3

We are currently in the process of evaluating the use of SonarQube/SonarLint for our .NET applications. We are pretty happy with what we've seen so far (and, btw, kudos for bringing SonarQube this far - I've used it a couple of years ago for my PhD project, and it has improved greatly since then!).

However, one thing was a bit surprising: When I connected my SonarLint instance to our SonarQube server (which worked just fine) and started syncing the bound project, SonarLint started to download nuget packages (which was kind of expected) and then created one or even two .ruleset files for each project of our solution (in addition to a file SonarQube/<solution name>CSharp.ruleset which I assume is the solution-wide ruleset).

What I expected and would prefer is only the single ruleset valid for the complete solution (and possibly the option to override that ruleset for projects where this makes sense (e.g., test projects)).

Is this behavior possible at all, i.e., did I miss anything? Documentation is the only area I've identified so far where SonarLint is lacking.

jessehouwing
  • 106,458
  • 22
  • 256
  • 341
csoltenborn
  • 1,127
  • 1
  • 12
  • 22
  • I'm a bit surprised that I haven't received any answer to my question (the SonarLint team is apparently monitoring the SonarLint tag on SO), since it seems to be a rather basic requirement, and I would expect that many teams have the same use case. Is there something stupid about my question? If this is the case, please provide a link or something like that... Am I mixing SonarLint and VS responsibilities, or is my use case not possible at all? Again, please share your knowledge... Thanks in advance. – csoltenborn Apr 08 '16 at 11:31
  • 1
    Changing the ruleset at solution level will be applied on project level if the ruleset on that level is not changed. If you open the file with a XML editor you see the difference. – Jeroen Heier Apr 08 '16 at 17:27

2 Answers2

2

I gave a bit more details on the interest of having several rulesets in the following blog post:SonarLint for VisualStudio 2.1 released, brings consistency with MSBuild, navigation to SonarQube and notifications

You have one ruleset per project which is customizable in case you want to strengthen the definition of the quality for your solution, and one corresponding to the SonarQube quality profile (compliance with the governance in SonarQube)

Jean-Marc Prieur
  • 1,553
  • 11
  • 11
1

There is a reason why these additional ruleset files are created. Well actually there are multiple:

  • That is to allow you to set a baseline to which all projects must adhere, but the enable additional rules for projects with specific types of code. You may have a couple MSOCAF rules enabled that are specific to Sharepoint projects, which don't make sense for your Unittest or Windows Service projects

  • Say, when you are fixing technical debt in your projects, you can set a baseline for the whole solution and that slowly tighten the rulesets of the individual projects so that you can focus your cleanup effort on a specific project. Instead of having to clear up a specific rule or set of rules across all projects in the solution at the same time.

One of the project ruleset files will be overwritten each time you sync with SonarQube. The other one will remain as you've left it. Allowing you to save your customizations and still allowing you to safely sync changes to the SonarQube baseline.

If I'm remembering this correctly, the Solution ruleset is included in the project ruleset as is the ruleset in which you store your customizations. Currently I don't have a SonarQube server at hand to verify which ruleset file server which purpose, but this is the reasoning behind it.

jessehouwing
  • 106,458
  • 22
  • 256
  • 341
  • Thanks for your answer! However, some things are still not clear to me. I certainly see the need for emplyoing different rulesets for different projects, but I think that having separated rulesets for each and every project is a maintenance nightmare (and I admit that I haven't understood your point on "the Solution ruleset is included in the project ruleset" - after all, we would have 1 solution and many project ruleset, so how can the former be contained in the latters?). Tbc... – csoltenborn Apr 08 '16 at 13:27
  • 1
    What we have in mind is a solution ruleset as base for all projects, and project rulesets (only) where needed to customize the needs of certain projects, e.g. be adding or disabling rules "inherited" from the solution ruleset. Is something like this possible at all witch SonarQube? Can you maybe point to relevant documentation for that use case? Again, thanks for your insights... – csoltenborn Apr 08 '16 at 13:29
  • 1
    No, the set in Sonar is going to be the baseline, what's valid for all projects. The ability to have different quality profiles in the same sonarqube project has been removed with 4.something. So what's in Sonar is going to be the baseline for all projects. I don't like it any more than you do from a continuous improvement perspective. – jessehouwing Apr 08 '16 at 14:27
  • 1
    Adding rules *is* possible. This is where the second project ruleset comes in. I have my insights from discussions with the team building the functionality. There's still a lot of stuff that needs to find its final place as the underlying technology progresses. – jessehouwing Apr 08 '16 at 14:28