There is static analysis for C# and VB built into VS2017 that provides rule-based static analysis similar to SonarQube. Microsoft provides standard rule sets, and custom ones can also be used. Since it is integrated to VS, developers can see the analysis in the editor and correct issues before committing them. It can also run in the CI pipeline. There is no additional cost for this feature.

You can install the analyzer as VSIX Extension to just have the checks run in Visual Studio, or if you install the NuGet package into a project the checks will run in a CI build. If you use the NuGet GUI in VS, you can install it to multiple projects at once. From the Package Manager Console, install as follows (This is the Rosyln analyzer, even though says FxCop):

Install-Package Microsoft.CodeAnalysis.FxCopAnalyzers

Inside VS, the analysis will show up as warnings and errors. You can turn on Category and Tool to help differentiate them.

image.png

You can control severity and suppression of rules with an XML file, if installed as a NuGet package. Details about rule sets are here .

References