Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

By SonarSource – MIT – Issue TrackerSources
SonarQube Scanner for MSBuild 3.0.2.656 – Compatible with SonarQube 5.6+ (LTS)
Download

Table of Contents

Features

The SonarQube Scanner for MSBuild is the recommended way to launch a SonarQube analysis on MSBuild projects and solutions. It is the result of a collaboration between SonarSource and Microsoft

It is available as a standalone command line executable and as build steps for VSTS-TFS and Jenkins.

Installation

  1. Make sure the .NET Framework v4.6+ is installed
  2. Make sure the Java Runtime Environment 8 is installed
  3. Download the latest version of the SonarQube Scanner for MSBuild (using the link at the top of the page)
  4. Unblock the zip file (Right-click on file -> Properties -> Unblock)
  5. Unzip sonar-scanner-msbuild-[version].zip on to a drive. Example: C:\SonarQube\bin
  6. Edit C:\SonarQube\bin\SonarQube.Analysis.xml to specify the following parameters:
    1. sonar.host.url - URL to your SonarQube server

    2. sonar.login - Analysis token of a user with Execute Analysis permissions. Required only if Anonymous does not have them
  7. Restrict access to SonarQube.Analysis.xml by setting appropriate file permissions
  8. Add the executable's directory to the %PATH% environment variable

Use

  1. From the root folder of the project you want to analyze, execute the following commands:

    SonarQube.Scanner.MSBuild.exe begin /k:"org.sonarqube:sonarqube-scanner-msbuild" /n:"Project Name" /v:"1.0"
    MSBuild.exe /t:Rebuild
    SonarQube.Scanner.MSBuild.exe end

    See Additional Analysis Parameters if you need to specify additional Analysis Parameters.

     

  2. Follow the link provided at the end of the analysis to browse your project's quality in the SonarQube UI.

Note

The Scanner for MSBuild hooks into the MSBuild pipeline, and will modify the properties listed below:

  • All existing code analyzers in the projects are removed to prevent duplicate issues from being reported.
  • The SonarC# and SonarVB analyzers are added, and the CodeAnalysisRuleSet is updated to match the SonarQube quality profile.
  • WarningsAsErrors is turned off to avoid breaking the build before the reported issues are submitted to SonarQube.

If your build process cannot tolerate these changes, we recommend creating a second job for SonarQube analysis.

Also,

  • Project build is required between the begin and end commands. /t:Rebuild is used above as an example.
  • Sensitive properties such as "sonar.login" and "sonar.password" are not persisted on disk for security reasons. If you wish to pass them as command line arguments, you will have to so for both the "begin" and "end" steps.
  • If you are not already using MSBuild 14.0+, please refer to the Compatibility with Visual Studio and MSBuild notes.

Project Samples

To help you get started, simple project samples are available for most languages on github. They can be browsed or downloaded. You'll find them filed under projects/languages.

 

Known Limitations

  • Analysis of BizTalk and SharePoint projects is currently not supported, refer to  SONARMSBRU-196 - Getting issue details... STATUS

  • Analysis of Web Site Solutions is not supported, however analysis of Web Application Solutions is supported.

Troubleshooting

The End Step executable was not found

If you need to run multiple analyses in rapid succession, pass /nodereuse:false to msbuild. Otherwise you may see the following error when the DLLs required by a new analysis are still locked by a previous analysis:

The End Step executable was not found 'D:\***\.sonarqube\bin\MSBuild.SonarQube.Internal.PostProcess.exe'. Please check that the begin step, the build step and the end step are all executed in the same directory.

Going Further

 

  • No labels