Code Quality of .NET using SonarQube in Visual Studio
Most of us understand the importance of code quality. Good coding practices are language agnostics and help any organization to deliver clean, highly reliable, secure, and maintainable code. Today in this article, we shall see how to manage the Code Quality of .NET with SonarQube.
“Any fool can write code that a computer can understand. Good programmers write code that humans can understand” -Martin Fowler
Software maintenance is like a big fat elephant and often eats away a big chunk of project budget allocation. Re-engineering and refactoring of buggy code cost organization time, cost, and quality. These small-looking coding issues become bigger problems in the future and potentially affect the complete architecture and design of your application.
“Code is maintained more often than it is written”
Today in this article, we will cover below aspects,
Today in this article we shall see how to use the Sonar Lint IDE extension in Visual Studio 2017(or VS2019)
SonarLint is an IDE extension that helps to detect and fix code quality issues as you type the code in IDE.
SonarLint Visual Studio extension combines together all best of the linting process and supports multiple analyzers and multiple languages.
- C# (.NET , .NET Core, .NET Standards) – Roslyn analyzer
- VB.NET- Roslyn analyzer
- JavaScript- SonarJS analyzer
- C/C++ – SonarCFamily
Support for Typescript or Python language is supported through another SonarLint plugin that works on Visual Studio Code IDE. Please see more details on the below link,
Getting started – Code Quality of .NET with SonarQube
Prerequisites:
* Visual Studio 2015 or 2017 or 2019
* Install SonarLint extension
From Menu->Extension->Manage Extension, please search with the keyword “Sonar” as below. Here I am installing this extension for VS2019.
Note-The first-time installation requires you to restart the Visual Studio to complete the installation.
After successful installation of the extension, IDE will start analyzing code and shall start reporting the issue as shown below,
As you type your code you shall be able to see the best recommendation from SonarLint based on configured rules.
Sonar – Connected Mode configuration
SonarQube scan can be configured as part build and deploy process within the CICD pipeline. SonarQube provides the overall health of the portfolio within the organization with nice dashboards detailing the overall health of the code.
Sonar Server
SonarLint if used with the SonarQube server streamlines the code analysis process by using a uniform rule set across the organization and avoids any ambiguity of issues reported on server vs developers Desktop/IDE. So far above we used the default ruleset which comes with plugin installation now we shall see how to use the connected mode of the sonar server.
Connected mode configuration is a simple 1-2 step process. Below we shall try connecting the application with a quality profile of the server.
- Click on Team Explorer in Visual Studio and connect to SonarQube as shown below,
- Provide Server URL and Password or Token to connect with sonar server from IDE,
After successful authentication, please select your organization.
Your application will be connected.
Establish the Sonar Server connection for the first time. Please click on “Bind” as shown below,
After successful binding, Quality profiles from Sonar Server will be downloaded locally in your projects which includes ruleset file and creation of .sonarlint folder as shown below,
- Sonar rule set file will be created within project folder (.csproj)
- Folder ‘.sonarlint‘ will be created with ruleset file and configuration file as below,
That’s all! Once the project gets connected with the server, Your project will work in connected mode using the same Quality profiles as of Sonar Server.
You will be able to see the same coding issues in IDE and in Pipeline and analyze your code against centralized configured rules.
Happy coding !!
Do you have any comments or ideas or any better suggestions to share?
Please sound off your comments below.
Happy Coding !!
Other References :
Summary :
Today we learned about SonarLint extension set up and configuration for Visual Studio IDE. Good coding practices are language agnostics and help the organization to deliver clean, reliable, secure, and maintainable code. Buggy code slipping through cracks has the potential to cost a company an entire business.
Organizations can address these problems by following best practices of software development like continuous code quality and continuous code review processes.
Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.