Run SonarQube Locally — .Net

.NET CODE ANALYSIS

How to run SonarQube locally for .Net solutions

The article describes how to analyze C# code quality using the SonarQube command line.

Photo by Jefferson Santos on Unsplash


Prerequisites

  1. Download the SonarQube free Community Edition

  2. SonarQube scanners require version 8/11 of the JVM, and the SonarQube requires version 11

  3. Install PostgreSQL for demonstration, but it also supports MSSQL and Oracle databases.

  4. For the .Net Core 2+ version, download SonarQube Scanner.

  5. For the .Net Framework version, download SonarQube Scanner.

Getting Started

Following steps to configure & run C# code analysis using SonarQube for .Net Core applications.

Unzip folders(prerequisites in points 1 and 4) into a directory.

Configure User

Follow the below commands to configure a database & user in the PostgresSQL database.

#Create DB
CREATE DATABASE sonar;
#Create a user in DB with a password
CREATE USER sonar WITH PASSWORD '<password>';
#Grant, all permissions to that user
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;

Update SonarQube Configuration

Go to SonarQube Community edition unzipped folder, open the config file in the following path “..\conf\sonar.properties.

  1. Uncomment and add the username and password created above in the config file.

  2. Add JDBC Postgres URL as shown in the screenshot below.

sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonar

After configuration, now SonarQube will use PostgresSQL to save reports or logs locally.

Run SonarQube

Go to SonarQube Community edition unzipped folder, run the following bat file “..\sonarqube-8.8.0.42792\bin\windows-x86–64\StartSonar.bat” in “Admin” mode.

Once the SonarQube server is UP, a client application will be available on the browser at the following URL

http://localhost:9000

Project Creation SonarQube

  1. Add a new project.

2. Add project details as shown below

3. Create a unique token

Analyze Github Repo

The .Net Core repository will be analyzed in the article demonstration.

https://github.com/ssukhpinder/QRCodeExample

As a prerequisite, analysis requires a sonar scanner tool installed globally using the following command:

dotnet tool install --global dotnet-sonarscanner

Execute the Scanner (.Net Core)

Running a SonarQube analysis is straightforward. Need to execute the following commands at the root of your solution.

dotnet sonarscanner begin /k:"demo" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="ce4c4c9c407be98e8150822abbfe017b8c576848"
dotnet build
dotnet sonarscanner end /d:sonar.login="ce4c4c9c407be98e8150822abbfe017b8c576848"

Execute the Scanner (.Net Framework)

Running a SonarQube analysis is straightforward. Need to execute the following commands at the root of your solution.

SonarScanner.MSBuild.exe begin /k:"demo" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="43ca541c658f2f5f856e1b2a707c122b21c02ac1"
MsBuild.exe /t:Rebuild
SonarScanner.MSBuild.exe end /d:sonar.login="43ca541c658f2f5f856e1b2a707c122b21c02ac1"

Sample Report

Thank you for reading and hope you liked the article. Follow me on LinkedIn Instagram Facebook Twitter

Stay tuned on C#

https://github.com/ssukhpinder/QRCodeExamplehttps://github.com/ssukhpinder/QRCodeExamplehttps://github.com/ssukhpinder/QRCodeExamplehttps://github.com/ssukhpinder/QRCodeExample

#Aspnetcore #Sonarqube #CodeAnalysis #DotnetCore #Dotnet

Recent Posts

See All

Design Pattern – Adapter

#Aspnetcore #AdapterDesignPattern #Csharp #DesignPatterns #Dotnet According to Gang of Four, the Adapter Pattern converts the interfaces of a class into interfaces that the client requires. In other w