{"id":13284,"date":"2016-03-17T11:47:28","date_gmt":"2016-03-17T11:47:28","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/?p=13284"},"modified":"2020-03-05T06:24:31","modified_gmt":"2020-03-05T14:24:31","slug":"sonarqube-sdk-to-build-plugins-for-roslyn-analyzers-released","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/sonarqube-sdk-to-build-plugins-for-roslyn-analyzers-released\/","title":{"rendered":"SonarQube: SDK to build plugins for Roslyn Analyzers released"},"content":{"rendered":"

Last month we announced<\/a> the pre-release version of the SDK for SonarQube Roslyn Analyzer Plugins<\/em>, the purpose of which is to create a SonarQube<\/em> plugin for a Roslyn analyzer. We are pleased to announce that version 1 of the SDK<\/a> is now available.<\/p>\n

We have made a few small but significant changes for the release version:<\/p>\n

Removed the need for the JDK when generating a plugin<\/h2>\n

Previously, the SDK compiled Java code on the fly which meant the Java Development Kit had to be installed on the machine. Now, the plugin is created by injecting files into a pre-built jar<\/em> file so the JDK is no longer required, making the SDK easier to install and use.<\/p>\n

Added support for NuGet packages that require license acceptance<\/h2>\n

NuGet packages can specify that the user accept the license terms for the package. The SDK checks whether the analyzer package or any of its dependencies require license acceptance and presents a list of any that do, together with links to the licenses:<\/p>\n

\"Package<\/a>
Package requires license acceptance<\/figcaption><\/figure><\/p>\n

Once you have checked the license terms and chosen to accept them you can run the plugin generator again, this time specifying the \/acceptLicenses<\/em> option. The plugin jar will be created, and you will be shown a list of the licenses that have been accepted:<\/p>\n

\"Licenses<\/a>
Licenses accepted – plugin created<\/figcaption><\/figure><\/p>\n

Added basic support for remediation data<\/h2>\n

SonarQube uses the SQALE method to quantify and manage technical debt. One aspect of this is the ability to provide an estimate of the remediation cost for individual rules. By default the generated plugin will only contain rule definitions; it won\u2019t contain any information about the remediation costs. However, it is possible to specify the SQALE information for individual rules in an XML file, and the plugin generator will automatically generate a template XML file for the analyzer being packaged:<\/p>\n

\"SQALE<\/a>
SQALE template generated<\/figcaption><\/figure><\/p>\n

The template file provides placeholders for every rule, and specifies a constant remediation cost for each rule. If you want to provide richer SQALE remediation information, you can copy and manually edit the template file. Once you have updated the file, you can feed it back to the generator using the \/sqale:[filename] option. When you look at the resulting rule definitions in SonarQube, you\u2019ll see the remediation values, and these will be used to calculate the technical debt:<\/p>\n

\"Remediation<\/a>
Remediation information available to SonarQube<\/figcaption><\/figure><\/p>\n

The SonarQube<\/em> documentation<\/a> contains more information on the SQALE method and how it is used in SonarQube<\/em>.<\/p>\n

 <\/p>\n

Next steps<\/h2>\n

If you are a SonarQube<\/em> administrator and there is a Roslyn analyzer package you want to use, check with the package author to see if they have already create a SonarQube<\/em> plugin for it (they might have already provided the SQALE information for their rules). Otherwise, you will be able to use the SDK to create a plugin yourself.<\/p>\n

We\u2019ve tested the SDK against the most-frequently downloaded NuGet analyzer packages and were able to create SonarQube<\/em> plugins for them. There a couple of known issues<\/a>, only one of which is blocking (SFSRAP-32<\/a>: we don\u2019t currently generate plugins for NuGet packages that just aggregate other packages).<\/p>\n

If you discover any issues or have any other feedback, please let us know.<\/p>\n

In other news…<\/h2>\n

In addition to the SDK, we have been working on adding support for a new Connected Mode<\/em> in SonarLint for Visual Studio<\/em> to improve the developer experience when\u00a0using SonarQube<\/em> to manage technical debt. Read Jean-Marc’s post<\/a> about the newly-released SonarLint for Visual Studio 2.0<\/em> for the details.<\/p>\n

For support, look on\u00a0StackOverflow for questions\u00a0tagged with <\/em>sonarqube-msbuild-runner<\/em><\/a><\/p>\n

For bugs, go to the\u00a0<\/em>SonarQube Google Group<\/em><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Last month we announced the pre-release version of the SDK for SonarQube Roslyn Analyzer Plugins, the purpose of which is to create a SonarQube plugin for a Roslyn analyzer. We are pleased to announce that version 1 of the SDK is now available. We have made a few small but significant changes for the release […]<\/p>\n","protected":false},"author":181,"featured_media":45953,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,1,249],"tags":[],"class_list":["post-13284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-community","category-devops","category-open-source"],"acf":[],"blog_post_summary":"

Last month we announced the pre-release version of the SDK for SonarQube Roslyn Analyzer Plugins, the purpose of which is to create a SonarQube plugin for a Roslyn analyzer. We are pleased to announce that version 1 of the SDK is now available. We have made a few small but significant changes for the release […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/13284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/181"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=13284"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/13284\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/45953"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=13284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=13284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=13284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}