is the latest version of the CLI scanner.
If you want to use the latest .Net scanner you will have to download it one time.
Did you check SonarScanner for .NET | SonarQube Docs ?
ok then how do i tell the SonarQubeAnalyze@5 task to use that ? cause by default the task wants to run SonarScanner 4.7.0.2747 …
I understand you’re telling me to load scanner 5.8.0 (so that means people need to add a pipeline task for that which is already wrong cause the point of the “prepare task” which I call before the analyze task is to load the latest scanners regardless) … but then there should be a way to tell the analyze task to use sonarscanner 5.8 without having to add an additional task into the pipeline ... cause even after loading 5.8.0 scanner the analyze task is still running SonarScanner 4.7.0.2747
The pages you replied with do not say how to update SonarQubeAnalyze@5 task to use a different version of the scanner. So can the SonarQubeAnalyze@5 task be configured to use the 5.8.0 scanner ? and if so how can that be done please ?
I don’t do an msbuild or vsbuild … I’m building a linux .net executable. Are you saying I need to set
And the example is completely wrong. Here’s why : the example clearly states you can “prepare, analyze, and publish” with the scanner mode as ‘MSBuild’ … but the moment you do that the follow error happens :
The SonarScanner for MSBuild integration failed: SonarQube was unable to collect the required information about your projects.
Possible causes:
1. The project has not been built - the project must be built in between the begin and end steps
2. An unsupported version of MSBuild has been used to build the project. Currently MSBuild 14.0.25420.1 and higher are supported.
3. The begin, build and end steps have not all been launched from the same folder
4. None of the analyzed projects have a valid ProjectGuid and you have not used a solution (.sln)
17:39:22.841 The SonarScanner for MSBuild integration failed: SonarQube was unable to collect the required information about your projects.
No where does the example (or integration) infer anything about building.
So: SonarQube Extension for Azure DevOps contains an embedded version of the Scanner for .NET, which contains an embedded version of SonarScanner. Each of these three components has its own version.
The logs in the Prepare Analysis Configuration step (SonarQubePrepare@5) will show:
SonarScanner for MSBuild 5.8
This is not possible. The Scanner for .NET is embedded in the Azure Devops Extension. To update it, we need to release a new version of the AZDO Extension and publish it to the marketplace.
Add a new Run Code Analysis task after your build task.
So between SonarQubePrepare and SonarQubePublish, you need to build and also to run the tests in order to have the code coverage report. See this example (SonarCloudPrepare and SonarQubePrepare are essentially the same steps).
Having said that, I do believe we can improve our existing documentation, as it is not clear from the YML example file what you need to fill in between SonarQubePrepare and SonarQubePublish. I will send this feedback to our documentation team.
Yeah eventually I figured it out that you need to do a build between the prepare (where the scannermode is set to MSBUILD) and analyze tasks.
I was doing a build that creates a docker image and I didn’t want to put the SQ analysis of the code into the dockerfile. I wound up doing the build outside the docker context and then the ‘docker build’ COPYs it into the resulting image (which isn’t ideal either cause one of the points of using docker is you can do a multistage build where you start with a docker image that has all the build dependencies in it). Anyways thanks for replying !