Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 47 Next »

 

By SonarSource – MIT – Issue TrackerSources
SonarQube Extension for TFS-VSTS


Table of Contents

Features

The new structure of Team Foundation Build gives us a great opportunity to integrate better with your build and release processes in Visual Studio Team Services (VSTS) (formerly VSO) and Team Foundation Server (TFS) on-premise. We have created a public extension you can install into your VSTS account or TFS 2015 server. The extension contains the following build steps:

For MSBuild based solutions (C#, VB.Net, C++)

  • SonarQube Scanner for MSBuild - Begin Analysis
  • SonarQube Scanner for MSBuild - End Analysis

For all non-MSBuild solutions

  • SonarQube Scanner CLI

The source of the extension is available in the GitHub SonarQube Scanner for MSBuild repository.

Compatibility

The SonarQube Extension for VSTS/TFS is compatible with TFS 2015 Update 3 and VSTS. It requires SonarQube version 5.6+ (LTS).

The SonarQube Extension embeds its own version of the SonarQube Scanner for MSBuild.

SonarQube Extension

2.0.0
SonarQube Scanner for MSBuild2.2.0.24

Prerequisites

  • A SonarQube server (including https://sonarqube.com)
  • A build agent with:
    • .NET Framework v4.5.2+
    • Java Runtime Environment (JRE) v7u75+

Installation

You can simply install the extension from the marketplace and follow the instructions below.

Analyzing

Analyzing with SonarQube Scanner for MSBuild

Use the two SonarQube Scanner for MSBuild tasks to analyze Visual Studio solutions.

Configure

  1. Under the Build category, find and add the SonarQube Scanner for MSBuild - Begin Analysis and the SonarQube Scanner for MSBuild - End Analysis tasks


  2. Reorder the tasks to respect the following order:
    • SonarQube Scanner for MSBuild - Begin Analysis task before any MSBuild or Visual Studio Build task.
    • SonarQube Scanner for MSBuild - End Analysis task after the Visual Studio Test task.



  3. Click on the SonarQube Scanner for MSBuild - Begin Analysis build step to open its configuration dialog.


    1. SonarQube Server section allows you to define the endpoint (i.e. SonarQube Server instance) to use.


      You can either:
      • select an existing endpoint from the drop down list
      • add a new endpoint
      • manage existing endpoints

      Remarks

      This is equivalent to setting sonar.host.urlsonar.login and sonar.password arguments on a local call.

    2. SonarQube Project Settings section allows you to specify which SonarQube project to use.



      • Project Key - the unique project key in SonarQube

      • Project Name - the name of the project in SonarQube

      • Project Version - the version of the project in SonarQube

      Remarks

      This is the equivalent of setting  sonar.projectKey, sonar.projectName and sonar.projectVersion arguments on a local CLI call.

  4. Optional but recommended: Click the Visual Studio Test task and check the Code Coverage Enabled checkbox to process the code coverage and have it imported into SonarQube.

Analysis Reports

Queue a new build and wait for it to complete. At the completion of the build you should see the following Build Summary:

Quality Gate Status

 By default, the SonarQube Scanner for MSBuild - End Analysis task waits for the SonarQube analysis report to be consumed in order to flag the build job with the Quality Gate status. The Quality Gate is a major, out-of-the-box, feature of SonarQube. It provides the ability to know at each analysis whether an application passes or fails the release criteria. In other words it tells you at every analysis whether an application is ready for production "quality-wise".

 

Remark

If you have unchecked the Include full analysis report in the build summary in the Avanced section of the SonarQube Scanner for MSBuild - Begin Analysis configuration, the SonarQube Analysis Report section of the Build summary looks like this:

Pull Request comment

When the analysis is triggered from a Pull Request, instead of pushing the analysis report to the SonarQube server, the SonarQube Scanner for MSBuild - End Analysis task decorates the updated source code, in the Pull Request, with the new code quality issues.

Analyzing with SonarQube Scanner CLI Task

Use this task to analyze any file not relying on MSBuild compilation (Javascript, VB6...). The extensive list of supported language plugins can be found here.

Configure

  1. Under the Build category, find and add the SonarQube Scanner CLI task

     
  2. Click on the SonarQube Scanner CLI build step to open its configuration dialog.


    1. SonarQube Server section allows you to define the endpoint (i.e. SonarQube Server instance) to use.



      You can either:
      • select an existing endpoint from the drop down list
      • add a new endpoint
      • manage existing endpoints

      Remarks

      This is equivalent to setting sonar.host.urlsonar.login and sonar.password arguments on a local call.

    2. SonarQube Project Settings section allows you to specify which SonarQube project to use.

      • Project Key - the unique project key in SonarQube

      • Project Name - the name of the project in SonarQube

      • Project Version - the version of the project in SonarQube

      Remarks

      This is the equivalent of setting  sonar.projectKey, sonar.projectName and sonar.projectVersion arguments on a local CLI call.

Analysis Reports

There is currently no supported reports nor Pull Request analysis comments in this mode. But if the SonarQube Scanner CLI detects that the current analysis is part of a Pull Request the analysis will not be pushed to the SonarQube server.

 

  • No labels