I have a build machine setup with Visual Studio 2015 Update 3 and sonnarqube msbuild scanner 2.2.0.24. On the sonar server side (6.2), I have c# plug-in version 5.5.2.537.
Upon analysing projects, some code smells are not found in the c# files.
I have verified that :
Sonar project is using appropriate quality profile.
Quality profile
contains the rule and said rule is correcly activated.
I have deleted the whole project in sonarqube and re-run the analysis multiple times. For example in a particular .cs file I have the comment density code smell working correcly. However, the rule about handling TODO (s1135) is not working even though I have multiple TODO in the file. Same goes for the rule "Boolean checks should not be inverted" (S1940) that I introduced in the code for testing purpose.
What could cause those issues to not be reported?
I have moved everything to a new build server. Using the same setup and project, all the issues are now correctly reported.
Related
I have a new project on SonarCloud which is analyzing a fairly new C# solution which contains a tiny amount of code at present. I have installed the latest version of SonarLint and successfully connected the project to the SonarCloud project I have set up. The SonarCloud tasks are part of the VSTS build definition and the analysis is running on build with results being reported to SonarCloud.
Some issues - such as "S2933 - Fields that are only assigned in the constructor should be readonly" are reported in SonarCloud and reported in the VS IDE warnings window when code analysis is run locally. This is what I was expecting.
Other issues, such as "S1451 - Add or update the header of this file" are only reported in the IDE.
Some other issues, such as "common-cs:InsufficientCommentDensity" are only reported on SonarCloud, and not in the IDE.
I would like the IDE and SonarCloud to report the same issues as each other; my understanding is that that is the whole point of SonarLint connected mode.
I have created a custom Quality Profile on SonarCloud that inherits from "C# - Sonar way" and activated every rule, which now total 330, although bizarrely when I view anything beyond the first 100 rules on the website I am always presented with the "Activate" button nomatter how many times I click it and refresh the page.
If I look at the ruleset file that SonarQube has added to the project in VS, it contains the 330 rules that are in the server quality profile and has ticks next to all of them. There are a further 10 or so rules in this ruleset file that are deactivated and do not appear at all on SonarCloud.
What do I have to do to make the IDE and VSTS analyses consistent?
Some rules act a bit weird indeed.
S1451 has parameter (the expected file header) and is thus disabled unless you manually configure it. Even in connected mode SonarLint for Visual Studio does not support synchronization of parameters. This feature is in our backlog and most probably we will be working on it soon.
common-cs:* is a server-side rule (e.g. it runs on SonarQube/SonarCloud) and cannot be executed in SonarLint for Visual Studio.
You could configure the S1451 and the other parametrized rules by adding a new XML file with content similar to this file (link), then reference the file in your project like we do (link).
I was unable to reproduce the QualityProfile Active/Inactive status problem, it would be helpful to share what browser/version are you using and perhaps a short screen capture video of the behavior would be a nice way to demonstrate the problem.
Update: Apparently one of our SonarQube devs managed to reproduce the problem with the QP rule activation/deactivation and created a ticket:
https://jira.sonarsource.com/browse/SONAR-10685
We've created a number of C# code snippets. If I import them directly using the Code Snippets Manager they work perfectly as intended.
Since we are going to have people rolling into our project at different moments in time we want to ease the on-boarding process so we want to include these snippets into a VSIX project. For that purpose I followed this process to the letter.
Now there are several issues going on:
1. When I run the VSIX in debug mode I get the experimental instance of visual studio but the scripts' folder is not in the manager and the package does not seem to be installed when I look in the "Extensions and updates".
If I close VS and run the VSIX installer, after re-opening VS I can see the package installed in "Extensions and updates", I can see the custom scripts' folder in the scripts manager and all the scripts are there but, when I open a code file and try to use them they are just not available, the short cuts are not recognized and the scripts are not available in the insert script context menu.
We have tried both approaches in three different environments and the behavior is the same.
We are using Visual Studio 2017 with .Net Framework 4.7.1
I have tripled checked all the settings, made sure there aren't any typos, all the files that need to be added are there in the right place so I do not know what else to check or try.
I am sorry that I do not include any code but there are some things that are deemed confidential but I tried doing it with the Hello World example and I got the same result.
