Previous versions

Connected Mode setup

Step 1

In Visual Studio, go to Extensions > SonarLint > Connected mode and select Bind to SonarQube or SonarCloud…, this will open the SonarQube Connections tab in the Team Explorer window. Although the tab reads SonarQube, it is used for connecting to both SonarQube and SonarCloud.

Step 2

For new connections, click Connect… to open the connection dialog box.

The Connect to a SonarQube Server tab is used for connecting to both SonarQube and SonarCloud.

Step 3

In the SonarQube Server field:

• If you’re connecting to SonarQube: enter your SonarQube server address.
• If you’re connecting to SonarCloud: enter your SonarCloud server URL that starts with https://sonarcloud.io

Step 4

In the Username/Token field, enter a SonarQube or SonarCloud user token and leave the Password field blank.

• In SonarQube, navigate to User > My Account > Security, or complete this URL, https://<your-sonarqube-url>/account/security/, to generate a new user token.
• In SonarCloud, navigate to User > My Account > Security, or use this URL, https://sonarcloud.io/account/security, to generate a new user token.

Step 5

Click Connect to set up the connection.

Step 6

(for SonarCloud only) Select the organization you want to bind to and click OK. To bind to a third-party organization that is not on the list, go to Other organizations and enter the organization key from that organization. 

• Your SonarCloud Organization Key can be found by going to your SonarCloud Account > Organizations page: https://sonarcloud.io/account/organizations. Keys for third party organizations can be found by going to the project's information page.

The SonarQube tab now displays your projects and you will also see your organization listed if you are connected to SonarCloud.

To create and deploy a Shared Connections Binding file, follow the Configure the binding, and Save and share your setup instructions. 

Bind your project

To bind a project, go to Visual Studio Team Explorer > Your SonarQube instance and double-click the project you want to bind; alternatively, you can right-click on your project and select Bind. 

The Connected Mode binding settings are written under %AppData%\Roaming\SonarLint for Visual Studio\Bindings. Each bound solution will have its own folder.

SonarLint automatically fetches the required settings from the server and creates local configuration files. To manually trigger an update, go to Visual Studio Team Explorer > SonarQube, right-click the project whose binding you want to update, and select Update.

To share your binding configuration, follow the Save and share your setup instructions.

Additional notes for Tfvc users

If you are using Team Foundation Version Control and have C# or VB.NET projects in your solution, it is possible that you will see some additional dialogs from Tfvc appearing when binding finishes. If your solution does not contain C# or VB.NET projects, you can disregard the rest of this section.

Tfvc might pop up one or more dialogs like the one below warning that files outside the workspace are being referenced and asking for confirmation that this is ok. These files are used to configure analysis for C# and VB.NET, and do not need to be under source control. Select Add the item to dismiss the dialog.

Once you have dismissed the Tfvc dialogs, they should not appear again.

Save the connection binding

After completing the steps outlined in the Using the connection wizard section above, go to Visual Studio Extensions > SonarLint > Connected mode and select Export Binding Configuration. 

A .json file will be added to your .sonarlint folder containing the SonarQube URI & Project Key, or SonarCloud Organization & Project Key. 

Share the connection binding

Commit the file you just created in the working directory; your teammates should have access to the binding configuration once your commit becomes part of the repository.

Because your Project’s identifying information is saved in a location under source control, it will be available to anyone with access to the project repo. Each team member is still required to have their own SonarQube or SonarCloud credentials; these are managed in SonarQube and SonarCloud, respectively

Bind using shared configuration

Once the shared project configuration has been saved by one team member, additional team members will have a streamlined process when configuring their project binding. To achieve this, SonarLint automatically looks for the .sonarlint folder; if it’s available and the shared configuration file is there, SonarLint will offer you a gold bar to streamline the setup. 

Select the Bind option from the gold bar to set up your connection to the server using the shared settings. If you wish to opt-out, use of the shared connection settings are available when you start a new connection setup. If you're not already connected to an instance of SonarQube or to an Organization in SonarCloud, you'll need to add your user token.

Some parts of the Visual Studio Team Explorer window are used to manage your binding in earlier versions of SonarLint for Visual Studio. 

Bind using shared configuration

If someone in your team has properly created a shared connection, SonarLint for Visual Studio find the connection file in the .sonarlint folder and offer you a gold bar to streamline the setup.

Select the Bind option from the gold bar to set up your connection to the server using the shared settings. If you wish to opt-out, use of the shared connection settings are available when you start a new connection setup. If you're not already connected to an instance of SonarQube or to an Organization in SonarCloud, you'll need to add your user token.

In the Username/Token field, enter a SonarQube or SonarCloud user token and leave the Password field blank.

• In SonarQube, navigate to User > My Account > Security, or complete this URL, https://<your-sonarqube-url>/account/security/, to generate a new user token.
• In SonarCloud, navigate to User > My Account > Security, or use this URL, https://sonarcloud.io/account/security, to generate a new user token.

If no gold bar is available, in Visual Studio, go to Extensions > SonarLint > Connected mode and select Bind to SonarQube or SonarCloud…, this will open the SonarQube Connections tab:

• Simply select the Use Shared Binding Configuration checkbox and click Connect…. If you’re not already connected to the same instance of SonarQube or SonarCloud, you will be prompted to enter your token (as it's described in the bullet points above); with the correct stored credentials, the project will bind immediately with a single click.

Before SonarLint for Visual Studio version 7.0 (released in June 2023), Connected Mode behaved a bit differently:

• In versions 6.16 and earlier, SonarLint saved all of its configuration files inside the solution project folder, and it was up to the user to commit or exclude the Sonar settings. This caused some version control management problems, especially when syncing with the server in Connected Mode.
• From version 7.0 and newer, the settings folder was moved outside of the solution directory to the %AppData%\Roaming\SonarLint for Visual Studio\Bindings folder.

