Sonarqube Integration with Visual Studio 2022 and VS Code



Overview

This article explains about Sonarqube and its plugins of visual studio. By using plugin, we can detect sonarqube issues on local machine upfront. So that our clean code would be pushed on version control system. Also we can enable Sonar scans on every build which is a part of CI pipeline

Sonarqube

SonarQube is an open-source platform designed to improve code quality and maintainability in software development projects. It is a static code analysis tool that performs automated code reviews, identifies issues, and provides insights into the health of your codebase. SonarQube is a valuable tool for developers, quality assurance teams, and project managers, helping them ensure the long-term quality and reliability of their software.

Key Features:

  1. Code Quality Metrics: SonarQube provides a range of metrics, including code complexity, code duplication, and code smells, to assess the overall quality of your code.
  2. Issue Detection: It identifies and reports on code issues, such as bugs, vulnerabilities, and maintainability problems.
  3. Support for Multiple Languages: SonarQube supports a wide variety of programming languages, making it versatile for different projects.
  4. Integration: It can be seamlessly integrated into popular CI/CD pipelines and development tools, enabling automated code analysis during the build process. Also we can enable Quality Gates on CI pipelines
  5. Custom Rules and Profiles: Developers can define custom coding rules and quality profiles to tailor SonarQube to their specific coding standards and requirements.

Develpment with Sonar

  • SonarLint provides immediate feedback in your IDE as you write code so you can find and fix issues before a commit.
  • SonarQube’s PR analysis fits into your CI/CD workflows with SonarQube’s PR analysis and use of quality gates.
  • Quality gates keep code with issues from being released to production, a key tool in helping you incorporate the Clean as You Code methodology.

Prerequisites

Jdk 17 is required to run SonarLint plugin on system

Integration in Visual Studio 2022

  1. In Visual Studio, click Extensions -> Manage Extensions to open “Manage Extensions” window
  2. Search “SonarLint” and click download (as in screen below)
  3. Once Download is completed, please close all windows of Visual Studio to complete the extension installation
  4. Once all instances of Visual Studio are closed, VSIX Installer window opens with SonarLint installation task which is scheduled through Visual Studio. Click Modify to complete the installation.
  5.  Once Installation is completed Open Visual Studio. You can notice "Sonarlint” item option under the Extensions menu which confirms SonarLint installation had completed successfully,
  6.  To see errors of sonarlint for particular solution, Open Solution in Visual Studio and click on Analyze → Run Code Analysis → On Solution (Refer below screenshot)
  7.  After Successful Code Analysis in  Error tab you will see Sonarqube errors. Add filter on Tools Coulumn for Sonar Analyzer (Refer below screenshot)
    project errors

Integration in Visual Studio Code

  1. Install Sonarlint Extension in VS Code by clicking on Extension tab
  2. Go to setting Enable verbose and analyzer log
  3. Now you will see problems after opening the files in VS Code for that particular file. (Refer below screenshot for step 2 and 3)

Challenges

  • While SonarQube is a valuable tool, it's important to be aware of its limitations, which include occasional false positives.
  • For large codebases, the analysis process can be resource-intensive, requiring substantial processing power and memory. This can lead to longer analysis times and higher resource costs.
  • Sometime it is observed that Code Coverage is not visible in sonarqube for Dot Net 6 Project. Click here for the fix of same.

References

https://docs.sonarsource.com/sonarqube/latest/
https://community.sonarsource.com/t/code-coverage-not-shown-for-net-6-projects/56538/8

Comments

Post a Comment

Popular posts from this blog

Run And Debug Test Cases Using Jest With Different CLI Options

Welcome file Overview In this article, We will be looking at different ways to run Jest test cases also we will be looking at debugging test case in Jest Jest CLI provides a different options to run unit test cases. We can run Jest test cases as we want. I have described below some of the ways of to run test cases. Run all tests Run tests that are contain in a file Run all tests that are related to changed file Run tests related to path Run tests that match spec name Run only single test Skip test cases Run tests in watch mode Prerequisite You need to have Node installed in order to use npm (node package manager). After installing node we require Jest Package which will be downloaded from NPM package store Jest CLI Options Run all tests By Default Jest runs all tests jest Run tests that are contain in a file Run tests that were specified in file jest testfilename.js jest path/to/testfilename.js Run all tests that are related to changed f...
Read more

Install Kibana as Windows Service Using Powershell

This guide installs Kibana as Windows service using Powershell. Kibana: Kibana is an open source data visualization plugin for Elasticsearch . It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data Requirement: Elasticsearch Steps executed in following powershell script: Download NSSM – the Non-Sucking Service Manager $webclient = New-Object System.Net.WebClient $url = "https://nssm.cc/release/nssm-2.24.zip" $file = "$pwd\nssm.zip" $webclient.DownloadFile($url,$file) Unzip NSSM zip file at some location $shell = new-object -com shell.application $zip = $shell.NameSpace("$pwd\nssm.zip") foreach($item in $zip.items()) { $shell.Namespace("C:\").copyhere($item) } Add nssm.exe application path in Environment Variables $env:path +=';C:\nssm-2.24\win64' Download Kibana $webclient = ...
Read more