Integrating with SonarScanner

ABOUT

Once the SonarQube platform has been installed, you're ready to install a scanner and begin creating projects.

To do that, you must install and configure the scanner that is most appropriate for your needs. There are different flavors of SonarScanner for different development environments:

.NET - SonarScanner for .NET

Gradle - SonarScanner for Gradle

There is also a generic SonarScanner for all other development environment

Every SonarQube scanning and reporting follows the 3 steps :

Begin: the begin step is executed when you add the begin command line argument. It hooks into the build pipeline, downloads SonarQube quality profiles and settings and prepares your project for the analysis.

For detailed information about all available parameters, see Analysis Parameters.

Build: between the begin and end steps, you need to build your project, execute tests and generate code coverage data. This part is specific to your needs, and it is not detailed here.

End: the end step is executed when you add the "end" command line argument. It cleans the MSBuild/.NET build hooks, collects the analysis data generated by the build, the test results, the code coverage and then uploads everything to SonarQube server

Local SonarQube server

If you want to have the results of your scan sent to a local hosted server, 

Windows

Firstly, select "Community Edition" from SonarQube and click download.

Select "Extract All" from the menu and then click "Extract" .

To run sonar scanner on specific project (eg .NET), copy the extracted directory into the same directory as your .sln file

To run SonarQube manually, run the StartSonar.bat file

When the server is running, open it in browser at http://localhost:9000

The default username and password are "admin"

You have to change the default password after log in.

Now when you go through the Begin, Scan and End phases of SonarQube the results will be sent to this local SonarQube server

SonarScanner for .NET

SonarScanner for .NET is distributed as a standalone command line executable that supports .NET Core on every platform (Windows, macOS, Linux). The properties for the scan will be predefined in sonar-project.properties file

Prerequisites

At least the minimal version of Java supported by your SonarQube server: Java version 11+

The SDK corresponding to your build system:

.NET Framework v4.6 - either Build Tools for Visual Studio 2015 Update 3 or the Build Tools for Visual Studio 2017

.NET Core SDK 2.0 and above (for .NET Core version of the scanner or if you plan to use .NET Core Global Tool

Compatibility

Installation (Begin step)

Standalone executable

Expand the downloaded file into the directory of your choice. We'll refer to it as $install_directory in the next steps.

Add $install_directory to your PATH environment variable.

.NET Core Global Tool

*command : dotnet tool install --global dotnet-sonarscanner *

Build and End step

Invocation command of the SonarScanner for .NET will depend on the scanner flavor:

There are two versions of the SonarScanner for .NET. In the following commands, you need to pass an authentication token using the sonar.login property.

"Classic" .NET Framework Usage

This version is based on the "classic" .NET Framework. To use it, execute the following commands from the root folder of your project:

SonarScanner.MSBuild.exe begin /k:"project-key" /d:sonar.login="

"MSBuild.exe /t:Rebuild

SonarScanner.MSBuild.exe end /d:sonar.login=""

.NET Core and .NET Core Global Tool Invocation

dotnet tool install --global dotnet-sonarscanner

dotnet sonarscanner begin /k:"project-key" /d:sonar.login=""

dotnet build

dotnet sonarscanner end /d:sonar.login=""

Sample projects

To help you get started, simple project samples are available for most languages on GitHub. They can be browsed or downloaded. You'll find them filed under sonarqube-scanner/src.