SonarLint Code Clean-up for MS Visual Studio & Cyclomatic Complexity Explained

Every developer needs to perform code clean-up after the completion of each task or before pushing the code to production. SonarLint is one of the free & open-source tools available to perform such operations. It highlights bugs, code smell & Security Vulnerabilities in the code and suggests automatic review to rectify it.

On the other hand, Visual Studio provides a code metric feature to identify Cyclomatic Complexity in the project. It measures the quality, code maintainability, and complexity of method which are difficult to maintain.

Installing SonarLint in MS Visual Studio

1) Open MS Visual Studio >> in “Extensions” Menu >> Click on “Mange Extensions“

2) It will open “Manage Extension” pop up/ window. Type “sonarlint” in search box and press Enter button.

It will list out SonarLint extension in the result. Click on “Download” button.

3) Wait download to get complete.

4) Once the download completes, it will show a notification at the bottom which says your change has been scheduled and installation will begin once you close Microsoft visual studio window.

5) After closing all Microsoft visual studio window, installer will begin the SonarLint installation.

It will open a “Installer” pop-up/ window, Click on “Modify” button and complete the installation.

Sonarlint official site: https://www.sonarlint.org/visualstudio

Running Code Analysis – Warning & Messages

Next step is to run code analysis and this can be performed on Solution or Project or for a particular page.

Open “Solution Explorer” >> right-click on “Solution” and navigate to “Analyze and Code Cleanup” >> and click on “Run Code Analysis“.

Shortcut key: Alt + F11

Once the code analysis is completed it will show results in the “Error List” window at the bottom. Expand & pin it. Focus on the two tabs “Warnings” and “Messages“. When you double-click on any error item in the “Description” it will show which lines need to be corrected or removed. You can use “Quick Actions” i.e., automatic suggestion (Alt + Enter) which appears on the error line to apply necessary changes.

[1] Warnings: This error count must bring down to zero or less than the minimum count as per the standard set by your organization.

[2] Messages: These are mostly unused items in an application. Count should be zero or less than 20 is preferred.

In reality, all errors cannot be cleared out because there is some system-generated code that cannot be modified and needs an exception approval with reasons from the audit team. Example – code generated by Entity-Framework.

[3] Error Code: Click on the error code to know more details about it. It will redirect to the corresponding error page. Example – https://rules.sonarsource.com/csharp/RSPEC-125

Cyclomatic Complexity

To analysis Cyclomatic complexity go to “Solution Explorer” >> right-click on “Solution” and navigate to “Analyze and Code Cleanup” >> and click on “Calculate Code Metrics“.

The result will be shown project-wise. See the total count of each project in column “Cyclomatic Complexity”. Expand each project and class. Make sure the class count should not exceed more than 10 or 15. If it does then expand further and find which method is complex.

My company suggests a Cyclomatic count less than 15 and in some exceptional cases less than 20 with reason. Technical or business reasons should be mentioned when submitting the report to the Audit Team.

I suggest code clean-up must be performed after the completion of each task. But most of the developers or team don’t get time to perform such operations because of work pressure. This mistake causes a big burden and headache at the time of production deployment because doing refactoring of code at the end might break up existing functionality and it requires one more round of testing. Again pressure on developer, team & management. So better to do such activities at the end of each task.