Evaluation of SonarLint


  • Operating system: Window 11
  • SonarLint plugin version:
  • Programming language you’re coding in: C#
  • Is connected mode used: No

I started evaluation of SonarLint. We don’t have SonarCube or SonarCloud at the moment, so I am using disconnected mode. I tried some of the examples in the rules overview for C# ( C# static code analysis (sonarsource.com)), but none of them seems to provide the expected results.

E.g. the following snippet does not produce a result although SonarLint analysed it:

        static object GetData(string user)
            // TODO

            var sql = $"select * from dbo.users where user = '{user}'";
            using (var cn = new SqlConnection())
                using (var cmd = new SqlCommand(sql, cn))
                    var result = cmd.ExecuteScalar();
                    return result;

Is there something I am doing wrong?


Welcome to the community!

Could you share what rule(s) you expected to see an issue from? Not all rules are run in SonarLint (on purpose!). So I want to check if it is one of those.



thanks for your warm welcome and your reply to my post.

My understanding from the SonarLint features that the rules linked there are all evaluated by SonarLint. After scrolling down the complete description of “Dynamic code execution should not be vulnerable to injection attacks” I found this hint:


Thanks you, my question is answered.

Thank you very much.


1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.