[sonar-dev] Analyzing library dependencies for .Net / NuGet projects
We are analyzing several Projects in Sonar -> Java and also .Net
For Java / Maven Projects its no Problem to see the Library
dependencies -> Which component uses which Library. There is even
a dependency browser built-in in the Sonar core.
For .Net Projects we use NuGet for the dependency Management. In
Sonar its not possible to see which Component uses which Library
with the specific version for .Net / NuGet Projects. Now we want to
know which Library is used in which Component and vice versa. And
that's why I'm writing a plugin that shows me the the NuGet
There are two possibilities:
1. Solution: The easy way
I write a Plugin that parses the "repositories.config" and the
appropriate "packages.config" Files, persists this information into
the database and then show them in a widget.
2. Solution: The elegant way
I write a plugin which reads the NuGet information from the
"repositories.config" and the appropriate "packages.config" files
and perstist this information the same way like the maven
information is perstisted too in the database. Then also the
built-in dependency browser would find the NuGet dependencies.
A question for Solution 1:
What would be the best way to persist the dependency information? A
String Measure for each project with a JSON containing the
A question for Solution 2: (And this is my main question
Do you know how / where this data is persisted in the Sonar database
for maven projects? It would take me a lot of time trying to
reenigneer the whole sonar source code. Maybe someone has an idea
how i can find this information faster or maybe you have even other
ideas to solve my problem.
The goal would also be to share this plugin to the community.