Effective thread-safe risk test method & custom rule definition and utilization method

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    => 7.9.3 LTS Developer Edition Version.
  • what are you trying to achieve
    => what am I trying to achieve is title.
  • what have you tried so far to achieve this
  1. There have been issues such as violating exception conditions for business code these days or writing code so that it is not thread-safe.
    In Developer Edition of SonarQube, There were two thread-safe check rules for the C# language.

  2. Is there a way to more effectively detect thread-safe threats in advance with SonarQube Developer Edition features? Furthermore, is there a way to define custom rules and add them as inspection metrics? (For example, When I want to check if missed the exception condition in code or missed custom rules what we defined to included in code, How can I take action in this situation?)

Hi @specialSonar

I’m not aware of thread-safety specific rules that are not in the free analyzers. In C#, our commercial editions currently add taint vulnerability rules.

1 Like

Hello!

We have some multi-threading-tagged rules that may be of help.

You can write your own Roslyn analyzer, add it to your projects and the results will be automatically imported in SonarQube by the Scanner for .NET as external issues.