Documentation

EF Core Query Analyzer for CI

Use LinqContraband as an EF Core query analyzer in CI so pull requests can catch N+1 queries, raw SQL risks, missing includes, and tracking mistakes before merge.

EF Core Query Analyzer for CI

LinqContraband is an EF Core query analyzer for CI pipelines, pull requests, and local builds. It ships as a NuGet analyzer package, so ordinary dotnet build output can surface risky LINQ and Entity Framework Core query patterns before they merge.

For the review questions that this CI gate can automate, use the EF Core query performance checklist.

Install the official NuGet package in the project that contains your EF Core code:

dotnet add package LinqContraband

Why Run EF Core Analysis in CI

EF Core query mistakes often depend on production-sized data: N+1 loops, unbounded materialization, missing includes, raw SQL interpolation, and tracking-mode surprises may not appear in small test databases. A compile-time analyzer gives reviewers the same signal on every pull request, without adding a runtime dependency to the application.

Use the CI gate to make the most dangerous diagnostics visible first, then raise selected rules to errors once the team has triaged existing warnings.

Minimal GitHub Actions Check

Run the analyzer through the normal .NET build step. Match the SDK version to your application:

name: ef-core-query-analysis

on:
  pull_request:

jobs:
  query-analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-dotnet@v4
        with:
          dotnet-version: '10.0.x'
      - run: dotnet restore
      - run: dotnet build --configuration Release --no-restore

No custom runner, service container, or database connection is required for LinqContraband diagnostics. The analyzer reviews C# source during compilation.

Make Selected Rules Block Pull Requests

Control diagnostic severity with .editorconfig. Start by promoting high-confidence security and query-cost rules:

[*.cs]

# Repeated database calls and missing includes
dotnet_diagnostic.LC007.severity = error
dotnet_diagnostic.LC045.severity = warning

# Raw SQL and filter bypass risks
dotnet_diagnostic.LC018.severity = error
dotnet_diagnostic.LC034.severity = error
dotnet_diagnostic.LC037.severity = error
dotnet_diagnostic.LC021.severity = warning

This keeps CI focused: dangerous raw SQL construction can fail a build immediately, while broader reliability guidance can remain a warning until the team agrees on the policy.

Rules Worth Surfacing Early

Rule CI value
LC007: database execution inside loop Catches N+1 patterns that small test datasets hide.
LC045: missing include Flags navigation access after materialization when the query did not include the navigation.
LC018: interpolated FromSqlRaw and SqlQueryRaw Blocks SQL injection-prone raw query strings.
LC034: interpolated ExecuteSqlRaw Blocks SQL injection-prone raw command strings.
LC037: constructed raw SQL strings Finds SQL strings built before they reach a raw EF Core API.
LC021: IgnoreQueryFilters Makes tenant, soft-delete, and security-filter bypasses auditable in review.

CI Rollout Pattern

  1. Add LinqContraband and run CI with default severities.
  2. Fix obvious high-confidence warnings in touched code.
  3. Promote a small rule set to error in .editorconfig.
  4. Use narrow pragmas or SuppressMessage only for reviewed exceptions with a concrete justification.
  5. Expand the enforced rule set once the warning backlog is under control.

For deeper rule detail, browse the full rule catalog, the EF Core N+1 query detector guide, the EF Core CancellationToken analyzer guide, the EF Core projection analyzer guide, and the EF Core raw SQL injection analyzer guide.