What is SonarLint?
SonarLint is a product from SonarSource. SonarSource is one of the leading companies that builds product for code quality and security.
SonarLint is an IDE extension that helps detect and fix code quality issues at runtime. It can also be used to perform a complete analysis of code to find code quality issues. SonarLint supports IDEs Visual Studio, Visual Studio Code, Eclipse and IntelliJ IDEA. SonarLint provides developers with instant feedback in their IDEs as they are writing code. Issues appear as you type code. When it identifies an issue, SonarLint provides documentation to understand the issue in details and explain what is the best practice.
In this post, we will integrate SonarLint with Visual Studio 2019 and see it in action.
Add SonarLint to Visual Studio 2019
Obviously, for this demo, you need to have Visual Studio 2019 installed on your system! First lets install SonarLint and then we will see it in action.
Step 1: Open Visual Studio 2019 and go to Extensions -> Manage Extensions. Search for SonarLint and click Download.
Step 2: After you perform the above steps, you need to close Visual Studio. Once you close it, you can see the VSIX Installer starting to run. Hit Modify to let it finish the installation. After the installation is complete, hit Close and open Visual Studio again.
Step 3: SonarLint is now complete. You can go to Extensions -> Manage Extensions -> Installed to check SonarLint shows up in the list of installed extension.
Before we move to the steps to see how SonarLint works, let us go through some additional step to pair SonarLint with SonarCloud.
Pair SonarLint with SonarCloud or SonarQube
SonarQube and SonarCloud are additional products from SonarSource which are on-premise and cloud based respectively. SonarQube/ SonarCloud are used to continuously inspecting the Code Quality and Security of the codebases, and guiding development teams during Code Reviews. I will cover in-depth explanation of the products in my upcoming blog. I will ensure to add a link here.
The primary reasons why we need to pair SonarLint with either SonarQube or SonarCloud is for team collaboration and organizational consistencies. One can configure Language Rulesets and Analysis Settings at a team or project level and SonarLint can get those settings from SonarQube or SonarCloud. This way every member in your team follow the same standards. There are several other ways how SonarQube or SonarCloud is used but I will not cover them here.
So lets see how we can pair SonarLint with SonarQube or SonarCloud
Step 4: You can connect to SonarQube or SonarCloud through the Team Explorer. Go to Team Explorer and there you can see SonarQube as an option. Click on it. you would get a prompt to enter Server, Username and Password details.
Note: Understand that there is no separate option for SonarCloud. You need to provide a specific server detail for SonarCloud
Step 5: For SonarCloud enter https://sonarcloud.io/ as the server. For SonarQube, enter the server of the on-premise server. Also enter the Username and Password
When configuring for SonarCloud I strongly recommend using token instead of username and password. In order to generate a token, go to your SonarCloud account, My Accounts -> Security. Provide a Token Name and click Generate. Copy the key.
Enter the token in the Username/Token field. No need to enter password.
Using SonarLint in Visual Studio 2019
Now that we have SonarLint added to our Visual Studio IDE, let see it in action. I will use one of my ASP.NET MVC Core application called SKBookClub to run analysis.
Step 6: Go to your Solution Explorer, right click on the Solution Name -> Analyze and Code Cleanup -> Run Code Analysis on Solution. The results are shown in the Error List tab.
All code which starts with a ‘S’ are from SonarLint.
Step 7: Next, lets take a look at how SonarLint checks the code while you write the code. Check the below gif. As I write the code, SonarLint shows up a new warning in the Error List tab. Also it shows up a warning in the code as a bulb sign. This helper allows you to fix the problem instantly.
Today, we saw how to set up SonarLint extension in Visual Studio 2019 IDE. Good coding practices are language agnostics and help the organization to deliver reliable, secure, maintainable, testable, portable and reusable code. Using analyzers like SonarLint while coding saves a lot of downstream effort. These kind of practices should be strongly encouraged in a software development environment.
In my next post, I am going to show you how to integrate SonarCloud in a Azure DevOps build pipeline.