How to get the most out of SonarLint?

Installation

Install SonarLint like any other extension, from the Visual Studio marketplace, directly in your IDE or from your Web browser. Once installed, SonarLint is enabled by default.

Support of JavaScript / C / C++

SonarLint for Visual Studio provides out-of-the-box support of C# and VB.NET. You can also activate the analysis of JavaScript (SonarLint >= 3.0), C and C++ (SonarLint >=3.4).

Opening your IDE, you’ll get a notification and you can choose to install and activate the support of additional languages.

Additional languages notification

You can also do it at any time in Visual Studio options, in the “SonarLint for Visual Studio” menu item. Additional languages option

Once this option activated, there’s no need to restart: every JavaScript or C/C++ file that you open from now on is automatically analyzed.

Analyze your code

There’s nothing to do! Analysis is automatically triggered on C# / VB.NET when you open a file or simply when you work on the code. For JavaScript, C and C++ files, your changes are analyzed as soon as the file is saved. Issues are highlighted in the editor as well as listed in the Visual Studio “Error List” panel.

One-time analysis

We think the best way to improve the quality of your code is to fix issues as you add / update the code. Nevertheless, you can manually run an analysis of a C# project or a whole solution. For that, full solution analysis needs to be enabled in Visual Studio options. See here for more information. Then, to run the analysis, simply build the solution or launch it from the Visual Studio “Analyze” or “Build” menus.

Connected mode

This operation will make SonarLint use the code analyzers and quality profiles defined for your project on SonarQube and SonarCloud. SonarLint will also hide the issues that are marked as Won’t Fix / False Positive on the server. You can connect SonarLint with SonarQube server >= 5.6.

Note: for the time being, JavaScript and C/C++ analysis don’t benefit from the connected mode.

  • First, configure the connection to the SonarQube server:
    • In the Visual Studio “Analyze” menu, select “Manage SonarQube Connections…“, or in the Team Explorer view, select “SonarQube”. Click on “Connect…” to open a connection window. New connection
    • Enter the server you want to connect to: SonarCloud (https://sonarcloud.io) or a SonarQube instance. And provide your credentials and other connection details.
  • Once the connection is defined, you can now bind the Visual Studio project to the corresponding SonarQube project.
    • In the Team Explorer “SonarQube” view, select the relevant SonarQube project. You can search for a project by typing in the search bar.
    • Double click on the project or select “Bind” in the right click menu to validate. Bind project

That’s it, you can now code and see SonarLint issues based on your remote SonarQube configuration.

When you reopen your project / solution, you’ll be notified if the SonarQube configuration has changed. To manually trigger an update of the local configuration, right click on the server and choose “Update”.

Code Analyzers

SonarLint supports the SonarSource code analyzers (SonarC#, SonarVB…). SonarLint doesn’t support third-party analyzers.

Rule configuration

When your project is connected to SonarQube, you can configure rules on the server. When the project is not connected, SonarLint uses the rules in the default quality profiles.

If you feel that a rule isn’t valuable for you, please report it in the SonarLint Google Group. We’d like everyone to have the best out-of-the-box experience, so we might tune such a rule or disable it by default.

At the same time, you can enable/disable rules through the Visual Studio ruleset editor. To do this, locate the project in the Solution Explorer and, in the contextual menu of “References” > “Analyzers”, select “Open Active Rule Set”. It opens a window where you can enable/disable rules. Saving your modifications creates a .ruleset file in the project.

File and issue exclusion

By default, all the files in an open project that are written in recognized languages are analyzed.

Issue highlighting

SonarLint issues are reported as warnings. You can change the way all warning issues are displayed in Visual Studio options. In “Environment” > “Font and Colors”, show the settings for “Text Editor” and edit the settings for “Warning”.

SonarLint logs

The SonarLint output can be useful to understand some technical issues. You can open it from the standard Visual Studio “Output” panel. By default, the SonarLint output displays only analysis logs. You can enable verbose logs for the additional languages in Visual Studio options, in the “SonarLint for Visual Studio” menu item.

How to contribute?

SonarLint for Visual Studio is open source under the LGPL v3 license. You can fork us on GitHub, and submit Pull Requests. Feel free to fix bugs or to implement new features.