• Stars
    star
    664
  • Rank 67,903 (Top 2 %)
  • Language
    C#
  • License
    GNU Lesser Genera...
  • Created over 12 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html

Code Quality and Security for C# and VB.NET

Build Status

Product Quality Gate Coverage
Analyzer Quality Gate Coverage
Plugin Quality Gate Coverage

Static analysis of C# and VB.NET languages in SonarQube, SonarCloud and SonarLint code quality and security products. These Roslyn analyzers allow you to produce Clean Code that is safe, reliable, and maintainable by helping you find and correct bugs, vulnerabilities, and code smells in your codebase.

Features

Useful public resources

Nuget.org packages

Integration with SonarQube and SonarCloud

Do you have a question or feedback?

Get started

How to contribute

There are many ways you can contribute to the sonar-dotnet project. When contributing, please respect our Code of Conduct.

Join the discussions

One of the easiest ways to contribute is to share your feedback with us (see give feedback) and also answer questions from our community forum. You can also monitor the activity on this repository (opened issues, opened PRs) to get more acquainted with what we do.

Pull Request (PR)

If you want to fix an issue, please read the Get started pages first and make sure that you follow our coding style.

Before submitting the PR, make sure all tests are passing (all checks must be green).

  • We suggest you do not pick issues with the Area: CFG label (they are difficult, can have many side effects and are less likely to be accepted).
  • We suggest you do not implement new rules unless they are already specified for C# and/or VB.NET on our rules repository.

Note: Our CI does not get automatically triggered on the PRs from external contributors. A member of our team will review the code and trigger the CI on demand by adding a comment on the PR (see Azure Pipelines Comment triggers docs):

  • /azp run Sonar.Net - It will run the full pipeline, including plugin tests and promotion

Join us

If you would like to work on this project full-time, we are hiring!

Custom Rules

To request new rules, Contact us on our Community Forum.

If you have an idea for a rule but you are not sure that everyone needs it, you can implement your own Roslyn analyzer.

Configuring Rules

SonarQube / SonarCloud and SonarLint in Connected Mode

Open the rule in SonarQube / SonarCloud, scroll down, and (in case the rule has parameters), you can configure the parameters for each Quality Profile the rule is part of.

Use SonarLint Connected Mode to connect to SonarQube and SonarCloud.

SonarLint

The easiest way is to configure a Quality Profile in SonarCloud.

  • Create a dummy repository and analyze it in SonarCloud (it's free for open-source).
  • Configure the Quality Profile in SonarCloud for the project you created.
  • Then connect SonarLint to that project, and it will download the configuration (ruleset and SonarLint.xml files) locally and update your project based on the Quality Profile.

Standalone NuGet

The rules from standalone NuGet packages can be enabled or disabled in the same way as the other analyzers based on Roslyn, by using the .globalconfig or .editorconfig files. See: https://learn.microsoft.com/en-us/visualstudio/code-quality/use-roslyn-analyzers?view=vs-2022#set-rule-severity-in-an-editorconfig-file

If the rules are parameterized, the parameter values can be changed using SonarLint.xml additional files.

The first step is to create a new file, named SonarLint.xml, that has the following structure:

<?xml version="1.0" encoding="utf-8"?>
<AnalysisInput xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Settings>
    <Setting>
      <Key>sonar.cs.analyzeGeneratedCode</Key>
      <Value>false</Value>
    </Setting>
  </Settings>
  <Rules>
    <Rule>
      <Key>S107</Key>
      <Parameters>
        <Parameter>
          <Key>max</Key>
          <Value>2</Value>
        </Parameter>
      </Parameters>
    </Rule>
  </Rules>
</AnalysisInput>

Then, update the projects to include this additional file:

<ItemGroup>
  <AdditionalFiles Include="SonarLint.xml" />
</ItemGroup>

Internal resources

Build configuration

License

Copyright 2014-2024 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0

More Repositories

1

sonarqube

Continuous Inspection
Java
8,163
star
2

docker-sonarqube

🐳 SonarQube in Docker
Dockerfile
1,287
star
3

eslint-plugin-sonarjs

SonarJS rules for ESLint
TypeScript
1,148
star
4

sonar-java

☕ SonarSource Static Analyzer for Java Code Quality and Security
Java
1,042
star
5

