How to scan ad-hoc .sql files outside of c# .sln/.csproj in SonarQube Developer Edition

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)*
    Developer Edition Version 8.9.2 (build 46101) (Currently running the 2 week trial period)
    SonarScanner for MSBuild 5.3.1

  • what are you trying to achieve*
    Scan .sql files that are not part of the project build for a c# project. And also scan a bitbucket repositoriy that contains only .sql files and no other code files.

  • what have you tried so far to achieve this

  • Have updated global config to change plsql extention to .plsql and T-SQL extention to .sql.
  • Have checked that these settings are then picked up in the analysis project.

In the online docs the only references I can see to TSQL is the ability to change which extension you use to detect that language, and I’m unsure how to actually trigger a scan on them. We currently use the msbuild scanner for our c# projects, do you need a separate scanner for TSQL? Also, do the .sql files need to exist as part of a project, or can the scanner be set to analyse any SQL file in the repo?

I can see various mentions to tsql scanner plugins in the community forums, which then also mention the SonarQube TSQL plugin available in developer edition, but no info on who to use/invoke the SonarQube tsql scanner.

Update, have just seen the section Analyzing languages other than C# and VB in the .net scanner doc that states the files have to be added to the project. So will do that.

However, in the latest 9.1 documentation is seems to suggest that for .net core targets, this will scan any file with the extension. So does that mean from 9.1 it will automatically pick up all .sql files in the repository?


Welcome to the community!

This is not my area of expertise, but my understanding is that it’s more about your SDK version than about the SQ version (as long as it’s current/supported). From the docs

For newer SDK-style projects (used by .NET Core, .NET 5, and later), the SonarScanner for .NET will analyze all file types that are supported by the available language plugins unless explicitly excluded.