SonarSource has implemented multiple generic Roslyn static code analysis rules both for C# and Visual Basic. These rules allow you to produce safe, reliable and maintainable code by helping you find and correct bugs, vulnerabilities and code smells in your codebase. It is strongly advised to enable these rules on all your projects.
See: https://github.com/SonarSource/sonar-dotnet
For C# projects:
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup Label="Analyzers">
<PackageReference Include="SonarAnalyzer.CSharp" Version="*" PrivateAssets="all" IncludeAssets="runtime; build; native; contentfiles; analyzers; buildtransitive" />
</ItemGroup>
</Project>
For VB.NET projects:
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup Label="Analyzers">
<PackageReference Include="SonarAnalyzer.VisualBasic" Version="* PrivateAssets="all" IncludeAssets="runtime; build; native; contentfiles; analyzers; buildtransitive" />
</ItemGroup>
</Project>