Thank you for any help you can provide.
So as it turned out, there were multiple causes for this behavior.
Environment 1: With the brand new instance of Visual Studio 2017 there was a folder in the Snippets Manager named %LCID%. Within this folder there were two snippets specifically for MVC 4 applications. We do not know why but either these snippets or the folder was preventing our custom ones to be detected, once we removed this folder everything started working as expected.
Environment 2: This environment did not have the %LCID% folder but had ReSharper installed on it and it was configured to use the IntelliJ keyboard schema. As soon as we changed it to use the Visual Studio one then the snippets became available.
Environment 3: In this one the %LCID% folder was not present and the ReSharper keyboard configuration was set to Visual Studio. We disabled ReSharper and the snippets would still not be available. We basically were never able to figure out why the snippets were not available so we ended up going to the file system, cutting them from the custom folder and pasting them under the "My Snippets" default one and they became available.
Hopefully this information will be useful for someone or, even better, somebody might be able to explain why situations one and three would cause the snippets to not be available.
I'm trying to execute and report a SonarQube code analysis (without test coverage for now) against a .NET Core project from a Linux build agent.
I downloaded sonar-scanner from this page, and trying to run the report with the following command (the server url is set up in the configuration).
sonar-scanner -Dsonar.projectKey="MyProject" -Dsonar.projectName="MyProject" -Dsonar.sources=$PWD
The execution seems to be successful, I uploaded the full output to this gist.
However, if I go to the project dashboard on the SonarQube site, I don't see any issues or code smells whatsoever.
I wanted to make sure that my project contains at least one error, so I added a goto statement to one of the source files, and checked if that warning is enabled in our Quality Profile, but I still get no issue.
(The sources files themselves are picked up correctly, I can see the list of files and all the source in SonarQube.)
Am I doing something wrong, or is this not expected to work?
(Just to clarify that this is not a duplicate of the existing question about .NET Core: the same command I showed here works for me on Windows, it only does not work on Linux.)
This has now been fixed so you should see an error if run this way.
See https://github.com/SonarSource/sonar-csharp/issues/535
Background
I am running Visual Studio 2015 Enterprise (RTM) and have enabled the SonarLint extension for code analysis of my multi-project ASP.NET 4.5 MVC solution.
Problem
SonarLint analysis seems to be ignoring the project setting for Code Analysis "Suppress results from generated code (managed only)"
That is, I'm getting a lot of Sonar errors reported back for a couple of *.designer.cs files generated from some .aspx pages. (Most of the project is MVC, for what it's worth.) I don't care about these errors, and don't think I have a decent path for fixing them...
More Details
I have SonarQube integrated with our TFS 2013 environment, and it is correctly ignoring these issues on the TFS server analysis. This problem is just showing up in Visual Studio, using the Roslyn analysis.
Any ideas how I can set up the equivalent of an .ignore file or otherwise fix this?
There is no built-in way of ignoring files in Roslyn at the moment, so you can't do it. Each analyzer needs to decide if the analyzed file needs to be checked or not. Specifically for SonarLint, I've created an issue on GitHub: https://github.com/SonarSource/sonarlint-vs/issues/85. You can track its progress.
I'm new to C# and the project as well. My team members are making a lot of spelling mistakes in strings. My manager want that the build should fail if there are spelling errors. While searching I found out Visual Studio Code Analysis tool and Spell Checker Plugins.
I have configured Code Analysis tool so that it shows analysis error if there are spelling mistakes. Is there any way to a enforce it as a build failure in such situation? And is it a good approach? Is there any better approach? I'm using VS2012.
EDIT
I have configured Code Analysis to run on every build. Now it's showing an error on running project after saving the code but if I run the code again (without saving), it runs successfully. But I want it show show error on every run until Code Analysis errors are resolved.
I don't think enforcing build error using code analysis is a good approach, it is really disturbing for the developer while writing the code and the developer can just turn off or uninstall the plugin in their environment.
What you might need to have is setting up a build server that runs the code analysis as part of it. It could be cruise control .net or team city or sonarqube.
You can run other things on that server, like unit test, auto deployment, complexity report, commenting, etc.