SQ Official Doc Link: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+MSBuild
By SonarSource – MIT – Issue Tracker – Sources SonarQube Scanner for MSBuild 4.0.0.821 |
Table of Contents
Features
The SonarQube Scanner for MSBuild is the recommended way to launch a SonarQube analysis on MSBuild projects and solutions. It is the result of a collaboration between SonarSource and Microsoft.
It is available as a standalone command line executable and as build steps for VSTS-TFS and Jenkins.
Installation
- Make sure the .NET Framework v4.6+ is installed
- Make sure the Java Runtime Environment 8 is installed
- Download the latest version of the SonarQube Scanner for MSBuild (using the link at the top of the page)
- Unblock the zip file (Right-click on file -> Properties -> Unblock)
- Unzip sonar-scanner-msbuild-[version].zip on to a drive. Example: C:\SonarQube\bin
- Edit C:\SonarQube\bin\SonarQube.Analysis.xml to specify the following parameters:
sonar.host.url
- URL to your SonarQube serversonar.login
- Analysis token of a user with Execute Analysis permissions. Required only if Anonymous does not have them
- Restrict access to SonarQube.Analysis.xml by setting appropriate file permissions
- Add the executable's directory to the %PATH% environment variable
Use
From the root folder of the project you want to analyze, execute the following commands:
SonarQube.Scanner.MSBuild.exe begin
/k
:
"org.sonarqube:sonarqube-scanner-msbuild"
/n
:
"Project Name"
/v
:
"1.0"
MSBuild.exe
/t
:Rebuild
SonarQube.Scanner.MSBuild.exe end
See Additional Analysis Parameters if you need to specify additional Analysis Parameters.
If you need to pass analysis credentials (preferably a User Token) on the command line, they should be passed as/d:
parameters. E.G./d:sonar.login=[my token value]
- Follow the link provided at the end of the analysis to browse your project's quality in the SonarQube UI.
Note
The Scanner for MSBuild hooks into the MSBuild pipeline, and will modify the properties listed below:
- All existing code analyzers in the projects are removed to prevent duplicate issues from being reported.
- The SonarC# and SonarVB analyzers are added, and the
CodeAnalysisRuleSet
is updated to match the SonarQube quality profile. WarningsAsErrors
is turned off to avoid breaking the build before the reported issues are submitted to SonarQube.
If your build process cannot tolerate these changes, we recommend creating a second job for SonarQube analysis.
Also,
- Project build is required between the
begin
andend
commands./t:Rebuild
is used above as an example. - Sensitive properties such as "
sonar.login
" and "sonar.password
" are not persisted on disk for security reasons. If you wish to pass them as command line arguments, you will have to so for both the "begin
" and "end
" steps. - If you are not already using MSBuild 14.0+, please refer to the Compatibility with Visual Studio and MSBuild notes.
Project Samples
To help you get started, simple project samples are available for most languages on github. They can be browsed or downloaded. You'll find them filed under projects/languages.
Known Limitations
Analysis of Web Site Solutions is not supported, however analysis of Web Application Solutions is supported.
Troubleshooting
The End Step executable was not found
If you need to run multiple analyses in rapid succession, pass /nodereuse:false
to msbuild.
Otherwise you may see the following error when the DLLs required by a new analysis are still locked by a previous analysis:
The End Step executable was not found 'D:\***\.sonarqube\bin\MSBuild.SonarQube.Internal.PostProcess.exe' . Please check that the begin step, the build step and the end step are all executed in the same directory. |
End of Central Directory record could not be found
This error is caused by an out-of-date build task. Download and install the latest version.
Add Comment