Versions Compared

Version Old Version 1 New Version 2
Changes made by

Moses Kim

Moses Kim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

SQ Official Doc Link: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+MSBuild



By SonarSource – MIT – Issue Tracker  Sources

SonarQube Scanner for MSBuild 4.0.0.821
Compatible with SonarQube 6.7+ (LTS) 

Download


Panel
borderColor#C3CCD7
bgColor#FCFCFC

Table of Contents

Table of Contents
maxLevel3
indent16px

Features


기능

The SonarQube Scanner for MSBuild is the recommended way to launch a SonarQube analysis on MSBuild projects and solutions. It is the result of a collaboration between SonarSource and Microsoft

It is available as a standalone command line executable and as build steps for VSTS-TFS and Jenkins.

Installation

  • Make sure the .NET Framework v4.6+ is installed
  • Make sure the Java Runtime Environment 8 is installed
  • Download the latest version of the SonarQube Scanner for MSBuild (using the link at the top of the page)
  • Unblock the zip file (Right-click on file -> Properties -> Unblock)
    • Unzip 

    SonarQube Scanner for MSBuild는 SonarSource와 Microsoft 가 협업을 통해 개발 및 제공하며, MSBuild 프로젝트 및 솔루션을 SonarQube로 분석하기 위해 권장합니다.

    커맨드라인 명령어를 통해 사용 가능하며, VSTS-TFS 및 Jenkins의 빌드 스텝으로 활용할 수 있습니다.

    설치

    1. .NET Framewaor v4.6+ 를 설치합니다.
    2. Java Runtime Environment 8을 설치합니다.
    3. 최신 버전의 SonarQube Scanner for MSBuild 를 다운로드 합니다(이 페이지 상단의 링크를 참조하십시오).
    4. zip 파일의 블럭을 해제합니다(마우스 우 클릭 file > Properties > Unblock).
    5. sonar-scanner-msbuild-[version].zip
     on to a drive. Example: 
    1.  파일의 압축을 풉니다. (예: C:\SonarQube\bin)
    Edit 
    1. C:\SonarQube\bin\SonarQube.Analysis.xml
     to specify the following parameters
    1.   파일의 다음 파라미터를 입력합니다:

      1. sonar.host.url -

    URL to your SonarQube serverRestrict access to 

      1. 사용할 SonarQube 서버의 URL

      2. sonar.login - 
    Analysis token of a user with Execute Analysis permissions. Required only if Anonymous does not have them
      1. Execute Analysis 권한을 가진 사용자의 Analysis 값을 입력합니다. Anonymous 계정이 해당 권한을 가지고 있지 않은 경우 이 값을 입력해야 합니다
    2. SonarQube.Analysis.xml
     by setting appropriate file permissions
  • Add the executable's directory to the %PATH% environment variable

    • Use

    From the root folder of the project you want to analyze, execute the following commands:

    1.  파일에 대한 접근권한을 적절하게 설정해, 불필요한 수정을 방지합니다.
    2. %PATH% 환경 변수에 실행 파일이 위치한 디렉토리를 추가합니다.

    사용

    1. 분석하고자 하는 프로젝트의 루트 폴더에서 다음 명령어를 실행합니다:

      Code Block
      SonarQube.Scanner.MSBuild.exe
    begin 
    1.  begin /k:"org.sonarqube:sonarqube-scanner-msbuild" /n:"Project Name" /v:"1.0"
    1. 
MSBuild.
    exe 
    1. exe /t:Rebuild
    1. 
SonarQube.Scanner.MSBuild.exe
    endSee Additional Analysis Parameters if you need to specify additional Analysis Parameters
    If you need to pass analysis credentials (preferably a User Token) on the command line, they should be passed as /d: parameters. E.G.
    1.  end

      분석을 위해 추가 파라미터를 설정해야할 경우 추가 파라미터 페이지를 참조하십시오.
      커맨드 라인에서 분석 인증 정보(사용자 토큰)를 전달해야 하는 경우, /d: 옵션을 사용하십시오(예: /d:sonar.login=[my token value

    ]

     

  • Follow the link provided at the end of the analysis to browse your project's quality in the SonarQube UI.

    • Note

    The Scanner for MSBuild hooks into the MSBuild pipeline, and will modify the properties listed below:

  • All existing code analyzers in the projects are removed to prevent duplicate issues from being reported.
  • The SonarC# and SonarVB analyzers are added, and the CodeAnalysisRuleSet is updated to match the SonarQube quality profile.
    • WarningsAsErrors is turned off to avoid breaking the build before the reported issues are submitted to SonarQube

    1. )

    2. 분석 종료 후 터미널에 표시되는 SonarQube UI Url을 브라우저에 입력하여 결과 페이지로 합니다.

    기타

    MSBuild 용 스캐너를 MSBuild 파이프라인의 일부로 구성할 수 있습니다. 이 경우 다음의 속성들이 변경됩니다:

    • 프로젝트의 기존 코드 분석기들을 모두 제거하여, 이슈를 중복 식별하는 것을 방지합니다.
    • SonarC# 및 SonarVB 분석기가 추가되며, CodeAnalysisRuleSet이 SonarQube의 quality profile에 맞추어 업데이트 됩니다.
    • SonarQube에 분석 보고서가 전송되기 전에 빌드가 깨지지 않도록 WarningAsError 기능이 비활성화 됩니다.

    If your build process cannot tolerate these changes, we recommend creating a second job for SonarQube analysis.


    Also,

    • Project build is required between the begin and end commands. /t:Rebuild is used above as an example.
    • Sensitive properties such as "sonar.login" and "sonar.password" are not persisted on disk for security reasons. If you wish to pass them as command line arguments, you will have to so for both the "begin" and "end" steps.
    • If you are not already using MSBuild 14.0+, please refer to the Compatibility with Visual Studio and MSBuild notes.

    Project Samples

    To help you get started, simple project samples are available for most languages on github. They can be browsed or downloaded. You'll find them filed under projects/languages.

     

    Known Limitations

    • Analysis of Web Site Solutions is not supported, however analysis of Web Application Solutions is supported.

    Troubleshooting

    The End Step executable was not found

    If you need to run multiple analyses in rapid succession, pass /nodereuse:false to msbuild.Otherwise you may see the following error when the DLLs required by a new analysis are still locked by a previous analysis:


    The End Step executable was not found 'D:\***\.sonarqube\bin\MSBuild.SonarQube.Internal.PostProcess.exe'. Please check that the begin step, the build step and the end step are all executed in the same directory.


    End of Central Directory record could not be found

    This error is caused by an out-of-date build task. Download and install the latest version.

    Going Further  

    Child pages (Children Display)