Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

By SonarSource – MIT – Issue TrackerSources
SonarQube Scanner for MSBuild 2.0 – Compatible with SonarQube 4.5.4+ (LTS)

Table of Contents


The SonarQube Scanner for MSBuild is the recommended way to launch a SonarQube analysis on MSBuild projects and solutions. It is the result of a collaboration between SonarSource and Microsoft

It is available both as a standalone command line executable and as native Team Foundation Server or Jenkins build steps.



With the SonarQube C# and Visual Basic .NET plugins

SonarQube Scanner for MSBuild
SonarQube C# Plugin4.
SonarQube Visual Basic.NET PluginN/A2.42.42.4+2.4+2.4+

With Visual Studio and MSBuild

Installing Visual Studio on the analysis machines is recommended but not mandatory. Some features such as FxCop and the execution of unit tests with VSTest or MSTest are only available when Visual Studio is installed. If you choose not to install Visual Studio, you will need to install Microsoft Build Tools which includes MSBuild 

MSBuild 14.0, included in Visual Studio 2015, is recommended for use with SonarQube Scanner for MSBuild. Projects targeting older versions of the .NET Framework can be built using MSBuild 14.0+ by setting the "TargetFrameworkVersion" MSBuild property as documented by Microsoft:

You can setup a dedicated SonarQube analysis build using MSBuild 14.0 for your project if you do not wish to change your production build.



Installing the SonarQube Scanner for MSBuild is only required for the command line and Team Foundation Server 2013 and XAML Build usages

In Team Foundation Server 2015, Visual Studio Team Services, and Jenkins, the dedicated SonarQube Scanner for MSBuild build steps will automatically provision the required files on the build machine.

  1. If you do not already have it, install the Microsoft .NET Framework v4.5.2+
  2. If you do not already have it, install the Java Runtime Environment v7u75+
  3. Download the latest version of the SonarQube Scanner for MSBuild using the Download link at the very top of this page.
  4. Right-click on the downloaded .zip file and click on the Unblock button.
  5. Unzip MSBuild.SonarQube.Runner-[version].zip on to a drive. Example: C:\SonarQube\bin
  6. Edit C:\SonarQube\bin\SonarQube.Analysis.xml to specify the following parameters:

    2. sonar.login and sonar.password if Anonymous does not have Execute Analysis permissions
  7. Optional: Add the directory containing the MSBuild SonarQube Scanner executable to the %PATH% if you intend to use it from the command line

  8. Secure the file permissions
    • Storing passwords in clear text in unsecured settings files is not recommended
    • Restrict access to the C:\SonarQube\bin\SonarQube.Analysis.xml file by setting appropriate file permissions


Known Limitations

  • Analysis of BizTalk and SharePoint projects is currently not supported, refer to  SONARMSBRU-196 - Getting issue details... STATUS

  • Analysis of DNX projects (i.e. project.json) is not currently not supported, refer to  SONARMSBRU-167 - Getting issue details... STATUS
  • Analysis of Web Site Solutions is not supported, however analysis of Web Application Solutions is supported.


Advanced Usage

TODO in separate page

  • No labels