SonarLint for Visual Studio 2017 - Visual Studio Marketplace

Deprecation announcement:

Beginning March 1, 2022, SonarLint for Visual Studio 2017 will no longer be supported. This means that there will not be any new updates to this version. We encourage users to take advantage of the latest enhancements by updating to SonarLint for Visual Studio 2019 or 2022.

SonarLint: Your first line of defense for quality and secure code

SonarLint helps you detect and fix Bugs, Code Smells, and Security Vulnerabilities in-IDE.

It supports C#, VB.NET, C, C++, JS, and TS. The extension highlights coding flaws on the fly and provides clear guidance to fix issues before code is committed.

What is SonarLint

SonarLint is a Free and Open Source IDE extension that identifies and helps you fix Code Quality and Code Security issues as you code. Analogous to a spell checker, SonarLint squiggles flaws and provides real-time feedback and clear remediation guidance so you can deliver clean code from the get-go.

SonarLint for Visual Studio is more than your average linting tool.

Scans code written in C#, VB.NET, C, C++, Javascript, TypeScript.
Open source JavaScript, TypeScript, C# & VB.NET code analyzers.
C and C++ support for Application, Dynamic Library and Static Library types of MSBuild (.vcxproj) projects
Deep code analysis algorithms using pattern matching and dataflow analysis
Hundreds of language-specific static code analysis rules, and growing
In-context help and remediation guidance with detailed examples

Highlights issues in your code, tells you why they are harmful, and how they should be fixed

SonarLint provides Visual Studio developers a comprehensive in-IDE solution for improving the quality and security of the code they deliver.

Learn More

sonarlint-warnings

Get Started with SonarLint

After you download SonarLint, simply open a project, start coding and SonarLint will start analyzing your issues.

You can also check out the SonarLint documentation here.

sonarlint-installation

Why SonarLint

With unparalleled support for C#, VB.NET, C, C++, JavaScript, and TypeScript, SonarLint performs on-the-fly smart analysis to ensure that the code you deliver is always high quality and secure.

Instant feedback on coding issues

SonarLint provides immediate feedback on Bugs, Code Smells, and Security Vulnerabilities as you code.
Hundreds of language-specific rules with clear guidance

SonarLint provides you with all the information on why the highlighted issue is problematic and how to fix it. With clear remediation guidance and plenty of detailed examples, addressing issues is simple and intuitive.

Check out the language specific rules:

C#	View Rules
VB.NET	View Rules
JavaScript	View Rules
TypeScript	View Rules
C++	View Rules
C	View Rules

Fast and Precise Analysis

High precision analysis means fewer false positives and false negatives, providing consistent, reliable results.
Helps you grow in your development journey

Aside from detecting issues and providing useful cues to fix the issues, the insights provided by SonarLint support better code ownership so that as a developer you will begin to recognize those mistakes and remember to prevent them in the future.

SonarLint for Teams

SonarLint works great as a standalone tool but you can take it to the next level by connecting it with SonarQube or SonarCloud. SonarQube and SonarCloud analyze Pull Requests and branches in your DevOps platform (BitBucket, GitHub, Microsoft Azure, GitLab) and perform non-disruptive code quality and security checks to reliably track your codebase health.

The 'connected mode' configuration ties SonarLint's continuous Code Quality and Code Security analysis from IDE to the entire CI/CD workflow and back again to your IDE.

Common expectations for Code Quality and Code Security

Applied rules and analysis settings from SonarQube/SonarCloud are extended to SonarLint so that teams can coalesce on a shared definition of code health.
More rule coverage

When paired with SonarQube or SonarCloud, you can benefit from additional rules for security vulnerabilities and security hotspots in IDE to identify issues earlier.
Smart notifications for improved quality and delivery

'Connected mode' sends smart alerts to individuals/teams when new issues are discovered. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery.

Connect with our Community

Have questions or need to report issues or provide suggestions? Stay connected with us on the SonarSource Community Forum.

Our strong open source commitment

Since 2007 to present, SonarSource has invested in working closely with our community to provide code quality and security tooling that directly empower developers to deliver better software.

Check out the source code on GitHub or view our issue tracker. If you are interested in contributing, visit our contributing page.

License

Licensed under the GNU Lesser General Public License, Version 3.0