Posts

Showing posts from September, 2020

Configure SonarAnalyzer.CSharp with .editorconfig, no need for SonarCloud or SonarQube

Our goal was to use SonarSource/SonarQube static code analysis with the most "minimal" install/configuration footprint.We wanted the static code analysis to break/fail the build on the local developer machines as well as our CI/CD Azure DevOps environment if a rule was violated.SonarSource products usually rely on some external source, SonarCloud/SonarQube to determine which rules to apply on the local dev machine, and to store the results. We wanted to eliminate these dependencies.SonarSource also provides a Visual Studio extension called SonarLint to help check the static code analysis rules within the Visual Studio IDE without needing an external source for the rules.The static code analysis rules SonarLint enforces are also defined in the SonarAnalyzer.CSharp nuget package. This nuget package is a set of Roslyn Code Analyzers.In .NET Core, Roslyn Code Analyzers are triggered during a build if the nuget package is referenced by the project. Also in .NET Core, these analyz…