Publishing Code Analysis Results to Azure DevOps


We’ve just implemented SonarCloud into our projects. We currently run the dotnet sonarscanner inside our Dockerfiles which we build in our CI pipelines. I’ve got mostly everything working including Pull Request decoration (which is an excellent feature :+1:) with this approach.

My question - is there a way of extracting a brief summary of the analysis, such as any Code Smells, new Vulnerabilities etc and publishing them like you would your code coverage and/or test results (so that they are visible from within the specific Azure DevOps pipeline) - given that we are not using any of the SonarCloud Azure DevOps tasks. Is the dotnet sonarscanner utility capable of producing a report that I can copy out of the Docker container and publish, or is there a different approach that I should follow.


Welcome to the community!

It sounds like you want to publish your Quality Gate status back to Azure. We have a widget for that.


Hi Ann,

Would this not require us to implement all 3 of the Azure DevOps tasks to get this functionality to work?


As we are currently running the scan in a Dockerfile alongside the build and we aren’t implementing the Azure DevOps tasks to ‘Prepare the analysis configuration’ and ‘Run Code Analysis’ , I’m not sure how the Quality Gate status task would work as it doesn’t have any input parameters for us to specify.

I was just wondering if the sonarscanner CLI has any options that we can use to product a report on the local file system that I can then publish manually in a separate task to Azure DevOps?



Ah. No.

Perhaps a webhook would help?


Can you please provide some sort of guidance on how to configure a webhook to approve the quality gate? You linked the documentation for the sonarcloud webhooks, which is only one piece of this puzzle. - What is the URL, I configure the webhook to post?

  • How do I configure the authentication?
  • What does the request look like, the quality gate endpoint accepts to approve the pull request?
    • Is it the same as the webhook publishes, or do I need a service that transforms the request?
  • The sonarcloud webhook calls azure devops to tell it the quality gate is approved? Is this what we are supposed to do? I’m just guessing, because the documentation about this is pretty much nonexistant.

It is very common to have a build run in a docker container, yet we don’t have a sonarcli task, or any useful documentation about how to do this.

Hi @Plevi1337,

Welcome to the community!

This is an old thread. Please create a new one.