SonarQube Developer version 10.4.1 installed on Windows OS in Azure.
SonarQube plugin installed from Azure DevOps marketplace
Trying to perform static code analysis on Unity projects. Unity projects are based on C#/C++
I’ve tried a few things but could not get it to work. I have setup SonarQube Developer edition on a virtual machine hosted in Azure.
I’m currently evaluating SonarQube Developer for our organization to scan various projects (Unity C#/C++ and PHP for other projects)
What is the preference to perform static code analysis on Unity projects using Azure DevOps Pipelines?
Should SonarQube Developer edition scan the Unity source code or does it scan the artifacts I am generating (i.e. apk files and zip files)?
Is there a Azure DevOps pipeline yaml file I can reference to see how you are scanning Unity projects? If yes, are you scanning source files or artifacts (apk, zip)?
Over the years we’ve had some questions about how you can analyze your C# Unity projects and… it’s complicated.
You can run benefit from our analysis when developing in Visual Studio or Rider by installing the SonarLint extension.
To run an analysis in SonarQube or SonarCloud you will need to have a csproj file which our scanner requires (to be clear, SonarCloud analyzed source code, not artifacts). It seems that there are a number of ways to achieve this that we won’t document here, you can read more on this thread
When you run an analysis you may want to customise your quality profile as not all rules may work well in a Unity application.
At the moment we cannot see a simple way to achieve CI integration. If you have any thoughts on this we’d love to hear it. We’re particularly interested to understand how you setup your CI pipelines and whether these include a csproj.