Currently we are using SonarLint in Visual Studio in our organization, and facing the random behaviour, whenever we are building any Solution file of our API project it shows some warning related to SonarLint having this format S2223 but the problem is that whenever we click on any of the warning message it automatically gets doubled or reduces the number of warnings, like its now showing the stable behavoiur. Please help me regarding, on the based of results of SonarLint we will move further towards SonarQube for Code Review.
As far as I can see, the two screenshots you have included have the same set of issues. The rule S2223 is raising multiple issues, but all on different lines for different variables.
Could you clarify what the incorrect duplications you are seeing are, and what the randomness is please?
Hi @duncanp
I hope you observe the no. of warnings as shown in the above images, where in the first image the warnings are 677 and in the second image the numbers are reduced to 521 & these numbers are varying by just clicking on any warning message randomly. My question is as simple as that, why the sonarlint is showing this much variation in the result? If there is any specific reason so please respond back soon.
You can clearly see the difference between the two. So please give me the reason why this is happening and if there is any specific reason so please mention that also.
The short answer
Visual Studio is responsible for the behaviour you are seeing, not SonarLint. You would see the same behaviour with any third-party Roslyn analyzer.
The long answer
The Sonar C# and VB.NET analyzers are implemented as Roslyn analyzers, and as such Visual Studio decides when to execute them. Visual Studio has a number of user-settable options that control whether “live” in-IDE analysis happens, and what the scope of that analysis is. See the Microsoft documentation for more information.
The precise way Visual Studio executes Roslyn analyzers is not publicly documented. However, it attempts to execute Roslyn analysis in the background without impacting the user experience e.g. it will wait until the user pauses typing before starting an analysis, and it can then cancel an in-progress analysis if the user starts typing again.
My guess is that the variation you are seeing is simply because in one case Visual Studio has analysed more code in the background than the other.
You can check the set of issues produced by SonarLint is consistent as follows: rebuild the solution, then set the filter in the Error List to “Build Only”:
(note that I am not suggesting that this is how you should normally configure your VS instance; it’s purely to demonstrate that if you remove the variability of the VS running “live analysis” in the background then the set of issues produced should be consistent).