SonarJS

SonarSource Static Analyzer for JavaScript and TypeScript
TypeScript
958
star
6

sonar-scanning-examples

Shows how to use the Scanners
COBOL
809
star
7

SonarTS

Static code analyzer for TypeScript
Shell
763
star
8

sonarcloud-github-action

Integrate SonarCloud code analysis to GitHub Actions
Shell
571
star
9

sonarlint-intellij

SonarLint for IntelliJ
Java
553
star
10

sonarlint-vscode

SonarLint for Visual Studio Code
CSS
498
star
11

sonarlint-visualstudio

SonarLint extension for VisualStudio
C#
426
star
12

sonar-php

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
Java
360
star
13

sonar-scanner-msbuild

SonarScanner for .NET
C#
335
star
14

sonar-scanner-cli

Scanner CLI for SonarQube and SonarCloud
Java
331
star
15

sonarlint-eclipse

SonarLint for Eclipse
Java
256
star
16

helm-chart-sonarqube

Mustache
221
star
17

sonar-custom-rules-examples

Shows how to bootstrap a project to write custom rules for PHP, Python, Cobol, RPG
Java
217
star
18

sonar-python

🐍 SonarQube Python plugin
Java
214
star
19

sonarlint-core

Core library to run SonarLint analysis
Java
210
star
20

sonar-scanner-cli-docker

Docker image for SonarScanner CLI
Shell
182
star
21

sonar-scanner-jenkins

SonarQube Scanner for Jenkins
Java
173
star
22

sonarqube-scan-action

Shell
165
star
23

sonar-scanner-gradle

SonarQube Scanner for Gradle
Java
162
star
24

sonar-scanner-maven

SonarQube Scanner for Maven
Java
135
star
25

sonar-custom-plugin-example

Shows how to write a SonarQube plugin
JavaScript
121
star
26

sonar-go

SonarGo: Go Analyzer for SonarQube
Java
119
star
27

sonar-scanner-commons

Common Java library used by many SonarScanners
Java
107
star
28

sonar-kotlin

SonarSource Static Analyzer for Kotlin Code Quality and Security
Kotlin
93
star
29

sonar-scanner-vsts

SonarQube TFS/VSTS Marketplace Extension
TypeScript
91
star
30

slang

Java
86
star
31

sonarqube-roslyn-sdk

SDK for SonarQube Roslyn Analyzer Plugins
C#
77
star
32

sonarlint-cli

SonarLint for CLI
Java
76
star
33

sonar-github

SonarQube GitHub Plugin (deprecated)
Java
72
star
34

sslr

SonarSource Language Recognizer
Java
71
star
35

sonarlint-language-server

Language Server for SonarLint VSCode
Java
69
star
36

sonarqube-quality-gate-action

Shell
61
star
37

sonar-.net-documentation

Documentation targeting the .Net community explaining how to install and use SonarQube to analyse .Net projects
50
star
38

sonar-html

Static analyzer for HTML used in Sonar ecosystem
Java
47
star
39

mysql-migrator

Command line tool to migrate MySQL database of SonarQube 6.7-7.8 to non-MySQL
Java
38
star
40

sonar-training-examples

Java
38
star
41

sonar-loc-count

PowerShell
37
star
42

local-travis

🐳 Run travis builds on a developer workstation
Shell
37
star
43

sonar-jacoco

SonarQube JaCoCo Plugin
Java
36
star
44

sonar-developer-toolset

Developer Toolset for Sonar-* Projects
Shell
35
star
45

rspec

Rule Specification
TypeScript
34
star
46

argument-injection-vectors

A curated list of argument injection vectors
HTML
32
star
47

sonar-ldap

🏬 LDAP Plugin for SonarQube
Java
31
star
48

sonar-xml

Java
30
star
49

SonarTS-example

TypeScript
27
star
50

sq-com_example_standard-sqscanner-travis

Standard SQ-Scanner-based project analyzed on SonarCloud using Travis
PHP
26
star
51

