I currently use the Managed Binary Analysis and it looks like the nuget adds the same rules (maybe less).
I also use this SonarQube plugin: https://github.com/SonarQubeCommunity/sonar-fxcop.
What is the nuget for exactly?
FxCop provides a tool to help developers to follow their company's coding standards. FxCop does code analysis to check whether the new code is compliant with the coding standards and naming conventions followed by the company. FxCop will ensure that the specified rules are used in the source code.
To open this page, right-click the project node in Solution Explorer and select Properties. Select the Code Analysis tab. To disable source analysis at build time, uncheck the Run on build option. To disable live source analysis, uncheck the Run on live analysis option.
You can also disable importing external Roslyn issues in your SonarCloud project settings under General Settings / External Analyzers / C# section / Ignore issues from external Roslyn analyzers .
I know this question is very old, but I recently had the same question and would like to provide my findings.
The .NET Compiler Platform ("Roslyn") analyzers offer the following advantages over the legacy FxCop static analysis of managed assemblies:
The Roslyn analyzers are available either as a NuGet package or a Visual Studio extension. I strongly recommend the NuGet package. It supports configuring the severity of each rule and failing the build if analyzers are set to severity "error". And of course it doesn't require each developer to install it manually.
Source and more information Overview of .NET Compiler Platform analyzers
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With