Sonarqube-roslyn-sdk deprecation

Rouke.Broersma.IS · March 9, 2020, 7:57am

I’ve read in some forum posts that https://github.com/SonarSource/sonarqube-roslyn-sdk has been deprecated. I am responsible among other things for managing sonarqube instances for our customers and colleagues, and we use the sonarqube roslyn sdk to add some extra rules such as https://security-code-scan.github.io/ to our sonarqube instances so our customers don’t need to add them to all their projects.

Is there any alternative you guys offer for our use case? Adding these rules is a value add for the service we provide for our customers.

Also if the sonarqube roslyn sdk is deprecated perhaps you should add that to the readme on the git repo, because people are still adding issues and pull requests.

Andrei_Epure · March 10, 2020, 12:16pm

Hi @Rouke.Broersma.IS - out of curiosity, could you please tell us what forums you read that the Roslyn SDK has been deprecated?

As you can see here:

The SonarQube Roslyn SDK is not deprecated. However, it is true it does not get a lot of our attention and we are discussing internally what we should do with it in the future.

Rouke.Broersma.IS · March 10, 2020, 12:30pm

See: Customer C# rules are these still possible?

I am mainly asking because we need this pr merged to be able to keep using sq roslyn sdk as we provide services on linux now as well as windows, and the linked issue is blocking for linux support:

Andrei_Epure · March 10, 2020, 12:38pm

Ok, I understand. It’s good you raise this point , it will help our internal discussion on the fate of the Roslyn SDK.

milbrandt · March 14, 2020, 6:15pm

Is the Sdk working for SonarQube 8.x? As some SonarQube API of 6.x was now removed and the Sdk v2.0 generates Plugins compatible from 6.7 the plugins will (or have already) break.

We would also welcome to continue using the Sdk with current Roslyn analzers.

peterw · January 7, 2021, 8:56am

Do you have an update for this sdk yet? It hasn’t had a new release for over 2 years now, its getting out of date with the latest Visual Studio changes, for example these:

And as far as I can tell SonarQube also doesn’t support the EditorConfig configuration files for Rosyln analysers.

Is this just an overall dropping of support for Visual Studio?

Andrei_Epure · April 12, 2021, 4:13pm

Hello @peterw . First of all, please accept my apologies for the late answer.

My colleague @duncanp gave an extensive reply here, I will quote it:

I am confused - what is the actual way to integrate Roslyn Analyzers int Sonar Qube

SonarQube Roslyn SDK
Originally, this was the only way to integrate third-party Roslyn analyzers with SonarQube, and required extra work on the part of the end-user to generate and install a custom SonarQube plugin.

The SonarScanner for .NET now supports importing issues from third-party Roslyn analyzers out of the box. See the Notes on external .NET issues section in the docs for more information.
This approach has a few pros and cons compare to the SonarQube Roslyn SDK. On the plus-side, it doesn’t require any extra steps to make it work, and it is supported on both SonarQube and SonarCloud. On the down-side, you can’t configure the rules to run in a Quality Profile, and you can’t change the status of reported issues in SonarQube.

The SonarQube Roslyn SDK has been somewhat neglected since we add the out of the box support for importing issues, and we’ve been discussing internally what to do with it going forwards.
Our current thinking is that we will do some work on the SDK after the next SonarQube LTS has been released to tidy up the code and make sure it works with the LTS and the latest version of Roslyn. We’ll then look to move the ownership of the SDK to the community.

We use EditorConfig to configure StyleCopAnalyzers in our sonar-dotnet project, and we import SA issues in our SonarCloud project - so if you want to import results for third party analyzers, using editorconfig is the way to go.

Pete_Whitehead · June 8, 2021, 1:52pm

@Andrei_Epure thanks for the update, is there a guide on how to import EditorConfig into SonarQube? I can’t find anything related to how I define .EditorConfig in SonarQube, or how to get SonarLint to consume it and apply the defined config.

This post says .editorConfig is not supported .editorconfig is not being recognized by SonarQube - #2 by duncanp
Is EditorConfig support a new feature since that post?

Andrei_Epure · June 21, 2021, 3:54pm

Hello @Pete_Whitehead

You cannot import editorconfig in SonarQube…

.editorconfig files are picked out of the box by Roslyn during the build and applied by Roslyn when running the analysis. And the Scanner for .NET imports the output of the Roslyn analysis during the build. Note: our analyzers are Roslyn analyzers and are thus integrated during the msbuild compilation.

So, for example, you can exclude a SonarQube rule for a particular file using editorconfig - see SonarQube docs.

No, it comes out of the box with Roslyn.

Pete_Whitehead · July 1, 2021, 10:21am

We are using the SonarLint plugin to download the ruleset from our SonarQube server which we imported using a fork of GitHub - SonarSource/sonarqube-roslyn-sdk: SDK for SonarQube Roslyn Analyzer Plugins (see The 2.0 generator does not work for microsoft.codeanalysis.fxcopanalyzers · Issue #145 · SonarSource/sonarqube-roslyn-sdk · GitHub as to why we need a forked version).

We do this so we can sync rulesets across repositories. As far as I can tell SonarQube only publishes the old style ruleset as xml, not as EditorConfig?

Andrei_Epure · August 2, 2021, 2:07pm

yes, only rulesets are exported

Andrei_Epure · January 13, 2022, 2:01pm

Hello @Rouke.Broersma.IS , @milbrandt , @peterw

We released v3.0 of the SonarQube SDK for Roslyn, please have a try (Release v3.0 · SonarSource/sonarqube-roslyn-sdk · GitHub) and let us know if it works well for you.

Rouke.Broersma.IS · January 13, 2022, 2:25pm

Hi @Andrei_Epure

Thank you for notifying. I see that PR Replaces the back slash, to allow the zip file to be unzipped in linux by aledaccas · Pull Request #116 · SonarSource/sonarqube-roslyn-sdk · GitHub has still not been merged. Is there any reason to assume that this issue has been fixed without this change? If not then the update does not help us, as we can still not use the plugin on linux.

Andrei_Epure · January 14, 2022, 2:58pm

Indeed sorry, I added the update to all threads regarding the Rolsyn SDK w/o properly going through the whole thread. I apologize.

I’ll come back on this thread with an update.

Topic		Replies	Views
Custom Rules for C# As of Oct 2018 SonarQube Server / Community Build	2	2170	April 15, 2019
Customer C# rules are these still possible? Writing rules	4	1101	January 14, 2019
Is using a Roslyn plug-in to provide a ruleset for SonarQube a recommended way of use? SonarQube Server / Community Build sonarqube	1	394	December 9, 2019
Get new rules-set for C# SonarQube Server / Community Build csharp , scanner	3	1255	November 28, 2018
SonarQube plugin generator not working for SonarQube version higher than 10? Plugin Development sonarqube	0	329	September 22, 2023

Sonarqube-roslyn-sdk deprecation

Related topics