Scan my project
On this page
SonarQube for IDE, a core component of the Sonar solution, is a developer's first line of defense to find and fix coding issues in real-time. The results of a SonarQube for IDE scan provide rich contextual guidance to help you improve your skills while enhancing productivity to help you resolve issues in code.
SonarQube for IDE scans your project to provide instant feedback against hundreds of language-specific rules. When running in connected mode with SonarQube Server or SonarQube Cloud, you can benefit from additional rules that identify security vulnerabilities and security hotspots as well as take advantage of team features that help your organization work towards a Clean Code state.
Every organization has custom policies and procedures; the SonarQube for IDE analyzer offers a level of customization to help you achieve those practices.
Language-specific information
C# and VB
SonarQube for Visual Studio uses Visual Studio’s background analysis mechanism to scan your C# and VB code while you’re working on source files in the editor.
By default, Visual Studio is configured to only run Roslyn analyzers on files that are currently open. You can customize the scope of analysis to include the current document, all opened documents, or the entire solution; it’s also possible to configure the Roslyn analysis to run in a separate process in the same options window. Note that running analyses on the entire solution is more processor-intensive.
C and C++ analysis
Supported project types
See the Analyzing CMake projects content on the Visual Studio requirements page for more information about supported project types.
vcxproj projects: SonarQube for Visual Studio can analyze .vcxproj projects that use the standard Visual Studio compilation tools. Projects that use Makefile are not supported. Projects that use third-party tools (such as Unity projects) are not supported.
CMake projects: CMake projects are supported in SonarLint v4.38 and later. Starting with v4.38, SonarQube for Visual Studio can analyze a subset of CMake project types that meet all of the following requirements:
- Visual Studio 2017 Update 3 or later is used
- Visual Studio is configured to use the Ninja generator (the default), and
- the CMakeLists.txt file contains the following command:
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
.
Triggering analysis
C or C++ analyses are triggered when a file is opened or saved. Any existing issues for the document will immediately be removed from the Error List. New issues will be added to the Error List incrementally as they are detected.
The status bar will be updated to show the file is being analyzed:
and again when the analysis has finished:
Additional detailed information will be shown in the SonarLint pane of the Output Window.
Note: SonarQube for Visual Studio only displays status information in the status bar, as shown in the above screen shots. Some versions of Visual Studio provide other C++ analysis rules from Microsoft that display progress information in the background tasks pop-up window. These messages do not relate to SonarQube for Visual Studio analysis. See here or more information on the Microsoft C++ rules.
C/C++ analysis performance
SonarLint has 450+ rules for C++ and 280+ rules for C. Most run very quickly and will return issues in under a second. However, some of the more advanced rules that involve semantic analysis can take more than ten seconds to run.
The analysis is performed in the background in a separate process. It should not have a noticeable impact on the user experience in Visual Studio. If the analysis is taking too long for a particular file, the analysis process will be terminated. If an analysis is being re-triggered (e.g. via a re-save of the file), the previous analysis will be cancelled and a new analysis will start.
Prior to v4.22, issues were only displayed in the Error List after all rules had finished processing. As of v4.23, issues are displayed in the Error List as soon as they are available; this means that most issues will appear within a few seconds. However, the status bar may still continue to display the analyzing xxx.cpp
message for some time until all of the rules have finished processing.
Analysis timeout
By default, an analysis that has not been completed within one minute will be stopped and a message logged in the Output Window. We expect such timeouts to be very rare and probably indicates that there is a problem with one of our analysis rules. If you do encounter timeouts when analysing files, please open an issue in the SonarQube for IDE section of the Community Forum and tag it with cfamily
.
Was this page helpful?