To use FxCop and Gendarme, your .NET solution must be compiled. It is not necessary when using StyleCop.
FxCop needs to be installed. For Gendarme and StyleCop, versions embedded in the SonarQube plugins are used by default.
Feeding SonarQube with Issues Coming From External Tools
There are two different ways to feed the SonarQube platform with issues coming from these external tools:
- Letting the SonarQube platform drive the execution of the external tools
- Reusing reports that have been generated by these external tools prior to the SonarQube analysis
Configuring External Tools
Log in as a System administrator and go to Settings > Configuration > General Settings > .NET FxCop or .NET Gendarme or C# StyleCop. For each tool, set the path to its installation directory through the
Letting the SonarQube platform drive the execution of the external tools
This is the default mode.
There is no additional configuration. Just run a SonarQube analysis and you'll get issues coming from these external tools.
Reusing existing reports
To activate this mode, add the following lines to your analysis configuration file:
Then, you just need to provide SonarQube with the reports:
Deactivating the external tools
How to define the confidence level for Gendarme?
sonar.gendarme.confidence property. Possible values are:
low / normal / high / total with + / -. Default value is:
How to define the dependency assemblies for FxCop?
sonar.fxcop.assemblyDependencyDirectories property to a comma-separated list of paths patterns to locate the directories containing the dependency assemblies. Paths are relative to the folders containing the ".csproj" files.
How to not report issues on generated code?
With FxCop, it is the default behavior (
For all the tools, you can also use the Switch Off Violations plugin.
How to take into account a StyleCop configuration file?
sonar.stylecop.analyzers.settings property to the file that holds additional settings for StyleCop. The path is relative to the folders containing the ".csproj" files.
This settings files will not be used to specify the active rules. Only settings such as "expected header contents", company names and so on will be used during the analysis.
How to set each tool's timeout?
sonar.<tool>.timeoutMinutes property (default value is 10).
I get many false positives for gendarme rule AvoidVisibleFieldsRule
This rule works at class level. If you are working on a Windows form or ASP.NET project, you may have many partial classes. The code generated in the "designer" parts may contain many "visible fields" whereas the real code that matters does not contain any defects. In order to avoid these false positives, you have two options:
- Disable this rule. Probably not the best option.
- Use the Switch Off Violations plugin to disable the rule only on "view" related components.
On an ASP.NET project you may configure the Switch Off violations plugin as follow: