C# Code analyses rules from VS vs. Sonar Plugin

[daniel...@haufe-lexware.com]

Hi All,

I had a quick look at the differences between the rules for Code analyses coming with Visual Studio (FxCop) and the ones from Sonar Plugin. For me it seems that they are checking different things. 
But the FxCop Feature was deprecated and removed, so what I not understand is what the recommended way to use is:

Use only the rules from sonar plugin (because they are cover all recommended checks for C#)
or
Use sonar plugin rules and FxCop (e.g. ruleset "Microsoft managed Recommended Rules") in combination (for having all rules checked)

My question is not about how to use FxCop with Sonar Qube, what I want to understand is what the recommended rule set for C# is. That is why I use google Group and not stackoverflow.

Thanks,
Daniel

[Tamas Vajk]

Hello Daniel,

We deprecated the FxCop support because we had a lot of trouble with FxCop lately and we were not able to produce precise results with it. 

• FxCop was not updated for a while by Microsoft, and as a result, the latest language features (such as C# 6 features, but even earlier like async/await) are not properly supported. FxCop produces an XML analysis report, which we were parsing in C# plugin. However this report was missing some issue locations due to the new language features.
  
• Inside Visual Studio, FxCop is not as well integrated as Roslyn based analyzers. This meant that with SonarLint for Visual Studio Connected Mode, you couldn't get the FxCop issues, and as a result you would see different analysis results inside the IDE and in SonarQube.

These points led to the decision that we deprecated the FxCop support. At the same time, we understand that many of our users still rely on FxCop, therefore, we extracted the functionality into a dedicated community plugin.

For a long time, Microsoft is planning to move FxCop onto Roslyn. When this work is done, you'll be able to use the SonarQube Roslyn SDK to generate a SonarQube plugin from FxCop. At the same time, as we realize that we can't wait for MS to do this work, we started analyzing what is our coverage over FxCop rules, and we'll work on lowering the size of the gap between the two products.

So to answer your question, we are working on the solution. However, right now you have to choose between the following options:

• use the community FxCop plugin,
• use only the C# plugin. (Internally at SonarSource we opted for this option)

I hope this answers your question,

Tamas

Tamas VAJK | SonarSource
Language Team

http://sonarsource.com

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/4b7e4422-743c-4a97-98a0-b32f9ba9e918%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.