About .NET source code analysis in Visual Studio with Roslyn analyzers
.NET Compiler Platform (Roslyn) Analyzers inspect your C# or Visual Basic code for style, quality, maintainability, design, and other issues. This inspection or analysis happens during design time in all open files.
Analyzers are divided into the following groups:
Code style analyzers are built into Visual Studio. The analyzer's diagnostic ID, or code format is IDExxxx, for example, IDE0001. You can configure preferences in the text editor options page or in an EditorConfig file. Starting in .NET 5.0, code style analyzers are included with the .NET SDK and can be strictly enforced as build warnings or errors. For more information, see Overview of .NET source code analysis.
Code quality analyzers are now included with the .NET 5 SDK and enabled by default. The analyzer's diagnostic ID, or code format is CAxxxx, for example, CA1822. For more information, see Overview of .NET code quality analysis.
Severity levels of analyzers
Each analyzer has one of the following severity levels:
|Severity (Solution Explorer)
|Severity (EditorConfig file)
|Violations appear as Errors in the Error List and in command-line build output, and cause builds to fail.
|Offending code is underlined with red squiggle and marked by small red box in the scroll bar.
|Violations appear as Warnings in the Error List and in command-line build output, but don't cause builds to fail.
|Offending code is underlined with green squiggle and marked by small green box in the scroll bar.
|Violations appear as Messages in the Error List, and not at all in command-line build output.
|Offending code is underlined with gray squiggle and marked by small gray box in the scroll bar.
|Non-visible to user.
|Non-visible to user. The diagnostic is reported to the IDE diagnostic engine, however.
|Corresponds to the default severity of the rule. To determine what the default value for a rule is, look in the Properties window.
|Corresponds to the default severity of the rule.
If rule violations are found by an analyzer, they're reported in the code editor as a squiggle under the offending code and in the Error List window.
The analyzer violations reported in the error list match the severity level setting of the rule. Analyzer violations also show up in the code editor as squiggles under the offending code. The following image shows three violations—one error (red squiggle), one warning (green squiggle), and one suggestion (three grey dots):
Many analyzer rules, or diagnostics, have one or more associated code fixes that you can apply to correct the rule violation. Code fixes are shown in the light bulb icon menu along with other types of Quick Actions. For information about these code fixes, see Common Quick Actions.
Configure analyzer severity levels
Analyzers can also be configured to inspect code at build time and live as you type. You can configure the scope of live code analysis to execute for the current document only, all open documents, or the entire solution. See How to: Configure the scope of live code analysis.
Build-time errors and warnings from code analyzers are shown only if the analyzers are installed as a NuGet package. The built-in analyzers (for example, IDE0067 and IDE0068) never run during build.
NuGet package versus VSIX extension
You can install external analyzers for every project via a NuGet package. Some are also available as a Visual Studio extension, in which case, they apply to any solution you open in Visual Studio. There are some key behavior differences between these two methods of installing analyzers.
If you install analyzers as a Visual Studio extension, they apply at the solution level and to all instances of Visual Studio. If you install the analyzers as a NuGet package, which is the preferred method, they apply only to the project where the NuGet package was installed. In team environments, analyzers installed as NuGet packages are in scope for all developers that work on that project.
First party analyzers also ship inside the .NET SDK. It is recommended that you enable these analyzers from the .NET SDK instead of installing the
Microsoft.CodeAnalysis.NetAnalyzers NuGet package, when possible. Enabling the analyzers from the .NET SDK ensures that you automatically get the analyzer bug fixes and new analyzers as soon as you update the SDK. See Enable or install first-party .NET analyzers for more details.
To enforce the rules at build time, which includes through the command line or as part of a continuous integration (CI) build, choose one of the following options:
Create a .NET 5.0 or later project which includes analyzers by default in the .NET SDK. Code analysis is enabled, by default, for projects that target .NET 5.0 or later. You can enable code analysis on projects that target earlier .NET versions by setting the EnableNETAnalyzers property to true.
Install analyzers as a NuGet package. Analyzer warnings and errors don't show up in the build report if you install the analyzers as an extension.
The following image shows the command-line build output from building a project that contains an analyzer rule violation:
You can't configure the severity of rules from analyzers that were installed as a Visual Studio extension. To configure rule severity, install the analyzers as a NuGet package.