[sonar-dev] Analyzing library dependencies for .Net / NuGet projects

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[sonar-dev] Analyzing library dependencies for .Net / NuGet projects

Cedric von Allmen
Hi all

We are analyzing several Projects in Sonar -> Java and also .Net Projects.

For Java / Maven Projects its no Problem to see the Library dependencies -> Which component uses which Library. There is even a dependency browser built-in in the Sonar core.

For .Net Projects we use NuGet for the dependency Management. In Sonar its not possible to see which Component uses which Library with the specific version for .Net / NuGet Projects. Now we want to know which Library is used in which Component and vice versa. And that's why I'm writing a plugin that shows me the the NuGet dependencies.

There are two possibilities:

1. Solution: The easy way
I write a Plugin that parses the "repositories.config" and the appropriate "packages.config" Files, persists this information into the database and then show them in a widget.

2. Solution: The elegant way
I write a plugin which reads the NuGet information from the "repositories.config"  and the appropriate "packages.config" files and perstist this information the same way like the maven information is perstisted too in the database. Then also the built-in dependency browser would find the NuGet dependencies.


A question for Solution 1:
What would be the best way to persist the dependency information? A String Measure for each project with a JSON containing the dependency information?

A question for Solution 2: (And this is my main question here)
Do you know how / where this data is persisted in the Sonar database for maven projects? It would take me a lot of time trying to reenigneer the whole sonar source code. Maybe someone has an idea how i can find this information faster or maybe you have even other ideas to solve my problem.

The goal would also be to share this plugin to the community.

Thank you!