Issues creating simple sonnar-scanner container for C#

We simple want to run sonar-scanner through GitLab CI. We’re building a runner container for this, and building the container gives us an error when we try to install sonnar-scanner-dotnet:

runc run failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory

We tried adding “CMD [”/bin/bash"]" to the Dockerfile and it has no effect

DETAILS

To make this efficient, we really need on-demand docker runners. Thus the challenge where we’re stuck trying to build a container to get this to work.

We have a working container for pure Linux, but issue is we have some C# code. The sonar-scanner tool is reporting zero lines in our C# code, and turns out there’s a separate sonar-scanner tool with .NET built-in.

So now we’re trying to setup a Dockerfile that has this sonnar-scanner dotnet version installed. The link above brings me to this command: NuGet Gallery | dotnet-sonarscanner 9.0.2

Since there’s no official sonnar-scanner dotnet on dockerhub, we’re building our own. I’m currently starting with an ubuntu dotnet image here: https://hub.docker.com/r/ubuntu/dotnet-deps

Here’s our Dockerfile so far

FROM ubuntu/dotnet-deps:8.0
#CMD ["/bin/bash"]
RUN dotnet tool install --global dotnet-sonarscanner --version 9.0.2

P.S. Would be nice if SonarSource offered an official sonnar-scanner container that already had .NET built-in. Perhaps I’m missing an easier solution here?

Hi,

To be clear, we don’t offer “.NET built-in”. The docs are quite clear that you need to install your SDK on your build agent.

How/where are you building this C# code? The analysis should happen in the same place.

 
HTH,
Ann

Ann, thanks for the response. A couple things

“How/where are you building this C# code?”

  • We’re doing a pretty standard setup with our developers, where the devs code/build on their own machine, and when they’re confident, they check in via GitLab, where a GitLab runner also builds the code.
  • To take things further, we want to follow better modern standards and start using GitLab container runners instead of full VM runners. We’re moving towards this modernization for better parallelized testing, and cleaner runs. But this is where we’re having issues. Notes below.

“To be clear, we don’t offer “.NET built-in””

  • As per the docs, same one that you linked, if you scroll up, there’s a specific “.NET scanner” that we have to download. All we want to do is use that scanner. And again, we have a use-case to modernize and do this inside a container, which is where the challenges are.

Take a look at this link from dockerhub: https://hub.docker.com/u/sonarsource

These are official sonarsource containers for scanning with SonarQube. Problem is, not a single one will work with C# code, due to missing .NET, and I’m assuming they also have the wrong scanner anyways for C#. As such, we’re trying to build our own container, and that’s what I’m asking for help with. We’re not doing anything unusual or weird, so I imagine someone out there must have scanned C# code in a container.

As per my comment about SonarSource offering a .NET built-in container, I’m referring to the containers you guys have in dockerhub.

Hi,

For .NET analysis must be run in conjunction with the build., so this is where you need to be running analysis.

 
HTH,
Ann

So there may be a misunderstanding… as I’ve said, we’re trying to build inside runner containers. This is as per modern DevOps standards, to improve development efficiently, consistency, and lower costs.

Good news is, I’ve worked with one of our more senior engineers who knows containers really well and managed to find a solution. In short, the starting container I was using was pretty crappy. Fortunately, microsoft has good starting dotnet containers for both linux and windows.

E.g. in my Dockerfile, changing FROM ubuntu/dotnet-deps:8.0 to FROM mcr.microsoft.com/dotnet/sdk:8.0 made everything just work better.

Our new Dockerfile, in case it helps someone:

FROM mcr.microsoft.com/dotnet/sdk:8.0

COPY certs/private_root_cert.crt /usr/local/share/ca-certificates/private_root_cert.crt

RUN chmod 644 /usr/local/share/ca-certificates/private_root_cert.crt && \
    update-ca-certificates && \
    dotnet tool install --global dotnet-sonarscanner --version 9.0.2

ENV PATH $PATH:/root/.dotnet/tools

Note the final part lets you call “dotnet-sonarscanner” from anywhere.

Anywho, I still have the same feedback for SonarSource. I love your guys’s tool, but occasionally some things seem to be tough to get working out of the box. Would be amazing if SonarSource provided an official dotnet-sonarscanner on dockerhub, as you guys do with with your sonarscanner without dotnet. Or at least provide some simple example (like my Dockerfile above) to help people get started.

As an example, when we first ran through SonarSource documentation, downloaded and setup SonarQube out of the box, to the letter. Ran a scan, and SonarQube found the C# files, but claimed no lines of code. No error or anything. I had to research and find a debug flag, check the logs, and its a debug only message that says a special dotnet-scanner is needed.

1 Like