GitHub SonarQube workflow — .Net


How to set up GitHub SonarQube workflow on pull request for .Net repositories

Photo by Malte Luk from Pexels

Learning Objectives

  1. How to set up SonarQube locally

  2. Setup GitHub workflow with Sonar Cloud

  3. Run SonarQube code analysis on pull request


  1. Download Git command line or Github Desktop

  2. Need a .Net core or framework project created using Visual Studio or dotnet global command-line utility.

Getting Started

SonarQube enables developers to write cleaner and safer code.

Step 1: How to run setup SonarQube locally

Run locally for both .Net Core and .Net framework applications

View at

Step 2: Setup secrets in Github

Settings Path: Go to the repository on SonarCloud > Analysis Method > Github Actions

Copy the details of SONAR_TOKEN as shown below and click Continue.

The secret created in SonarCloud and add it into the repository settings, as shown below

NOTE: The secret added here will be used in the “.yml” file in the workflow.

Step 3: Go to the GitHub repository.

Click on the “Actions” tab and click on “Setup a workflow yourself,” as shown below.

Step 3: Add workflow code in the “.yml” file

We need to update the following code in the build.yml file.

  1. token_in_sonar: the project token created in SonarCloud or sonar running locally.

  2. org_name: Skip if not assigned to an organization on GitHub.

  3. Sonar.hold.url: It can be a localhost URL or SonarCloud URL.


Build command differs for .Net Core and .Net Framework.

For .Net Core build command used in the “.yml” file

dotnet build <Path to cs proj or solution file>

For .Net Framework build command used in the “.yml” file

MsBuild.exe /t:Rebuild

Step 4: Initiate the workflow

After code editing, click on the start commit button in the top-right corner and then click “Commit new file.”

That’s it you have successfully integrated GitHub workflow to analyze a repository with .Net Framework or .Net Core code.


Now for each pull request, two checks will happen

  1. Code build

  2. SonarQube Code Analysis

Ideally, the code should be merged to the main branch only if both checks pass. Both checks, as mentioned above, will run in sequence, so if the build fails, then sonar code analysis will also fail.

  1. The workflow creates a new folder in the selected GitHub repository named “.github/workflow” which contains the “.yml” file.

  2. Easy to update “.yml” file for any extra functionality.

Sample analysis report from GitHub

Thank you for reading. Keep visiting and share this in your network. Please put your thoughts and feedback in the comments section.

Follow me on LinkedIn Instagram Facebook Twitter

Tags: #CodeQuality #Sonarqube #CodeAnalysis #GithubWorkflow #Csharp

Recent Posts

See All

Design Pattern – Adapter

#Aspnetcore #AdapterDesignPattern #Csharp #DesignPatterns #Dotnet According to Gang of Four, the Adapter Pattern converts the interfaces of a class into interfaces that the client requires. In other w