This will be a very short article on how to set up and configure SonarQube to analyze a .NET project. So why SonarQube in the first place? The simplistic short answer… Code Quality. SonarQube provides a nice Web application and a bunch of tools to enforce and track coding rules, bugs and complexity.
Download and installation of SonarQube
The first step is to download and install the SonarQube web application. You can download the latest version here. At the time of writing it is SonarQube 6.1. After the download completes, unzip the folder to a location, such as ‘C:/sonar’. Navigate into the folder and go to the bin folder. Choose your appropriate architecture (windows-x86-32 or Windows-x86-64). I have a 64-bit machine running Windows 10 Professional 64 bit so I will use the windows-x86-64 folder. The folder contains a number of *.bat files. For getting started, right click on the StartSonar.bat and select the ‘Run as Administrator’ option.
SonarQube will startup (as above) and initialize using the default embedded database. To make sure it has successfully started, open your web browser and navigate to http://localhost:9000/. If you want to login using the admin account, the default username and password is admin for both. Once authenticated the SonarQube home page will look as below:
If you have keen eyesight, you will notice that at the bottom we are using SonarQube with the default Embedded database. The recommendation is to only use this database for internal evaluation purposes. So let's change that. The list of supported databases is: MySQL 5.6 or greater, Oracle 11g/12c, PostgreSQL 8.x/9.x and Microsoft SQL Server 2008/2012/2014 and SQL Azure.
I have a locally available SQL server database, so I will be configuring that. Before that, open up SQL Server Management Studio and create a new database. I am going to create a new database called sonar (see below).
After the creation of your database go back to your sonar folder and navigate to the conf folder. In my case ‘C:/sonar/conf/sonar.properties’. Open the file in your text editor of choice and edit the Microsoft SQLServer 2008/2012/2014 and SQL Azure section. In my case I added the following:
Save the file and restart the SonarQube service running in the command window. If all goes well, after you refresh the SonarQube web page, you will notice that the red warning at the bottom of the page has gone (as below). Congrats you are now saving to the configured database Microsoft SQL Server
Now that we have the SonarQube website up and running, we need to create a test project to analyze and install the sonar scanner.
As a side note, if you are logged in as admin and you navigate to Administration->System->Update Center, notice that the C# plugin is installed (as below). In older versions of sonar this might not be the case. In such cases you may have to manually install the plugin.
Configure a simple C# console application and install the scanner.
Open Visual Studio and create a New Windows Console Application. Change the Program.cs file content to be:
static void Main(string args)
Console.WriteLine("Press any key to exit...");
Make sure the application compiles.
Now we need to download MSBuild.SonarQube.Runner. At the time of writing the latest version is SonarQube Scanner for MSBuild 2.1. Unzip the downloaded file so that you have the following folder structure:
Copy the unzipped MSBuild.SonarQube.Runner-2.1 folder to the root of the Console application solution (the same folder containing the *.sln file). Open a command prompt and navigate to the MSBuild.SonarQube.Runner-2.1 folder.
Run the following command:
MSBuild.SonarQube.Runner.exe begin /k:Test /n:ConsoleTest /v:1.0 /d:sonar.host.url=http://localhost:9000
The output should look like this:
Next, run the following command (This assumes you have VS 2015 installed):
"C:\Program Files (x86)\MSBuild\14.0\Bin\MSBuild.exe" "../ConsoleApplication2.sln" /t:Rebuild /m
The output looks like this:
To complete the process you need to run:
The output looks like this:
This will do the analysis and upload the *.xml files to the SonarQube Server. Once the website finishes processing the *.xml files and you refresh the home page, you will see the newly analyzed result (see below).
Clicking on the project will take you to the summary page (as below).
Notice that we have two code smells. You can click on the section and drill in deeper.
That concludes this article. Go and fix your code!
On a very large project, the analysis will take quite some time. Also, the generated XML files that need to be uploaded to the SonarQube Website will be rather large. In my case, it gets up to 30Mb. Once the data has been uploaded via the end step sonar needs to process the file before you will see any changes. So if you make a configuration change and go to the site directly after the end step has run you will not immediately see your change. Wait a little bit before you go off and change the configurations.