How to scan C# Unity code on Mac?

Hi,
I’m trying to scan C# Unity code manually on my MacBook.
I saw SonarCloud setup to analyse Unity project in CI, and I tried to follow SonarScanner for .NET | SonarQube Docs, but without success.
I installed .NET Core SDK 2.0, downloaded and using sonar-net-5/sonar-scanner-4.6.2.2472/bin/sonar-scanner
but I’m still getting

INFO: Sensor C# [csharp]
WARN: Your project contains C# files which cannot be analyzed with the scanner you are using. To analyze C# or VB.NET, you must use the SonarScanner for .NET 5.x or higher, see https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html
INFO: Sensor C# [csharp] (done) | time=2ms

What I’m missing?
In fact, my goal is to integrate Sonarcloud with Github, using Github Actions.
Is there updated tutorial for that?

TIA, Vitaly

Hey there.

It’s important that you invoke the Scanner for .Net correctly, rather than directly calling the sonar-scanner executable. This is noted in the docs.

In summary, the invocation of the SonarScanner for .NET will depend on the scanner flavor:

Scanner Flavor Invocation
.NET 5 dotnet <path to SonarScanner.MSBuild.dll> etc.
.NET Core Global Tool dotnet sonarscanner begin etc.
.NET Core 2.0+ dotnet <path to SonarScanner.MSBuild.dll> etc.
.NET Framework 4.6+ SonarScanner.MSBuild.exe begin etc.

In the context of GitHub Actions – there is a tutorial when you create a new project in the SonarCloud UI.

1 Like

Thank you! I tried to follow this tutorial, but I’m not sure what should I use as a build command. Should I install MSBuild via GitHub Actions?

How do you build your code today (i.e. if SonarCloud wasn’t in the mix, what build command would you use to build your code?)

1 Like

Sorry, I didn’t provide the big picture.
I’m DevOps freelancer and using Sonar for 3+ years with different platforms - Java, NodeJS, PHP, etc.
Recently I have a customer which developing under Unity for Android. Currently, they build into Unity IDE.
There is no build configuration file.
I generated .sln file used “dotnet new sln”, but “dotnet build .” fails with “C:\Program Files\dotnet\sdk\5.0.403\NuGet.targets(131,5): warning : Unable to find a project to restore! [D:\a\BoatAttack\BoatAttack\BoatAttack.sln]”. I tried a few suggestions for fixing nugest config, but without success so far.
Thank you again, Vitaly
PS: BTW, is there a way to run some basic analyze using source code only?

SonarScanner for MSBuild 5.4
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
14:13:02.783  Updating build integration targets...
14:13:03.714  Fetching analysis configuration settings...
14:13:04.963  Provisioning analyzer assemblies for cs...
14:13:04.964  Installing required Roslyn analyzers...
14:13:06.705  Provisioning analyzer assemblies for vbnet...
14:13:06.705  Installing required Roslyn analyzers...
14:13:06.736  Pre-processing succeeded.
Microsoft (R) Build Engine version 16.11.2+f32259642 for .NET
Copyright (C) Microsoft Corporation. All rights reserved.

  Determining projects to restore...
C:\Program Files\dotnet\sdk\5.0.403\NuGet.targets(131,5): warning : Unable to find a project to restore! [D:\a\BoatAttack\BoatAttack\BoatAttack.sln]

Build succeeded.

C:\Program Files\dotnet\sdk\5.0.403\NuGet.targets(131,5): warning : Unable to find a project to restore! [D:\a\BoatAttack\BoatAttack\BoatAttack.sln]
    1 Warning(s)
    0 Error(s)

Time Elapsed 00:00:00.28
SonarScanner for MSBuild 5.4
Using the .NET Core version of the Scanner for MSBuild
Post-processing started.
14:13:07.73  The SonarScanner for MSBuild integration failed: SonarCloud was unable to collect the required information about your projects.

My customer’s project is private, but I reproduced the same issue with the public Unity demo - GitHub - vitalykarasik/BoatAttack: Demo Project using the Universal RP from Unity3D.

Hey @vitalykarasik

You’re right – you will need a .csproj / sln file in order to use the Scanner for .NET. And, I don’t know enough about Unity to understand what to do when one isn’t generated by default. I’ll call on someone who might.

1 Like

Colin, thank you!
As I wrote, I generated .sln with “dotnet new sln”
I’m attaching it for the reference, Vitaly


Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30114.105
MinimumVisualStudioVersion = 10.0.40219.1
Global
	GlobalSection(SolutionConfigurationPlatforms) = preSolution
		Debug|Any CPU = Debug|Any CPU
		Release|Any CPU = Release|Any CPU
	EndGlobalSection
	GlobalSection(SolutionProperties) = preSolution
		HideSolutionNode = FALSE
	EndGlobalSection
EndGlobal

This is fine – but somehow your C# files must also be referenced by the solution / a sub-project. Simply having one in your repository is not enough.

Hi Vitaly

We don’t have much experience of Unity at the moment and it looks like it doesn’t build using MSBuild so it’s going to be difficult to analyse your project in the usual way.

I’m afraid not.

Sorry!

Tom

1 Like

Tom, thank you!

is there a way to run some basic analyze using source code only?
Sorry for off-topic, but as far as I understand, Codacy uses Sonar scanner for C#, and it works.