Scanning uncompiled code

  • SonarQube Scanner: Version
  • what are you trying to achieve: scan uncompiled .NET and java code
  • what have you tried so far to achieve this: N/A

Is there any way to run a complete analysis of .NET without building the solution? We’re trying to run a security scan and due to client constraints, we are unable to compile the code.


Welcome to the community!

Sorry, but there’s really not. SonarCloud just introduced autoscan for Java (i.e., analysis without compile), but there are necessarily tradeoffs, & we can’t run the taint analysis rules without that compile.

On the .NET side (and the C, C++ side as it happens), we eavesdrop on the compile to gather the data we need to run the analysis correctly. So there’s just no analysis without compile for those languages.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.