If you follow along with the last few posts on SonarQube, you will now have a working installation that continuously monitors the quality of your code. Today we link Visual Studio to SonarQube using SonarLint.
This post is part of the SonarQube series. You can find the other parts here:
- Part 1: SonarQube: Installation Walkthrough for Windows and SQL Server Express
- Part 2: Collecting Data on your Projects with SonarQube Scanner
- Part 3: Start Analysing Code with SonarQube
- Part 4: Fine-tune the Collection of your SonarQube Projects
- Part 5: How LOC is computed in SonarQube, NDepend and Visual Studio
- Part 6: Customise the Rules in SonarQube
- Part 7: Get SonarQube Ready for Production
- Part 8: Integrate SonarQube with Visual Studio Team Services
- Part 9: Integrate SonarQube with Visual Studio using SonarLint
- Part 10: Leverage SonarQube to Fix Technical Debt in Multiple Projects
Why SonarLint?
SonarLint integrates the checks of SonarQube right into Visual Studio (and Eclipse, Atom and VS Code). If you want to know if there are any quality problems with your code, you no longer need to leave your IDE. SonarLint shows you a comprehensive list right in Visual Studio. You get a much faster feedback loop (you don’t need to wait on the next build in VSTS) and can easily navigate to the code in question. This integration can help you to improve code quality in a smoot workflow without annoying context switches.
Installation
SonarLint is an extension for Visual Studio and can be installed like all other extensions using the dialog under Tools / “Extensions and Updates”. Search for SonarLint and install this extension:
After the restart of Visual Studio, you should have a new entry in the “Analyze” menu called “Manage SonarQube Connections…”:
Connect to SonarQube
Open the project you want to connect with SonarQube and click on “Analyze” / “Manage SonarQube Connections…”. A new entry called “SonarQube” will be shown in the Team Explorer window:
(If you don’t have an open project the connect link in the left bottom corner will be grey and inactive. Is this the case, open a project and it will turn into a link.)
Click on connect to open the dialog where you can enter your server and your user token:
SonarLint will now connect to your SonarQube server and show you a list of your projects:
Now you can tell SonarLint to which SonarQube project your current solution belongs. With that link created, SonarLint can now fetch the project specific rules from SonarQube. This is the reason we do all that linking and connecting. From now on your changes in the rule set in SonarQube will be synchronised to Visual Studio.
This synchronisation ensures that your Visual Studio only checks what needs to be checked and nothing else.
Analyse your code
With everything in place it’s now time to analyse your code. You can start it by a right click on your solution, select the “Analysis” menu and click on “Run Code Analysis”:
The result will be displayed below your code and should have the same entries as you get on the SonarQube web application. To reach a problematic class you no longer need to search for the right file – you simply click on the warning and Visual Studio opens it for you.
Improving code quality
You can write code as you did before. But now you get a new helper that can warn you while you work. For example: If you write to the console in a web application, you get a warning right there so that you can change the problematic line to a call to your logging framework:
This doesn’t look like a big improvement, but give it a try. The integration is neat and simple and helps you when you want to listen. You have your feedback cycle right at your fingertips and that alone may help you to write better code. And should you want to ignore it you simply close the window – your build server can remind you later on that you should improve that piece of code you just wrote.
Why did we all the work with SonarQube Scanner and VSTS?
SonarLint is in my opinion an addition to the setup we created over the last few blog posts. Giving the developer a way to get quick feedback is important, but when you want to improve code you should have another instance in place that can act as a safety net. Independent of a manual interaction is SonarQube collection data using the build integration. If the developers turn off SonarLint, then there is still the build integration that will catch those problems.
You can work with SonarLint and not use SonarQube as you can use SonarQube without SonarLint. However, combining those two tools gives you a much better chance to find quality problems while they are created. That alone is for me reason enough to use both tools.
Next
We now have integrated SonarQube into our daily tools and get instant feedback should we create code that isn’t up to our level of quality. In the next post I address the already created technical debt and explain how we can leverage SonarQube in a multi-project scenario.
how to do the same in VS CODE?