Operating system: Windows 10 Enterprise v.20H2
IDE name and flavor/env: Visual Studio 2022 v.17.1.6
SonarLint plugin version: 6.4.1.47693
Is connected mode used: Not yet
Connected to SonarCloud or SonarQube (and which version): –
And a thorough description of the problem / question:
I’ve just started using SonarLint for analyzing the code in some projects and I’ve seen some discrepancies between the “S” warnings that I get from SonarLint and the “CS*”, “CA*” from Visual Studio .Net Analyzers. Many seem the same, for example:
S4487 Remove this unread private field ‘Logger’ or refactor the code to use its value. IDE0052 Private member ‘MyClass.Logger’ can be removed as the value assigned to it is never read
Others are given by one of the respective analysis tools, but not both, for example: S2971 Drop ‘Where’ and move the condition into the ‘Count’
and CA2254 The logging message template should not vary between calls to ‘LoggerExtensions.LogError(ILogger, string?, params object?)’
So after some more research, I realize .Net analyzers are Roslyn analyzers. The ruleset is even posted here, so you can see exactly what you’ll get.
What I still don’t understand however is how Sonar inherits from this ruleset. I’ve compiled warnings and messages from my projects, and notice a large difference between the Roslyn analyzers set to Latest-All and the non-deprecated C# Sonar set. Roslyn for example is capable of picking up something like
CA1848 : For improved performance, use the LoggerMessage delegates instead of calling 'LoggerExtensions.LogWarning(ILogger, string?, params object?[])'
where I don’t find any equivalent in Sonar. Or in Sonar the following:
S1450 Remove the field '_logFactory' and declare it as a local variable in the relevant methods.
where I find no Roslyn equivalent. So clearly Sonar doesn’t implement the full Roslyn ruleset.
@Chris there isn’t a single, “full” Roslyn ruleset.
“Roslyn” is the name for the new C#/VB compiler framework. Amongst other things, the framework provides APIs that make it simple to implement new code analysis rules i.e. new Roslyn analyzers. What those rules do is entirely up to the author.
We have implemented a set of C#/VB analysis rules. as have Microsoft and dozens of other third parties. Some of our do rules do overlap with rules from other authors, including Microsoft. I’m not sure if we have a list showing the overlap; I’ll ask the team who own our .NET analyzers to comment.
Thanks for clarifying my question! I’m pretty new to Sonar, so when I first started using it, I assumed it was just an extension on top of the linked Microsoft ruleset because I saw so much overlap.
Looking forward to hearing more about any resources demonstrating relatedness between Sonar rulesets and others.