Code Quality and Security for C#

SonarSource delivers what is probably the best static code analyzer you can find for C#. Based on the Microsoft Roslyn compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find Code Smells, Bugs, and Security Vulnerabilities. As with everything we develop at SonarSource, it was built on the principles of depth, accuracy, and speed.

SonarSource's C# analysis has a great coverage of well-established quality standards. This capability is available in Visual Studio for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or cloud-based SonarCloud.

Samples of Issues Detected
 
Always false condition
Always false condition
Dead store
Dead store
Same branches
Same branches
Dereference of null pointer
Dereference of null pointer
I/O function call injection
I/O function call injection
Supported project types and build systems

  • Easy analysis of any existing Visual Studio Solution or MSBuild project
  • Native integration with any existing build in Azure DevOps

Metrics

SonarSource's C# analysis supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of Microsoft Visual Studio, dotCover, OpenCover, Coverlet and NCover 3 test coverage reports.

Custom Rules

SonarSource's C# analysis supports custom rules written in Roslyn, and packaged via the SonarQube Roslyn SDK project.

Free & Open Source

Github

Issue Tracker

Use in community edition

See all editions


Related Content