SonarLint source control


I have a question about files that SonarLint creates. I have a visual studio project that is bound to a sonarqube project. SonarLint generates .ruleset files under each project directory. It also modifies project files (.csproj files in my case) to add the ruleset file to the project. I guess I’ll have to include these changes to the source control.

In addition to those files, it also creates a folder called “.sonarlint”. In the directory, it creates a ruleset file and a .slconfig file. Should I add these files to source control as well? It has a property called “ProfileKey”, which could be an auth token.


Hi there,

Yes, you should check in all of the changed files, including the .sonarlint folder.
The profile key isn’t an auth token - it’s the identifier for the Quality Profile for the Sonar project the solution is bound to.

If your SonarQube server requires user credentials (i.e. doesn’t allow anonymous access) then the credentials you provide will be stored in the Windows Credential Manager.

Note that the credentials are stored per-user and per-machine, so any other developer who opens the solution will need to provide their own credentials. However, there is a known bug in this area that was reported last week that will affect you if your server does not allow anonymous access: see for more information.



Hi Duncan, is there any reason to have the .sonarlint folder checked in to the source control. As per my understanding , if all the devs are using sonarlint extensions and can connect to the server, they will get the latest rulesets downloaded anyways.
what if someone accidentally changes the rulesets and commit, what will happen? Thanks

Hi @prady

The .sonarlint folder contains the ruleset generated from the Quality Profile for the bound Sonar project, along with a file containing connection information. Setting up connected model also modifies all of the project files to indirectly reference the generated ruleset.

If devs have SonarLint installed but the .sonarlint folder isn’t checked in, then the SonarC#/VB rules will be run, but since the generated ruleset is not on the machine they will running the default set of rules, rather than the set of rules specified in the Quality Profile.