Analyze solution from visual studio with Sonarcloud

Hi everyone,

I’m looking for some guidance.

We are already using Sonarcloud through Azure DevOps for analysis, so the question is, can the developers analyze their code (whole solution) by connecting visual studio with Sonarcloud? Or is that not possible?

Any documentation link would be helpful. I did have a look at Sonarlint but we would like the whole solution to get scanned in one go instead of a single file that is currently open.

TIA.

Regards,
Amit

Hi Amit,

Welcome to the community!

Would you mind explaining why you want developers to analyze locally files they’re not actually working on?

 
Ann

Thanks Ann, it was more of a precautionary way that our organization wants.

On that note, I did connect Sonarlint with Sonarcloud and I noticed that the issues (bugs/vulnerabilities) Sonarcloud reported were not seen in Sonarlint, is that the expected behaviour?

Hi,

It’s quite likely you’ll see more vulnerabilities reported in SonarCloud; taint analysis rules require cross-file analysis which we turn off in SonarLint to not drag the IDE down.

Thanks for the explanation. This really isn’t how we recommend going about it. We believe developers should concentrate on keeping the code they’re working on now clean. That will save them brain cycles and time.

And that’s why SonarLint doesn’t support whole-project analysis.

 
Ann