Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »


Table of Contents

Features

The new structure of Team Foundation Build gives us a great opportunity to integrate better with your build and release processes in Visual Studio Team Services (VSTS) (formerly VSO) and Team Foundation Server (TFS) on-premises. We have created a public extension you can install into your VSTS account or a TFS 2015 server. The extension contains the following build steps:

For C# and VB.NET projects, including mixed languages (C# and VB.Net, C# and Javascript...)

  • SonarQube Scanner for MSBuild - Begin Analysis
  • SonarQube Scanner for MSBuild - End Analysis

All other languages

  • SonarQube Scanner CLI

The source of the extension is available in the GitHub SonarQube Scanner for MSBuild repository.

Compatibility

The SonarQube Extension for VSTS/TFS is compatible with TFS 2015 Update 3 and VSTS. It requires SonarQube version 5.6+ (LTS).

Prerequisites

  • A SonarQube server (it can be https://sonarqube.com too)
  • An agent with:
    • .NET Framework v4.5.2+
    • Java Runtime Environment (JRE) v7u75+

Installation

You can simply install the extension from the marketplace and follow the instructions below.

 

Analyzing

Analyzing with SonarQube Scanner for MSBuild

Use the two SonarQube Scanner for MSBuild tasks to analyze C# or VB.Net projects.

Configure

  1. Open the Build Definitions page in your Visual Studio Team Services Control Panel
    Click the Build & Release button on the top bar and then the Builds menu.



  2. Edit an existing Build Definition or create a new one and then click the Add build step... button.


  3. Under the Build category, find and add the SonarQube Scanner for MSBuild - Begin Analysis and the SonarQube Scanner for MSBuild - End Analysis tasks


  4. Reorder the tasks to respect the following order:
    • SonarQube Scanner for MSBuild - Begin Analysis task before any MSBuild or Visual Studio Build task.
    • SonarQube Scanner for MSBuild - End Analysis task after the Visual Studio Test task.



  5. Click on the SonarQube Scanner for MSBuild - Begin Analysis build step to open its configuration dialog.


    1. SonarQube Server section allows you to define the endpoint (i.e. SonarQube Server instance) to use.


      You can either:
      • select an existing endpoint from the drop down list
      • add a new endpoint
      • manage existing endpoints

      Remarks

      This is equivalent to setting sonar.host.urlsonar.login and sonar.password arguments on a local call.

    2. SonarQube Project Settings section allows you to specify which SonarQube project to use.



      • Project Key - the unique project key in SonarQube

      • Project Name - the name of the project in SonarQube

      • Project Version - the version of the project in SonarQube

      Remarks

      This is the equivalent of setting  sonar.projectKey, sonar.projectName and sonar.projectVersion arguments on a local CLI call.

    3. Advanced section allows to specify advanced features. We advise you to keep the out-of-the-box experience if you are not familiar with these settings.



      • Additional Settings - space separated settings using the format: /d:propertyName=propertyValue. Normal command line escaping rules apply.
      • Settings File - as Additional Settings except you can specify a file that will contains these settings.
      • Include full analysis report in the build summary - delays the build to wait for SonarQube analysis report.
      • Fail the build on quality gate failure - delays the build to wait for SonarQube analysis report AND make the build to fail if SonarQube quality gate is failure.

      Remarks

      Include full analysis report in the build summary and Fail the build on quality gate failure induce a delay in your build and you might want to disable them for your development CI.
  6. Optional but recommended: Click the Visual Studio Test task and check the Code Coverage Enabled checkbox to process the code coverage and have it imported into SonarQube.



  7. Click the Save button to save the Build Definition.

Reports

Queue a new build and wait for it to complete. At the completion of the build you should see the following Build Summary:

Default look

ADD SCREENSHOT

Full Analysis Report

When Include Full analysis report in the build summary is checked

ADD SCREENSHOT

 Pull Request comment

Analyzing with SonarQube Scanner CLI Task

Use this task to analyze any file not relying on MSBuild compilation (Javascript, VB6...). The extensive list of supported language plugins can be found here.

Configure

  1. Open the Build Definitions page in your Visual Studio Team Services Control Panel
    Click the Build & Release button on the top bar and then the Builds menu.



  2. Edit an existing Build Definition or create a new one and then click the Add build step... button.


  3. Under the Build category, find and add the SonarQube Scanner CLI task

     
  4. Click on the SonarQube Scanner CLI build step to open its configuration dialog.


    1. SonarQube Server section allows you to define the endpoint (i.e. SonarQube Server instance) to use.



      You can either:
      • select an existing endpoint from the drop down list
      • add a new endpoint
      • manage existing endpoints

      Remarks

      This is equivalent to setting sonar.host.urlsonar.login and sonar.password arguments on a local call.

    2. SonarQube Project Settings section allows you to specify which SonarQube project to use.


    3.  

      • Project Key - the unique project key in SonarQube

      • Project Name - the name of the project in SonarQube

      • Project Version - the version of the project in SonarQube

      Remarks

      This is the equivalent of setting  sonar.projectKey, sonar.projectName and sonar.projectVersion arguments on a local CLI call.

    4. Advanced section allows to specify advanced features. We advise you to keep the out-of-the-box experience if you are not familiar with these settings.

      • Settings File - as Additional Settings except you can specify a file that will contains these settings.

  5. Click the Save button to save the Build Definition.

Analyzing with Jenkins Task

Use this task if you want the Jenkins job to handle the build definition.

Configure

More information about the Jenkins task can be found here.

Analyzing with Maven Task

Use this task if your project relies on a pom.xml file.

Configure

In the Code Analysis section of the task you can check the Run SonarQube Analysis checkbox to enable SonarQube analysis.

You will find more information about how to configure the Maven task here (Microsoft website)

More

SonarQube Endpoint

  1. Open the Services page in your Visual Studio Team Services Control Panel
    Click the Settings cog icon in the top bar of the project screen and then click the Services menu.
     

  2. Click on New Service Endpoint and choose SonarQube.


  3. Specify a Connection Name, the Server URL of your SonarQube Server (including the port if required) and the Authentication Token to use.

 

  • No labels