SonarQube Series

SonarLint — Free Code Quality Extension for Visual Studio

In this article you will learn about the detailed information on the usage of SonarLint extension in Visual Studio that helps developers to deliver quality code.

©sonarlint.org

SonarLint is an extension available in IDEs which helps developers with code quality and security issues as they code. Like a spell checker, SonarLint provides flaws and real-time feedback with clear remediation guidance to deliver clean code as he/she code(s).

The main advantage of SonarLint, I feel is the ease of installing and using. As it doesn't need any configurations while using it in IDEs. As per SonarLint official release, SonarLint can be integrated with IDEs like Visual Studio, VS Code, Eclipse, PyCharm, JetBrains.

Features of SonarLint

1. SonarLint helps developers in identifying Code Smells, Security and Vulnerability bugs in the source code easily when they perform Code Analysis,
2. Code Validations are done on the fly i.e. as and when they code, SonarLint will let the developers if any issue with the code,
3. Allows fine tuning of the language based rulesets which give flexibility to developers to enable/disable rules for the project.

SonarLint — VS Code Extension for Code Quality

Install SonarLint Extension in Visual Studio

SonarLint Extension in Visual Studio provide Live Code Analysis for C# & VB.NET languages under the “Run Code Analysis” option of Analyze Menu.

Follow the below steps to install and use SonarLint extension with Visual Studio.

1. In Visual Studio, click Extensions -> Manage Extensions to open “Manage Extensions” window,
2. Search “SonarLint” and click download(as in screen below),

3. Once Download is completed, Please close Visual Studio to complete the extension installation,

4. Once all instances of Visual Studio are closed, VSIX Installer window opens with SonarLint installation task which is scheduled through Visual Studio. Click Modify to complete the installation,

5. Once Installation is completed Open Visual Studio. You can notice “Manage SonarQube Connections” option under the Analyze menu which confirms SonarLint installation had completed successfully,

Analyze Project with SonarLint

SonarLint in Visual Studio works with C# & VB.NET language. So any project developed with these 2 languages can be used to analyze the code. Let us look into the steps involved to perform Code Analysis with SonarLint.

1. Open any project developed with C# or VB.NET. Once opened, click on the Analyze -> Run Code Analysis -> On Solution,
2. Once code analysis is completed, the results will be populated in the Error List window for all the files available in solution. For the opened files, the Bugs will be displayed in underlined form as shown for compilation errors,

With these 2 steps you can manually trigger the Code Analysis. When you add new code line/block, SonarLint will automatically update the data in Error List window and the file you modifying.

Also if you notice the data in Error List, you can segregate the data which are populated by SonarLint by looking at Code Column which begins with letter “S” which denotes the unique id of the rule from the SonarLint-Rules of the language.

Understanding and Fixing SonarLint Warnings

As we saw in the previous section how to install and run initial Code Analysis, in this section we will look what warnings are about and how to fix/suppress it.

SonarLint has set of predefined unique rules on identifying bugs, security issues, code smells and Vulnerabilities in C#(and other languages) which can be accessed here.

Fix the issues identified

Once the issues are identified we are left with 2 options either fix the code or suppress the issue to get Code Analysis Completed with 0 Bugs.

In the below code snippet, SonarLint had identified the issue “Add a nested comment explaining why this method is empty, throw a ‘NotSupportedException’ or complete the implementation.” for the method OnGet which is left empty with no code implementation.

If we decided to fix the issue, we can either add the implementation code inside the method or add comment suggested by SonarLint.

We can add “// Method intentionally left empty.” comment so SonarLint will not consider this method as empty. The warning message for this method will be removed automatically when you save the change.

Suppress the issue

Let us consider the same code snippet as shown above, if you don’t want to add implementation code block to the method or don’t want to add Comment you are left with only one option : Suppress.

You can suppress this warning by clicking on the “Show potential fixes” option when you mouse-over the OnGet() method name. You can choose Suppress S1186 -> In Source which adds disable warning message before and after method name declaration.

Once all the warnings are fixed or Suppressed the Error List window would become Empty which shows the developer’s commitment to provide Code Quality.

linuxuserind

Console.WriteLine(“Happy Coding”);
<a href=”linuxuserind.medium.com”>Follow me</a>