I have two question.
First question is that there are two tools that name are SonarAnalyzer.CSharp Nuget pack and SonarLint extension. Do i have to install both of these or is it enough to install SonarLint extension.
Second is that what is the SonarLint rule by the default. Which rules are active, recomended rules or all rules?
There is no functional difference in the rules and actually SonarLint for Visual Studio uses the same DLLs that are in SonarAnalyzer.CSharp. The are some other differences though:
When using the nuget the build times in Visual Studio will increase significantly. When using SonarLint, Visual Studio will analyze the projects in the background and the build time will not change.
You will not see issues from SonarLint in the Visual Studio Output window, only in the Error List. When using the nuget you will see issues in both Error List and Output Windows.
SonarLint will not modify your projects (unless you use connected mode, but that’s only for the rule config) and you will always use the latest version of the analyzers. With the nuget you lock to a specific version and you need to manually update and commit the changes in the source control system.
When in connected mode, SonarLint can hide issues that are marked as Won’t Fix, False Positive, etc. on SonarQube.
When in connected mode, SonarLint will automatically sync the local rule configuration with the one that’s on SonarQube.
The rules that are enabled by default in SonarLint without connected mode are the same rules that appear in the Sonar Way quality profile for C# in SonarQube.
For some project types (the old .NET projects) Visual Studio displays UI to edit the enabled rules and you could customize what is executed in SonarLint (and the nuget package), but for some it doesn’t - the .NET Core and .NET Standard projects, and you are stuck with the default settings.