Scanning a C# Project


(Hugo) #1

Hello.

I have an asp.net project which I want to analyse with my Sonarqube 7.3 enterprise.
How can I make the analysis?

I tried using Sonar-Scanner but I got 0 for everything: bugs, vulnerabilities, codesmells, duplications. I found this strange.

Can you point me in the right direction?

My sonar-project.properties looks like this:

sonar.projectKey=AAA
sonar.projectName=AAA
sonar.projectVersion=1.0
sonar.sources=.


I’ve also tried to do this using C# plugin.
https://docs.sonarqube.org/pages/viewpage.action?pageId=1441900

I’ve done all the stated procedure.
when I run the the analysis in my command line, using this command:
SonarScanner.MSBuild.exe begin /k:“AAA” /n:“AAA” /v:“1.0”

MSBuild.exe /t:Rebuild

SonarScanner.MSBuild.exe end



I get this (the same):

WHat are the recommended options to scan asp.net code? What am i doing wrong?


(Amaury Levé) #3

Hi @Fr0zt,

Are you really expecting to have some issues on this project? The build status shows no warning so it seems normal you don’t see any Bug/Vulnerability/Code Smell on SonarQube.


(Hugo) #4

I think the code is ok but I am not sure.

From both methods I’ve stated above which one do you think it’s the best for doing scans in such a project? using sonnar-scaner or SonarScanner.MSBuild.exe?


(Amaury Levé) #5

Sorry I missed the second part of your initial question. In order to have C#/VB.Net features you HAVE TO use the Scanner for MSBuild.