Question Static Code Analysis tools that work well with unity

Hey!

I'm currently looking into static code analyzers and how to best apply/use them in conjunction with unity. We would like to integrate them into our CI pipeline too.

I see SonarQube popping up again and again but I feel like it might not be the best solution. My main concern here is the issue with them not recognizing Unitys callbacks like Update etc. From what I've read it seems like they simply ignore all private methods in classes deriving UnityEngine.Object.

I feel like this renders it virtually useless, if potentially large parts of the project won't even be analyzed. I'm also a bit concerned about their pricing, which seems to be by line of code. How does this check out with ThirdParty-Plugins, code shared between projects, meta files etc?

I also somehow question the necessity of static code analysis in general, since all our developers are using either rider or the resharper plugin for visual studio, which provides code analysis inside of the IDE anyways.
Is it still useful to have another tool, that does practically the same?

On that note: Both, rider + resharper, work contextually well with unity. Having a static analyser that doesn't would feel useless to me. So if I could use their reports that might be the best case scenario.

My general question would be: What experience do you have with static code analysis in the unity context and which tools are you using? How do you integrate these into your CI pipelines?

 

Hi,

you can try PVS-Studio static analyzer for C#. Although a general-purpose static analyzer for C# language, PVS-Studio is currently implementing the support for specific Unity types and APIs. It also can be used for free for non-enterprise users.

If you are interested in Rider integration, there is also currently a beta test running.

To answer your question regarding the defaulr Resharper\Rider static analyzers - as I always say - the more the better - if you can afford an additional static analysis tool, it will always find something new, as there are no any two tools that are 100% identical. Subjectively, you can use PVS-Studio for a deeper interprocedural analysis, detection of potential misprints, etc. It will also provide more ways (than default Rider\Resharper solution) for CI\CD integration, and it also even integrates with SonarQube itself. Though, I must admit, that I am affiliated with PVS-Studio, so you should take everything I say with a grain of salt )

 

KHagen95, what was your choice at the end?
I'm DevOps guy and SonarCloud was my default service for a few years, but there is some issues with Unity - I couldn't run the scan...