Visual Studio | Using SonarLint | Scan my project

Was this page helpful?

On this page

Install Free

Scan my project

SonarLint, a core component of the Sonar solution, is a developer's first line of defense to find and fix coding issues in real-time. The results of a SonarLint scan provide rich contextual guidance to help you improve your skills while enhancing productivity to help you resolve issues in code. 

SonarLint scans your project to provide instant feedback against hundreds of language-specific rules. When running in Connected Mode with SonarQube or SonarCloud, you can benefit from additional rules that identify security vulnerabilities and security hotspots as well as take advantage of team features that help your organization work towards a Clean Code state.

Every organization has custom policies and procedures; the SonarLint analyzer offers a level of customization to help you achieve those practices.

Language-specific information

C# and VB

SonarLint uses Visual Studio’s background analysis mechanism to scan your C# and VB code while you’re working on source files in the editor. 

By default, Visual Studio is configured to only run Roslyn analyzers on files that are currently open. You can customize the scope of analysis to include the current document, all opened documents, or the entire solution; it’s also possible to configure the Roslyn analysis to run in a separate process in the same options window. Note that running analyses on the entire solution is more processor-intensive.

C and C++ analysis

Supported project types

See the Analyzing CMake projects content on the Visual Studio requirements page for more information about supported project types.

vcxproj projects: SonarLint can analyze .vcxproj projects that use the standard Visual Studio compilation tools. Projects that use Makefile are not supported. Projects that use third-party tools (such as Unity projects) are not supported. 

CMake projects: CMake projects are supported in SonarLint v4.38 and later. Starting with v4.38, SonarLint can analyze a subset of CMake project types that meet all of the following requirements:

  • Visual Studio 2017 Update 3 or later is used
  • Visual Studio is configured to use the Ninja generator (the default), and
  • the CMakeLists.txt file contains the following command: set(CMAKE_EXPORT_COMPILE_COMMANDS ON).

Triggering analysis

C or C++ analyses are triggered when a file is opened or saved. Any existing issues for the document will immediately be removed from the Error List. New issues will be added to the Error List incrementally as they are detected.

The status bar will be updated to show the file is being analyzed:

SonarLint is analyzing your project.

and again when the analysis has finished:

SonarLint has finished the analysis.

Additional detailed information will be shown in the SonarLint pane of the Output Window.

Note: SonarLint only displays status information in the status bar, as shown in the the above screen shots. Some versions of Visual Studio provide other C++ analysis rules from Microsoft that display progress information in the background tasks pop-up window. These messages do not relate to SonarLint analysis. See here or more information on the Microsoft C++ rules.

C/C++ analysis performance

SonarLint has 450+ rules for C++ and 280+ rules for C. Most run very quickly and will return issues in under a second. However, some of the more advanced rules that involve semantic analysis can take more than ten seconds to run.

Analysis is performed in the background in a separate process. It should not have a noticeable impact on the user experience in Visual Studio. If the analysis is taking too long for a particular file then the analysis process will be terminated. If an analysis is being re-triggered (e.g. via a re-save of the file), the previous analysis will be cancelled and a new analysis will start.

Prior to v4.22, issues were only displayed in the Error List after all rules had finished processing. As of v4.23, issues are displayed in the Error List as soon as they are available; this means that most issues will appear within a few seconds. However, the status bar may still continue to display the analyzing xxx.cpp message for some time until all of the rules have finished processing.

Analysis timeout

By default, an analysis that has not been completed within one minute will be stopped and a message logged in the Output Window. We expect such timeouts to be very rare and probably indicates that there is a problem with one of our analysis rules. If you do encounter timeouts when analysing files, please open an issue in the SonarLint section of the Community Forum and tag it with cfamily.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License