SonarLint in Visual Studio - connect mode

[Michiel Overeem]

I've connected my solution (Visual Studio 2015) to a SonarQube project. The ruleset is downlaoded, and all projects are linked to the ruleset. Also, all projects have the SonarAnalyzer.CSharp dependency added.

But...

1) The ruleset only contains S* rules:

<?xml version="1.0" encoding="utf-8"?>

<RuleSet Name="Rules for SonarQube" Description="This rule set was automatically generated from SonarQube." ToolsVersion="14.0">

  <Rules AnalyzerId="SonarAnalyzer.CSharp" RuleNamespace="SonarAnalyzer.CSharp">

    <Rule Id="S100" Action="None" />

    <Rule Id="S1006" Action="None" />

    <Rule Id="S101" Action="None" />

    <Rule Id="S103" Action="None" />

    <Rule Id="S104" Action="None" />

    <Rule Id="S105" Action="None" />

  .....

But my Quality Profile also contains CA rules (not all!). Shouldn't those rules also be present in this file?

2) Running the analysis, I encounter these warnings:

4>  Running Code Analysis...

4>MSBUILD : warning : CA0064 : No analysis was performed because the specified rule set could not be loaded or did not contain any managed code analysis rules.

4>  Code Analysis Complete -- 0 error(s), 1 warning(s)

What can I do to fix this?

[Freddy Mallet]

Hi @Michiel,

You're right, those CA* rules are the FXCop rules and FXCop doesn't rely on the Roslyn framework so we are not raising any issues on those CA* rules inside SonarLint for Visual Studio. 

That's indeed a real limitation but FYI the Roslyn team is currently working to rewrite most of those rules and make them available as some Roslyn analyzers (see https://github.com/dotnet/roslyn-analyzers/blob/master/docs/FxCopPort/RulesInventory.csv)

So sooner or later, the FXCop tool should be officially deprecated and by relying on those upcoming roslyn-analyzers, we'll fix this limitation. 

++

Freddy

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/3755b7af-94e8-4135-a2fa-fe3b66a92be7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Freddy MALLET | SonarSource

Product Director & Co-Founder
http://sonarsource.com

[Michiel Overeem]

Hi Freddy,

But you could export the CA rules to work with FxCop right? Until everything is supported by Roslyn. We fixed this by manual creating a ruleset with the CA rules, but that is of course not what you would expect from the 'connected' mode.

Michiel

[Michiel Overeem]

Another question: it seems that the <include> way of exporting the rulesets does not play nice with Roslyn Analyzers.

We have some Sxxxx rules being set to "None" (we have disabled them). They are correctly exported from SonarQube into the general ruleset ([projectname]csharp.ruleset).

The ruleset on the project (which includes the general ruleset by using the <include> element) shows the rule as being active when opened in the visual editor. This messes up the SonarLint results.

How should this work? And how can we fix this?

[Tamas Vajk]

Hello Michiel,

I could repro your issue, and created a ticket for it in JIRA: https://jira.sonarsource.com/browse/SVS-63. (It seems to me that the settings are taken into account, it's only the Ruleset Editor Window that doesn't act as it should be.)

At the same time, could you tell me which rules have you disabled? If some rules don't apply to your project, then most probably they don't apply elsewhere either, so they should be disabled by default.

Thanks,

Tamas

Tamas VAJK | SonarSource
Language Team

http://sonarsource.com

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/039dbb62-be91-47ac-8062-dd4381efef7c%40googlegroups.com.

[Michiel Overeem]

Ok. But what about the other issues? The CA rules aren't exported at all. Shouldn't that be a ticket also?

About the rules, we switch on a lot more rules, and switched of some rules that we think are not necessary, or match existing CA rules. I don't think we should bother you with that, but If the export was complete ( ;-) ) I could send it to you.

[Tamas Vajk]

Hello Michiel,

We could certainly create a web service to export the CA* rules, but we already know that service will not live long as there is the Roslyn SDK and the Microsoft.CodeAnalysis.FxCopAnalyzers Nuget package, which together provides a better user experience. Creating a service that is already deprecated doesn't make sense. Instead please keep an eye on

https://jira.sonarsource.com/browse/SVS-64 and 

https://jira.sonarsource.com/browse/SFSRAP-32.

Tamas

Tamas VAJK | SonarSource
Language Team

http://sonarsource.com

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/78f7903f-c6f7-4a49-9647-1d4ac78f73ab%40googlegroups.com.

[michiel...@gmail.com]

Hi Michiel,

How did you manage to solve the 2nd issue, warning "CA0064 : No analysis was performed because the specified rule set could not be loaded or did not contain any managed code analysis rules"?

We're having the same thing. After connecting to the SonarQube server - while nuget packages/analyzers and rulesets are added - running Analysis on the solution or a project gives the same warning. When I open the properties of each project, the code analysis setting refers correctly to the new ruleset file. What's wrong?

Thanks, Michiel

[m.overe...@gmail.com]

We have created the rulesets ourselve by hand. So we manually sync the rulesets with SonarQube. No more indirection and no more includes.

And now the warning is gone.

Michiel