SonarSource delivers what is probably the best static code analyzer you can find on the market for C#. Based on Microsoft Roslyn compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.
SonarC# has a great coverage of well-established quality standards. The SonarC# capability is available in Visual Studio for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.
- Easy analysis of any existing Visual Studio Solution or MSBuild project
- Native integration with any existing build in Azure DevOps
SonarC# supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of Microsoft Visual Studio, dotCover, OpenCover, and NCover 3 test coverage reports.
SonarC# supports custom rules written in Roslyn, and packaged via the SonarQube Roslyn SDK project.