.NET CODE ANALYSIS
How to run SonarQube locally for .Net solutions
The article describes how to analyze C# code quality using the SonarQube command line.
Prerequisites
Download the SonarQube free Community Edition
SonarQube scanners require version 8/11 of the JVM, and the SonarQube requires version 11
Install PostgreSQL for demonstration, but it also supports MSSQL and Oracle databases.
For the .Net Core 2+ version, download SonarQube Scanner.
For the .Net Framework version, download SonarQube Scanner.
Getting Started
Following steps to configure & run C# code analysis using SonarQube for .Net Core applications.
Unzip folders(prerequisites in points 1 and 4) into a directory.
Configure User
Follow the below commands to configure a database & user in the PostgresSQL database.
#Create DBCREATE DATABASE sonar;
#Create a user in DB with a passwordCREATE USER sonar WITH PASSWORD '<password>';
#Grant, all permissions to that userGRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
Update SonarQube Configuration
Go to SonarQube Community edition unzipped folder, open the config file in the following path “ ..\conf\sonar.properties. ”
Uncomment and add the username and password created above in the config file.
Add JDBC Postgres URL as shown in the screenshot below.
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonar
After configuration, now SonarQube will use PostgresSQL to save reports or logs locally.
Run SonarQube
Go to SonarQube Community edition unzipped folder, run the following bat file “..\sonarqube-8.8.0.42792\bin\windows-x86–64\StartSonar.bat” in “Admin” mode.
Once the SonarQube server is UP, a client application will be available on the browser at the following URL
Project Creation SonarQube
- Add a new project.
- Add project details as shown below
- Create a unique token
Analyze Github Repo
The .Net Core repository will be analyzed in the article demonstration.
ssukhpinder/QRCodeExample
How to generate QR code in .Net Core API. Contribute to ssukhpinder/QRCodeExample development by creating an account on…github.com
As a prerequisite, analysis requires a sonar scanner tool installed globally using the following command:
dotnet tool install --global dotnet-sonarscanner
Execute the Scanner (.Net Core)
Running a SonarQube analysis is straightforward. Need to execute the following commands at the root of your solution.
dotnet sonarscanner begin /k:"demo" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="ce4c4c9c407be98e8150822abbfe017b8c576848"
dotnet build
dotnet sonarscanner end /d:sonar.login="ce4c4c9c407be98e8150822abbfe017b8c576848"
Execute the Scanner (.Net Framework)
Running a SonarQube analysis is straightforward. Need to execute the following commands at the root of your solution.
SonarScanner.MSBuild.exe begin /k:"demo" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="43ca541c658f2f5f856e1b2a707c122b21c02ac1"
MsBuild.exe /t:Rebuild
SonarScanner.MSBuild.exe end /d:sonar.login="43ca541c658f2f5f856e1b2a707c122b21c02ac1"
Sample Report
Thank you for reading and hope you liked the article. Follow me on LinkedIn Instagram Facebook Twitter
Top comments (3)
Good info. I find it much simpler to use the Docker image.
I thought you may be interested in another SonarQube post
singhsukhpinder.medium.com/github-...
I am glad you find it useful and indeed you are right that its much simpler with docker. I will write an post on that soon.