the April release of SonarLint for Visual Studio introduces a new format for the Rule Help to help you eliminate issues faster with contextualized guidance and to help you dodging them in the future.
The new rule format comes with the following contents in separate sections:
- Why is this an issue: to explain you why we’re raising this and why is it important to fix it (for example, how a vulnerability can be exploited by a malicious user)
- How to fix it: it provides instructions and examples with just the information you need right now, in your context, to solve this issue. You’ll notice for example that the contents are fine-tuned for the library or framework you’re using in your code.
- More info: Allows you to go deeper and learn more about this or similar issues, including generic Clean Code principles, to improve your skills as a developer and avoid introducing similar issues in your code in the future.
The improved rule format is already available for the top 15 security vulnerabilities, and we’re progressively rolling it out for the remaining rules. You do not need to configure anything to benefit from this improvement, simply activate the Rule Help for an issue by clicking on its code in the Errors list.
For those of you using SonarLint in connected mode with SonarQube or SonarCloud, this release brings more good news! As we’re working to progressively better align the SonarLint local analysis with the SonarQube/SonarCloud configuration, we’ve just added the ability to SonarLint for Visual Studio to retrieve the server settings for .NET files and directories inclusions and exclusions. Those settings are now replicated and applied to the local analysis, so that you can better focus on the issues that are relevant to you and your organization.
You can learn more about those parameters in SonarQube and SonarCloud documentation. The following settings are currently supported in SonarLint:
You can read more about this release in our GitHub release notes.