|By SonarSource – MIT –
Issue Tracker –
SonarQube Scanner for MSBuild 2.0 – Compatible with SonarQube 4.5.4+ (LTS)
The SonarQube Scanner for MSBuild is the recommended way to launch a SonarQube analysis on MSBuild projects and solutions. It is the result of a collaboration between SonarSource and Microsoft.
It is available both as a standalone command line executable and as native Team Foundation Server or Jenkins build steps.
- SonarQube is already installed
- The latest version of the SonarQube C# plugin or SonarQube VB.NET plugin is already installed on your SonarQube instance
- You are able to build your project using MSBuild 14.0+ (recommended). See the Compatibility with Visual Studio and MSBuild section below
- You have read Analyzing Code Source
With the SonarQube C# and Visual Basic .NET plugins
SonarQube Scanner for MSBuild
|SonarQube C# Plugin||4.0||4.1||4.2||4.3+||4.4+||4.5+|
|SonarQube Visual Basic.NET Plugin||N/A||2.4||2.4||2.4+||2.4+||2.4+|
With Visual Studio and MSBuild
Installing Visual Studio on the analysis machines is recommended but not mandatory. Some features such as FxCop and the execution of unit tests with VSTest or MSTest are only available when Visual Studio is installed. If you choose not to install Visual Studio, you will need to install Microsoft Build Tools which includes MSBuild
MSBuild 14.0, included in Visual Studio 2015, is recommended for use with SonarQube Scanner for MSBuild. Projects targeting older versions of the .NET Framework can be built using MSBuild 14.0+ by setting the "
TargetFrameworkVersion" MSBuild property as documented by Microsoft:
You can setup a dedicated SonarQube analysis build using MSBuild 14.0 for your project if you do not wish to change your production build.
Installing the SonarQube Scanner for MSBuild is only required for the command line and Team Foundation Server 2013 and XAML Build usages
In Team Foundation Server 2015, Visual Studio Team Services, and Jenkins, the dedicated build steps for the SonarQube Scanner for MSBuild will automatically provision the required files on the build machine.
- If you do not already have it, install the Microsoft .NET Framework v4.5.2+
- If you do not already have it, install the Java Runtime Environment v7u75+
- Download the latest version of the SonarQube Scanner for MSBuild using the Download link at the very top of this page.
- Right-click on the downloaded .zip file and click on the Unblock button.
- Unzip MSBuild.SonarQube.Runner-[version].zip on to a drive. Example: C:\SonarQube\bin
- Edit C:\SonarQube\bin\SonarQube.Analysis.xml to specify the following parameters:
sonar.passwordif Anonymous does not have Execute Analysis permissions
Optional: Add the directory containing the MSBuild SonarQube Scanner executable to the
%PATH%if you intend to use it from the command line
- Secure the file permissions
- Storing passwords in clear text in unsecured settings files is not recommended
- Restrict access to the C:\SonarQube\bin\SonarQube.Analysis.xml file by setting appropriate file permissions
- Analysis of DNX projects (i.e. project.json) is not currently not supported, refer to - SONARMSBRU-167Getting issue details... STATUS
Analysis of Web Site Solutions is not supported, however analysis of Web Application Solutions is supported.
TODO in separate page