Perform sonar scan

Perform scan

Make sure you change directory to the root of your project if not already done and then issue the below commands:

Use the commands you obtained from the previous step and execute them one by one. We will not need the first command since we have already installed sonar scanner globally on our system!

The below commands will not work as it is!

You need to replace the login tokens with what you obtained from sonarqube server for your project.

Begin

Option 1 (only code quality analysis)

dotnet sonarscanner begin /k:"KYA" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6"

The above command will only perform code analysis. If you also wanted it to look into the code coverage and include it in the project report (which is often the case) you can execute this command instead:

Option 2 (code quality analysis and code coverage)

dotnet sonarscanner begin /k:"OurProject" /d:sonar.host.url="http://localhost:9000"  /d:sonar.token="sqp_06e8db48d698bb26fd0d18a97622aef9d2d15d9b" /d:sonar.cs.opencover.reportsPaths="CoreLibTests\TestResults\*\coverage.opencover.xml"

Build

dotnet build

End

dotnet sonarscanner end /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6"

SonarQube cannot generate code coverage by itself! We need to do it with some other tool (like we did with coverlet) It can only read this coverage file and include in the dashboard so that sonaqube dashboard serves as a single point to look into the health of the code base!

Sonarqube only supports opencover format out of the box. If we need it to support cobertura file format as well, we need to configure it with the required plugins from the sonarqube marketplace (not shown here)

Explanation

The commands provided above are related to running the SonarScanner analysis on a .NET project and submitting the analysis results to a SonarQube server. Here's a breakdown of each command:

1. dotnet sonarscanner begin /k:"KYA" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6"

   • This command initiates the SonarScanner analysis for your project.

   • /k:"KYA" sets the project key to "KYA" in SonarQube. The project key is used to uniquely identify the project in SonarQube.

   • /d:sonar.host.url="http://localhost:9000" specifies the URL of the SonarQube server as "http://localhost:9000". It indicates where the SonarQube server is running.

   • /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6" sets the login token to authenticate the SonarScanner with the SonarQube server. The provided token should be replaced with your actual login token.

2. dotnet build

   • This command builds the .NET project using the dotnet build command. It compiles the source code, resolves dependencies, and creates the output artifacts.

3. dotnet sonarscanner end /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6"

   • This command ends the SonarScanner analysis and submits the analysis results to the SonarQube server.

   • /d:sonar.login="squ_bf3c330029dcbee5041c4001f1e4d1fbfbaa2bf6" specifies the login token to authenticate the SonarScanner with the SonarQube server. Again, ensure to replace the provided token with your actual login token.

In summary, the first command initiates the SonarScanner analysis, the second command builds the .NET project, and the third command ends the analysis and submits the results to the SonarQube server. These commands are typically executed in sequence to analyze a .NET project using the SonarScanner and integrate the analysis results into SonarQube for further analysis and reporting.