Visual Studio | Using SonarLint | Fixing issues

Was this page helpful?

On this page

Install Free

Fixing issues

Whether your issue is about a potential security problem, considered to be a bad coding practice, or a more serious logic error, fixing issues usually involve changes to the code. SonarLint’s issue messages contain useful information about how to fix the potential problem and include a rule description so that you can learn more about why the issue is reported. 

SonarLint for Visual Studio offers multiple ways to Investigate issues and fix problems in your code. 

Quick fixes

When a file is open and there are issues with quick fixes then a lightbulb will appear on the line of the issue.

The appearance of a lightbulb will let you know that SonarLint found an issue.

If lightbulb is clicked a menu with possible quick fixes will be opened.

The SonarLint quick fix menu will pop up when you click on the lightbulb.

If one of the quick fixes are selected, the fix will be applied automatically to your code.

Known limitations for quick fixes

  • Quick fixes for the whole line are always shown #2878. To be explicit, the user is always shown quick fixes for all issues on the current line, rather than just for the current issue.  
  • When an edit elsewhere invalidates an issue, quick fixes are visible on the invalidated issue until a new analysis is run. When a new analysis is triggered, and the issue (with its subsequent quick fix) no longer exists, there is no quick fix to offer. 

Fixing taint vulnerabilities

Please see the documentation about Taint vulnerabilities for more information about working with these particular security issues.

Marking issues

In SonarLint for Visual Studio 7.5+ running in Connected Mode with SonarQube or SonarCloud, it is possible to mark issues as Won’t Fix or False Positive from the IDE.

Select a SonarLint issue in the Error window, right-click, and select Mark Issue as… from the list of actions.

Marking an issue can be applied only to known issues, issues found by SonarLint that match those found on SonarQube or SonarCloud. Marks made on known issues will be reflected on the SonarQube or SonarCloud server within a few minutes.

At this time, it is not possible to unmark, or reopen an issue in SonarLint for Visual Studio. All issues must be reopened in SonarQube or SonarCloud, and will again show in SonarLint after the next server synchronization. Please see the SonarQube and SonarCloud documentation on Issue lifecycles for more information.

Requirements for marking issues

  • SonarLint for Visual Studio 7.5.
  • Running in Connected Mode with SonarQube or SonarCloud. 
  • In SonarQube, the Administer Issues permission must be granted to the user(s).

This feature is not supported for security hotspots or taint vulnerability issues. Please see the dedicated pages for fixing each of those issue types.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License