Share via


Overview of source code analysis

Applies to: yesVisual Studio noVisual Studio for Mac

Note

This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

.NET Compiler Platform (Roslyn) Analyzers inspect your C# or Visual Basic code for style, quality, maintainability, design, and other issues. This inspection or analysis happens during design time in all open files.

Analyzers are divided into the following groups:

Severity levels of analyzers

Each analyzer has one of the following severity levels:

Severity (Solution Explorer) Severity (EditorConfig file) Build-time behavior Editor behavior
Error error Violations appear as Errors in the Error List and in command-line build output, and cause builds to fail. Offending code is underlined with red squiggle and marked by small red box in the scroll bar.
Warning warning Violations appear as Warnings in the Error List and in command-line build output, but don't cause builds to fail. Offending code is underlined with green squiggle and marked by small green box in the scroll bar.
Info suggestion Violations appear as Messages in the Error List, and not at all in command-line build output. Offending code is underlined with gray squiggle and marked by small gray box in the scroll bar.
Hidden silent Non-visible to user. Non-visible to user. The diagnostic is reported to the IDE diagnostic engine, however.
None none Suppressed completely. Suppressed completely.
Default default Corresponds to the default severity of the rule. To determine what the default value for a rule is, look in the Properties window. Corresponds to the default severity of the rule.

If rule violations are found by an analyzer, they're reported in the code editor as a squiggle under the offending code and in the Error List window.

Analyzer violation in Error List window

The analyzer violations reported in the error list match the severity level setting of the rule. Analyzer violations also show up in the code editor as squiggles under the offending code. The following image shows three violations—one error (red squiggle), one warning (green squiggle), and one suggestion (three grey dots):

Squiggles in the code editor in Visual Studio

Many analyzer rules, or diagnostics, have one or more associated code fixes that you can apply to correct the rule violation. Code fixes are shown in the light bulb icon menu along with other types of Quick Actions. For information about these code fixes, see Common Quick Actions.

Analyzer violation and Quick Action code fix

Configure analyzer severity levels

You can configure the severity of analyzer rules, or diagnostics, in an EditorConfig file or from the light bulb menu.

Analyzers can also be configured to inspect code at build time and live as you type. You can configure the scope of live code analysis to execute for the current document only, all open documents, or the entire solution. See How to: Configure the scope of live code analysis.

Tip

Build-time errors and warnings from code analyzers are shown only if the analyzers are installed as a NuGet package. The built-in analyzers (for example, IDE0067 and IDE0068) never run during build.

NuGet package versus VSIX extension

You can install external analyzers for every project via a NuGet package. Some are also available as a Visual Studio extension, in which case, they apply to any solution you open in Visual Studio. There are some key behavior differences between these two methods of installing analyzers.

Scope

If you install analyzers as a Visual Studio extension, they apply at the solution level and to all instances of Visual Studio. If you install the analyzers as a NuGet package, which is the preferred method, they apply only to the project where the NuGet package was installed. In team environments, analyzers installed as NuGet packages are in scope for all developers that work on that project.

Note

First party analyzers also ship inside the .NET SDK. It is recommended that you enable these analyzers from the .NET SDK instead of installing the Microsoft.CodeAnalysis.NetAnalyzers NuGet package, when possible. Enabling the analyzers from the .NET SDK ensures that you automatically get the analyzer bug fixes and new analyzers as soon as you update the SDK. See Enable or install first-party .NET analyzers for more details.

Build errors

To enforce the rules at build time, which includes through the command line or as part of a continuous integration (CI) build, choose one of the following options:

  • Create a .NET 5.0 or later project which includes analyzers by default in the .NET SDK. Code analysis is enabled, by default, for projects that target .NET 5.0 or later. You can enable code analysis on projects that target earlier .NET versions by setting the EnableNETAnalyzers property to true.

  • Install analyzers as a NuGet package. Analyzer warnings and errors don't show up in the build report if you install the analyzers as an extension.

The following image shows the command-line build output from building a project that contains an analyzer rule violation:

MSBuild output with rule violation

Rule severity

You can't configure the severity of rules from analyzers that were installed as a Visual Studio extension. To configure rule severity, install the analyzers as a NuGet package.

Next steps

See also