<div class="table-wrap"><table style="line-height: 1.4285715;" class="confluenceTable"><tbody><tr><td class="highlight-grey confluenceTd" data-highlight-colour="grey">By <a target="_top" href="https://www.sonarsource.com">SonarSource</a> &#8211; MIT &#8211;
<a target="_top" href="https://github.com/SonarSource/sonar-scanner-msbuild/issues">Issue Tracker</a> &#8211;
<a target="_top" href="https://github.com/SonarSource-VisualStudio/sonar-msbuild-runner">Sources</a>
    <div style="padding-top:10px;padding-bottom:5px">
    <span style="font-size:larger;"><strong>SonarScanner for MSBuild</strong></span>
     &#8211; Compatible with SonarQube 6.7+ (LTS)
    <a target="_top" href="https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/">Download for .NET Framework 4.6+</a><br>
    <a target="_top" href="https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/">Download for .NET Core 2.0+</a><br>
    <a target="_top" href="https://www.nuget.org/packages/dotnet-sonarscanner">Download as a .NET Core Global Tool</a><br>
</div> </td></tr></tbody></table></div>


The SonarScanner for MSBuild is the recommended way to launch a SonarQube or SonarCloud analysis for projects/solutions using MSBuild or dotnet command as build tool. It is the result of a collaboration between SonarSource and Microsoft

SonarScanner for MSBuild is distributed as a standalone command line executable and as build steps for VSTS/TFS and a plugin for Jenkins.

It supports .Net Core multi-platform projects and it can be used on non-Windows platforms.

Installation and Compatibility


There are two versions of the SonarScanner for MSBuild.

The first version is based on the “classic” .NET Framework. To use it, execute the following commands from the root folder of your project:

SonarScanner.MSBuild.exe begin /k:"project-key"
MSBuild.exe <path to solution.sln> /t:Rebuild
SonarScanner.MSBuild.exe end

Note: On macOS or Linux, you can also use “mono <path to SonarScanner.MSBuild.exe>”.

The second version is based on .NET Core which has a very similar usage:

dotnet <path to SonarScanner.MSBuild.dll> begin /k:"project-key"
dotnet build <path to solution.sln>
dotnet <path to SonarScanner.MSBuild.dll> end

The .NET Core version can also be used as a .NET Core Global Tool.

dotnet tool install --global dotnet-sonarscanner
dotnet sonarscanner begin /k:"project-key"
dotnet build <path to solution.sln>
dotnet sonarscanner end


Detailed Explanations

Begin Step

The begin step is executed when you add the `begin` command line argument. It hooks into the MSBuild pipeline, downloads SonarQube quality profiles, settings and prepares your project for the analysis.

Command Line Parameters

/k:<project-key>[required] Specifies the key of the analyzed project in SonarQube
/n:<project name>[optional] Specifies the name of the analyzed project in SonarQube. Adding this argument will overwrite the project name in SonarQube if it already exists.
/v:<version>[recommended] Specifies the version of your project.

[optional] Specifies additional SonarQube analysis parameter, you could add this argument multiple times. The most commonly used parameters are:

  • /d:sonar.login=<username> or <token> [optional] Specifies the username or access token to authenticate with to SonarQube. If this argument is added to the begin step, it must also be added on the end step.

  • /d:sonar.password=<password> - [optional] Specifies the password for the SonarQube username in the `sonar.login` argument. This argument is not needed if you use authentication token. If this argument is added to the begin step, it must also be added on the end step.

  • /d:sonar.verbose=true - [optional] Sets the logging verbosity to detailed. Add this argument before sending logs for troubleshooting.

For detailed information about all available parameters, see Analysis Parameters

(warning) The "begin" step will modify your build like this:

If your build process cannot tolerate these changes we recommend creating a second build job for SonarQube analysis.

Building your Project

Between the "begin" and "end" steps, you need to build your project, execute tests and generate code coverage data. This part is specific to your needs and it is not detailed here.

End Step

The end step is executed when you add the "end" command line argument. It cleans the MSBuild hooks, collects the analysis data generated by the build, the test results, the code coverage and then uploads everything to SonarQube.

Command Line Parameters

There are only two additional arguments that are allowed for the end step:

/d:sonar.login=<username> or <token>

[optional] This argument is required if it is added to the begin step.


[optional] This argument is required if it is added to the begin step and not required if you are using <token>

Known Limitations

Going Further