sonar-update-center-properties

Shell
25
star
52

sonar-auth-bitbucket

Bitbucket Authentication for SonarQube
Java
24
star
53

sonar-css

SonarCSS: CSS Analyzer for SonarQube
Java
23
star
54

sonar-analyzer-commons

Logic useful for a language plugin
Java
22
star
55

ebcdic-to-ascii-converter

Java
21
star
56

sonarlint-atom

SonarLint for Atom.io
JavaScript
21
star
57

sonar-plugin-api

API to develop plugins for SonarQube, SonarCloud and SonarLint
Java
19
star
58

sonar-auth-github

GitHub Authentication for SonarQube
Java
18
star
59

sq-com_example_java-maven-travis

Java Maven-based project analyzed on SonarCloud using Travis
Java
17
star
60

sonar-iac

Static Code Analyser for Infrastructure-as-Code languages such as CloudFormation and Terraform as well as DevOps like Docker and Kubernetes
Java
17
star
61

sonar-classloader

Toolbox for Java classloaders
Java
15
star
62

sonar-scm-git

Java
14
star
63

sonar-scanner-ant

SonarQube Scanner for Ant
Java
14
star
64

eslint-config-sonarqube

ESLint configuration for SonarQube and its plugins.
JavaScript
13
star
65

sq-com_example_c-sqscanner-travis

C SQ-Scanner-based project analyzed on SonarCloud using Travis
C
12
star
66

sonar-flex

ActionScript
12
star
67

sonarqube-webclient-dotnet

C#
11
star
68

sonarcloud-github-action-samples

Sample projects for the configuration of SonarCloud on GitHub Actions
11
star
69

sonar-scm-svn

SonarQube Plugin for SVN
Java
9
star
70

sonarcloud_examples

Listing of example projects analyzed on SonarCloud
9
star
71

sonarcloud-circleci-orb

Support of SonarScanner CLI in CircleCI
9
star
72

orchestrator

Java library for running SonarQube in tests
Java
9
star
73

sonar-update-center

Java
7
star
74

sonar-dev-maven-plugin

DEPRECATED - Maven plugin to deploy a plugin to a local SonarQube installation
Java
7
star
75

sq-com_example_java-gradle-travis

Java Gradle-based project analyzed on SonarCloud using Travis
Java
7
star
76

parent-oss

Parent file of public Maven projects
Shell
7
star
77

sslr-squid-bridge

Java
7
star
78

sonarcloud_example_go-sqscanner-travis

Go project analyzed on SonarCloud using Travis
Go
7
star
79

sonarjs-cli

[ ⛔️DEPRECATED] CLI for SonarJS
Java
7
star
80

travis-utils

Toolset for SonarSource jobs on Travis
Shell
7
star
81

pycon-sonar-workshop

PyCon US Sonar Workshop
Python
6
star
82

git-files-blame

A git command implemented with JGit that blames multiple files simultaneously
Java
6
star
83

sonar-text

sonar-text
Java
6
star
84

sonar-ui-common

Common UI lib for SonarQube and SonarCloud
TypeScript
5
star
85

sonar-auth-saml

SAML 2.0 Authentication for SonarQube
Java
5
star
86

websites

Deprecated - customers page of old wordpress website
HTML
5
star
87

python-test-sources

Python
5
star
88

sonarcloud_example_cpp-cmake-linux-travis

C++
5
star
89

sync-jira-github-action

Change status of JIRA tickets when opening and merging pull requests
JavaScript
5
star
90

sonar-dummy-oss

Java
4
star
91

sonarlint-website

HTML
4
star
92

sonarcloud-github-c-cpp

Integrate SonarCloud code analysis to GitHub Actions when build wrapper or relative paths support is required. Use https://github.com/SonarSource/sonarcloud-github-action otherwise
Shell
4
star
93

php-test-sources

PHP
3
star
94

public-git-sync

Private to public Git repository synchronization
Shell
3
star
95

sonarlint-omnisharp

Java
3
star
96

chocolatey-packages

PowerShell
3
star
97

javascript-test-sources

Used for https://github.com/SonarSource/SonarJS ruling
JavaScript
3
star
98

jsts-test-sources

TypeScript
3
star
99

license-headers

Source file headers of SonarSource projects
Shell
3
star
100

echoes-react

A React implementation of Echoes, Sonar's design system.
TypeScript
3
star