred way to discuss about SonarLint is by posting on the SonarLint Google Group. We are also constantly monitoring questions posted to StackOverflow. For faster answers mark your StackOverflow questions with [SonarLint] and [C#] tags.