Do I have to build my repo to use SonarCloud?

mallen-ez · August 2, 2024, 7:45pm

I’m getting started with SonarCloud. I have an older .Net Framework 4.8 app with a repo in Azure Devops. I read the instructions for how to setup my YAML pipeline.

The instructions then say to run tasks in this order: Nuget restore, SonarCloudPrepare, VSBuild, SonarCloudAnalyze, SonarCloudPublish.

Is the build necessary to do a static code analysis? Currently in our pipeline we have two stages with SonarCloud being done in stage 1. Stage 2 is build, create artifact, and deploy if desired. This incurs two builds, which for this repo is slow due to size. This repo has no unit tests.

Should I re-organize this pipeline so there need only be one build step?

acalero · August 3, 2024, 9:30pm

Hi! Welcome to the community!

Yes, you must build your repo in order to analyze your code. .NET scanner uses the Microsoft Roslyn compiler to perform the analysis, so it is a must.

I don’t recommend to use the same build for SonarCloud analysis and the deployment, since SonarCloud build may require a debug build instead of the release build that goes to production.

Best regards.

Topic		Replies	Views
Analyzing a pipeline that doesn't build everything SonarQube Cloud	2	504	June 9, 2022
How to integrate sonarcloud with Az Repos SonarQube Cloud sonarqube-cloud	4	376	October 20, 2021
Bitbucket repo , Azure build - which Sonar application do I need SonarQube Cloud	3	463	April 1, 2020
SonarCloud analysis in an Azure Pipelines multi-stage build SonarQube Cloud azuredevops-services , sonarqube-cloud	4	1908	August 10, 2020
Azure Devops Pipeline SonarCloud not submitting code for .NET Core builds? SonarQube Cloud sonarqube-cloud	2	1615	January 8, 2020

Do I have to build my repo to use SonarCloud?

Related topics