Before SonarLint for Visual Studio version 4.0 (released in May 2018), Connected Mode behaved a bit differently:

• The appropriate NuGet package for the SonarAnalyzer.CSharp/SonarAnalyzer.VisualBasic analyzers were added to each project.
• The Connected Mode settings were saved in a solution-level folder called SonarQube in a file called SolutionBinding.sqconfig.
• If you are upgrading to version 7.0 from Sonarlint version 3.10 or earlier, please check the Migrate Connected Mode to v7 page for instructions.

In SonarLint for Visual Studio version 4.0 and later:

• The analyzer NuGet packages are no longer installed in any project
• The settings are saved in a solution-level folder called .sonarlint in a file called [solution name].slconfig.

Connected Mode for C# and VB projects v6.16 and earlier

When binding to SonarQube/SonarCloud, SLVS generates configuration files that are needed for Sonar C# and Sonar VB.NET analyzers. The following configuration files are generated for each language:

• a .ruleset file that contains the rules configuration corresponding to the Quality Profile (See the Microsoft documentation for Rule sets)
• a SonarLint.xml file which contains the rules parameters for Sonar C# and Sonar VB.NET analyzers.

The configuration files are located under the .sonarlint folder in your solution directory.

Each non-test project under your solution needs to reference all of these files in order to be considered as correctly bound. If one of the configuration files is not referenced, the project is considered as unbound and SLVS will prompt you to bind it.

How does SLVS recognize that the configuration files are referenced?

The generated ruleset is specified in the CodeAnalysisRuleSet property e.g.

<PropertyGroup>
  <CodeAnalysisRuleSet>path-to-generated-ruleset.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>

The SonarLint.xml file is referenced as an AdditionalFiles item e.g.

<ItemGroup>
  <AdditionalFiles Include="..\.sonarlint\{language}\SonarLint.xml" />
</ItemGroup>

What happens when SLVS binds my C# / VB.NET projects?

If SLVS recognizes that the project does not reference the generated .ruleset file, SLVS will reference it using the following logic:

If the project has no CodeAnalysisRuleSet properties, SLVS will create one and point to the generated .ruleset file. So your project will look like this:

<PropertyGroup>
  <CodeAnalysisRuleSet>path-to-generated-ruleset.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>

If the project has a CodeAnalysisRuleSet property that points to a .ruleset file that is located under the project’s directory, SLVS will amend that ruleset to reference the generated .ruleset file. So your project’s ruleset file will look like this:

<?xml version="1.0" encoding="utf-8"?>
<RuleSet Name="My ruleset" Description="test" ToolsVersion="16.0">
  <Include Path="path-to-generated-ruleset.ruleset" Action="Default" />
  ...

If the project has a CodeAnalysisRuleSet property that points to a .ruleset file that is not located under the project’s directory, SLVS will create a new .ruleset file and place it under your project’s directory. The new ruleset file references your previous ruleset and Sonar’s generated .ruleset file. So the new ruleset file will look like this:

<?xml version="1.0" encoding="utf-8"?>
<RuleSet Name="SonarQube - Sonar way" ToolsVersion="14.0">
  <Include Path="path-to-generated-ruleset.ruleset" Action="Default" />
  <Include Path="path-to-your-other-ruleset.ruleset" Action="Default" />
</RuleSet>

Can I customize how my projects are configured?

Yes. The initial binding described above will correctly configure your projects, but you are free to modify this using the standard capabilities of MSBuild e.g. using a Directory.Build.props file, or putting the references in a common targets file that is included in the appropriate projects.

FYI the SonarLint for Visual Studio solution in this repo uses a Directory.Build.props file (see here). It does not contain any project-level rulesets or settings.

See our documentation on how to configure a reference to project rulesets, and Microsoft’s documentation for customizing your build.

In standalone mode, it is possible to enable or disable rules, configure rule parameters, and in versions 4.13-7.2, change the reported rule severity. Not all options are supported for all languages. See the table below for more information.

Rule management support in versions 4.13-7.2

Disabling a rule

To disable a rule, select an instance of the rule in the Error List and select the Disable SonarLint rule command on the context menu:

You can view and change the current rule settings by selecting Edit rules settings from the SonarLint > Tools > Options page:

When the rule settings are changed (either by using the Disable SonarLint rule command or by directly editing and saving the settings.json file), SonarLint will automatically re-analyze all open documents.

The SonarLint Output window tab contains text output describing the processing that has taken place; see this example:

settings.json file format and location

The settings.json file is stored in user's roaming profile %APPDATA%\SonarLint for Visual Studio. It applies to all supported versions of Visual Studio. If the machine is domain-joined, then the settings file will be automatically copied to any other machine in the domain that the user logs on to.

The format of the settings file is as follows:

{
 "sonarlint.rules": {
   "c:S1135": {
     "level": "On",
     "severity": "Info"
   },
   "cpp:S1199": {
     "level": "Off",
     "severity": "Minor"
   },
   "javascript:S1135": {
     "level": "Off"
   },
   "typescript:S1854": {
     "level": "On"
   }
 }
}

The format of the rule key in the file is [c|cpp|javascript|typescript]:[rule id]. The full list of rules is available at https://rules.sonarsource.com/.

Valid severity values are Blocker, Critical, Major, Minor and Info. Changing the severity of a rule only affects the label in the Category column in the Error List.

If the settings file does not contain an entry for a rule then the default setting for the rule in the SonarWay Quality Profile will be used.

Note: if the solution is in Connected Mode then the settings file is ignored. Connected Mode is not currently for JavaScript or TypeScript - see #770. It is also not available for Secrets detection rules, which are only run in the IDE and so cannot be configured on the server.