Use SonarLint to work on your technical debt in Visual Studio

SonarQube is a really great solution to monitor and track your technical debt over time. But wouldn’t it be great if the developer could already see in Visual Studio the impact that his commit will have to the sonar dashboard? If you use Visual Studio 2015 and the C# Plugin for SonarQube you can do this with the extension SonarLint.

The extension depends on the latest version of the C# Plugin – so make sure that you have the latest version (5.2) installed.

In Visual Studio install the extension in the “Extensions and Updated” dialog.

Install SonarLint Extension

This adds a new Tile ‘SonarQube’ to your Team Explorer.

SonarLint Menu in Team Explorer

You can use this tile to connect to your SonarQube instance.

Configure SonarLint Connection

Once connected you can bind your current solution to a project from the SonarQube instance.

Bind Solution ti Sonar Project

Now all the Errors and Warnings from your SonarQube project will show up in the error window in Visual Studio.

Sonar Error in Visual Studio

SonarLint uses Roslyn to perform the analysis so that you can use all tooling that you get from the roslyn compiler. You can suppress the message from within the code if you like.

Roslyn and Suppresions

You also can leverage the new features from the static code analysis in Visual Studio like only showing messages for the changed documents.

Filter Errors

So that’s it. A really small extension with a very big impact. I’ve always been a big fan the FxCopy and the static code analysis – But I’ve always missed a central point to manage the rules and to monitor the output over time. SonarQube is perfect for that – but without a Visual Studio integration it was not a complete solution. SonarLint closes that gap and integrates the Visual Studio toolchain perfectly with SonarQube.

30 thoughts on “Use SonarLint to work on your technical debt in Visual Studio

  1. Hello, if I created a VM in Azure with SonarQube on it, and integrated it with my VSTS build definition, do I also need to integrate SonarLint with Visual Studio to make the build definition run successfully? Or can the build definition succeed without SonarLint being integrated with Visual Studio?

  2. Hello, can SonarQube be installed on my VM, and then integrated with VSTS, without having to install SonarLint on my VS project? Or do I have to install SonarLint on my Visual studio project for the build definition on VSTS to run successfully and show my SonarQube results?

    1. SonarLint is only a tool for the client integration of the SonarQube quality profile in VisualStudio. You don’t need this for SonarQube to work. And you don’t need it for the VSTS integration. You can use to test the integration. It’s free for open source projects.

  3. after successful each and everything not able to see any data, issues or even code on locally installed sonarqube using sonarlint in visual studio 2015 update3.
    sonarqube version “sonarqube-6.7.2”
    Ex Url: http://localhost:9000

    any idea?

    1. The binding is only to run the analysis locally in Visual studio. The results do not get uploaded automatically. You have to run the analysis locally – or better in the CI build.

  4. Okay..Thanks a lot for that update.. I do not have a pipeline set up now. is there any other way other than that to show results in sonar cloud?

  5. Thanks a lot…I update my to… still when i run “dotnet sonarscanner begin /k:”AMD”” I get this error ” Failed to request and parse ‘http://localhost:9000/api/server/version’:”

  6. Thanks a lot… it worked for me,,,, I ran start, analysis and End statements.. I am still seein project not configured in sonarcloud… do i need to do anything in sonarcloud to make it visible

    1. No – the project is created automatically. Only the project key must be unique. If it is not showing up there is something wrong with the analysis. I always run it in the pipeline – so I don’t have a working example that runs locally, sorry.

  7. Thanks…I have not configured a pipeline yet… so need more time to do that … I thought i will set up this way first. however I can not see that project in sonar…

  8. Hello Mike, I am new to SonarQube. I connected to SonarQube server from Visual Studio 2017 and bound the solution to project from SonarQube server. This action generated .ruleset files for each project and .sonarlint folder and modified .proj files.
    My question is, do I need to check-in all the .ruleset files and other changes? Is there a way to get the same issues on the development machine without doing all these changes (adding .ruleset files)?
    Thank you in advance.

    1. The analysis on the client is optional. Just run the it on the server – that’s more important. Just add .rulese and .sonarlint/ to your .gitignore file (I think in the VisualStudio template this sould already be the case). SonarLint helps to run the same rules (from the server) on all clients.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s