How can I create my own C# custom rules for SonarQube?

Question

I\'ve been doing some research on it. What I found is a list of quite nice samples but for other languages here.

I also looked at sonar-dotnet. But

Answer 1

The sonar-custom-rules-examples you pointed at are all written in Java and use parsers written in Java for the various target languages. The sonar-dotnet analyzers for C# and VB.NET are written in C# using the Roslyn framework provided by Microsoft.

If you want to write your own custom rules for C# then writing a Roslyn analyzer is definitely the easiest way to do it (Roslyn replaced FxCop, which is now obsolete). However, there are dozens of free third-party Roslyn analyzers available, so it's possible that someone has already written at least some of the rules you want. Have a look on NuGet to see what's available.

Next, you want issues raised by a Roslyn analyzer to appear in SonarQube. If you are using new-ish versions of SonarQube (v7.4+), the SonarScanner for MSBuild (v4.4+) and the SonarC# plugin (v7.6+), then issues raised by third-party Roslyn analyzers will automatically be imported as generic issues. See the docs for more info.

Generic issues have a couple of significant limitations, just as not being able to select which rules to run in the SonarQube UI. If you want a more full-featured experience (or if you are using an older version of SonarQube), you can use the SonarQube Roslyn SDK to generate a custom SonarQube plugin that wraps the Roslyn analyzer. Using the SDK is straightforward: it's an exe that you run against the Roslyn analyzer, and it generates a SonarQube plugin jar for you.