Overview of .NET Compiler Platform code analyzers
.NET Compiler Platform ("Roslyn") analyzers analyze your code for style, quality and maintainability, design, and other issues. Visual Studio includes a built-in set of analyzers that analyze your C# or Visual Basic code as you type. You configure preferences for these built-in analyzers on the text editor Options page or in an .editorconfig file. You can install additional analyzers as a Visual Studio extension or a NuGet package.
If rule violations are found by an analyzer, they are reported in the code editor (as a squiggle under the offending code) and in the Error List window.
Many analyzer rules, or diagnostics, have one or more associated code fixes that you can apply to correct the problem. The analyzer diagnostics that are built into Visual Studio each have an associated code fix. Code fixes are shown in the light bulb icon menu along with other types of Quick Actions. For information about these code fixes, see Common Quick Actions.
.NET Compiler Platform-based analysis versus legacy analysis
.NET Compiler Platform ("Roslyn") code analysis will eventually replace legacy analysis for managed code. Many of the legacy analysis rules have already been rewritten as .NET Compiler Platform-based code analyzers.
Like legacy analysis rule violations, .NET Compiler Platform-based code analysis violations appear in the Error List window in Visual Studio. In addition, .NET Compiler Platform-based code analysis violations also show up in the code editor as squiggles under the offending code. The color of the squiggle depends on the severity setting of the rule. The following screenshot shows three violations—one red, one green, and one gray:
.NET Compiler Platform-based code analyzers analyze code at build time, like legacy analysis if it's enabled, but also live as you type. If you enable full solution analysis, code analyzers also provide design-time analysis of code files that aren't open in the editor.
Build-time errors and warnings from code analyzers are shown only if the analyzers are installed as a NuGet package.
Not only do .NET Compiler Platform-based code analyzers report the same types of problems that legacy analysis does, but they make it easy for you to fix one, or all, occurrences of the violation in your file or project. These actions are called code fixes. Code fixes are IDE-specific; in Visual Studio, they are implemented as Quick Actions. Not all analyzer diagnostics have an associated code fix.
The following UI options apply only to legacy analysis:
- The Analyze > Run Code Analysis menu option.
- The Enable Code Analysis on Build and Suppress results from generated code checkboxes on the Code Analysis tab of a project's property pages.
To differentiate between violations from code analyzers and legacy analysis in the Error List window, look at the Tool column. If the Tool value matches one of the analyzer assemblies in Solution Explorer, for example Microsoft.CodeQuality.Analyzers, the violation comes from a code analyzer. Otherwise, the violation originates from legacy analysis.
The RunCodeAnalysis msbuild property in a project file applies only to legacy analysis. If you install analyzers, set RunCodeAnalysis to false in your project file to prevent legacy analysis from running after build.
NuGet package versus VSIX extension
.NET Compiler Platform analyzers can be installed per-project via a NuGet package, or Visual Studio-wide as a Visual Studio extension. There are some key behavior differences between these two methods of installing analyzers.
If you install analyzers as a Visual Studio extension, they apply at the solution level, to all instances of Visual Studio. If you install the analyzers as a NuGet package, which is the preferred method, they apply only to the project where the NuGet package was installed. In team environments, analyzers installed as NuGet packages are in scope for all developers that work on that project.
To have rules enforced at build time, including through the command line or as part of a continuous integration (CI) build, install the analyzers as a NuGet package. Analyzer warnings and errors don't show up in the build report if you install the analyzers as an extension.
The following screenshot shows the command-line build output from building a project that contains an analyzer rule violation:
You cannot set the severity of rules from analyzers that were installed as a Visual Studio extension. To configure rule severity, install the analyzers as a NuGet package.
Below are the different types of analyzers that help analyze your code:
- Microsoft's recommended analyzers: FxCop Analyzers
- Visual Studio IDE analyzers: EditorConfig
- Third party analyzers: StyleCop, Roslynator, XUnit Analyzers, Sonar Analyzer