This action runs the .NET code quality ("CAxxxx") and code style analyzers("IDExxxx") that ship with the .NET SDK.

Inputs to select the set of projects and/or solutions to analyze. By default, the solution at the root of the repo would be analyzed.

Inputs to customize the buckets of analyzers that are executed, either based on category or for all categories. By default, we execute all the latest, minimum recommended analyzers for all categories.

The following table shows the available AnalysisLevel options.

The following table shows the available AnalysisMode options.

1. Enable all CAxxxx and IDExxxx rules for a single solution at repo root, such that code analysis violations break the build.

   - name: Run .NET Code Analysis
     uses: dotnet/code-analysis@v1
     id: code-analysis
     with:
       solution: MySolution.sln
       build-breaking: true
       all-categories: all

2. Enable all 5.0 release CAxxxx security and performance rules, but only the recommended set for other rule categories for MyProject1.csproj and MyProject2.csproj, such that code analysis violations do not break the build.

   - name: Run .NET Code Analysis
     uses: dotnet/code-analysis@v1
     id: code-analysis
     with:
       projects: src\MyProject1.csproj;src\MyProject2.csproj
       build-breaking: false
       security: 5.0-all
       performance: 5.0-all
       all-categories: 5.0-recommended

3. Enable highly-recommended IDExxxx code-style rules, and disable all the remaining rules for a single project, such that code analysis violations break the build.

   - name: Run .NET Code Analysis
     uses: dotnet/code-analysis@v1
     id: code-analysis
     with:
       project: src\MyProject1.csproj
       build-breaking: true
       style: minimum
       all-categories: none

The action produces a JSON format error log file in SARIF format. This file can be uploaded via the github/codeql-action/upload-sarif action.

See action.yml

Run .NET code quality and code style analysis that ship with the .NET SDK.

steps:
- uses: actions/checkout@v2

# Run NuGet restore for each project/solution to analyze
- name: Run NuGet restore
  run: dotnet restore <%path_to_project_or_solution%>

# Run code analysis for all projects/solutions, such that code analysis violations break the build.
- name: Run .NET Code Analysis
  uses: dotnet/code-analysis@v1
  id: code-analysis
  with:
    build-breaking: true

Note: The Microsoft Code Analysis CLI is built with dotnet v3.1.201. A version greater than or equal to v3.1.201 of dotnet must be installed on the runner in order to run this action. GitHub hosted runners already have a compatible version of dotnet installed. To ensure a compatible version of dotnet is installed on a self-hosted runner, please configure the actions/setup-dotnet action.

- uses: actions/setup-dotnet@v1
  with:
    dotnet-version: '3.1.x'

The .NET code analysis action is currently in beta and runs on the windows-latest queue, as well as Windows self hosted agents. ubuntu-latest support coming soon.

Please see the wiki tab for more information and the Frequently Asked Questions (FAQ) page.

Please file a GitHub issue in this repo. To help us investigate the issue, please include a description of the problem, a link to your workflow run (if public), and/or logs from the .NET code analysis action output.

The scripts and documentation in this project are released under the MIT License

Contributions are welcome! See the Contributor's Guide.

This project has adopted the .NET Foundation Code of Conduct.