I have introduced SonarCloud in my organization, and we would like to have a rule, that prevents having code dependencies on pre-release packages.
It doesnt seem to exist in the Sonar Rules base, does anyone know if such a rule is already there?
If not, what would it take to make a custom rule?
Hello @themathmagician
Thank you for suggesting this rule idea. I created the issue New rule idea: Mark pre-release nuget package as non compliant · Issue #8351 · SonarSource/sonar-dotnet · GitHub in our repository. Implementing this rule is possible but also challenging. I think it is worth the effort as it makes sense to track dependencies on pre-releases. I’m unaware of any third-party analyzers that provide such functionality, but chances are that someone already implemented and released such an analyzer on Nuget. If you find such an analyzer or want to implement it, you can include it in your project, and it will show up as an “external” issue in your SonarCloud or SonarQube server.