Sonar Scan with App Center Xamarin

avinashk · September 5, 2019, 3:24pm

Hi All,

I want to know if we can integrate sonarqube with App Center by microsoft.
we have a xamarin app and need to do static scan with App Center.

Let me know how can we achieve it.

Thanks,
Avinash

duncanp · September 5, 2019, 4:43pm

Hi @avinashk. Welcome to the community.

We don’t have any specific integration with App Center. However, if I remember correctly it is possible to run scripts as part of an App Center build, so you should be able to write a custom script.

I’m guessing you’re writing in C# or VB so you’ll need to use the Scanner for MSBuild. The docs page describes how to call the scanner from the command line.

Your script would need to download and unzip the scanner first, then call the begin step before the build and the end step after the build.

avinashk · September 5, 2019, 5:04pm

Hi Duncan,

Thanks for your quick reply.

Once the scan has done on the code , Is there any way i could get the result of scan through script ?. (if failed in quality i wish to cancel the deployment).

Regards,
Avinash

sajalgolas · September 17, 2019, 7:37am

Hi @duncanp, i want to integrate Sonarqube with my mobile app CI/CD pipeline of IOS & Android application on Visual Studio App Center and the platform is React Native.

I’m unable to find any docs/option in Visual Studio App Center. is it possible ?

avinashk · September 17, 2019, 1:03pm

Hi Sajal,

App center clone code on its data center and one need to write script to download sonarqube and scan code there. You may need sonar server to check report after scan else could verify in build logs.

We are trying the same for Xamarin app, You could contact App Center support team for that.

duncanp · September 23, 2019, 4:35pm

Hi @avinashk,

SonarQube/SonarCloud have web APIs that let you fetch the results of a particular analysis.
For SonarCloud, the list of available APIs is here. If you are using SonarQube you’ll find a link to the API documentation at the bottom of your SonarQube home page.

At a very high-level, you’d need to fetch the analysisId from the file report-task.txt that the scanner end writes to disk. You’d then need to poll the SonarQube server until the server-side processing has completed. You can then check the outcome of the analysis.

Effectively you’d need to make the same calls as in Simon de Lang’s SonarQube build breaker Azure extension that breaks the build if the analysis failed. Looking at the code for that plugin should help work out exactly what you need to do.

sajalgolas · September 26, 2019, 7:52am

Hi @avinashk ,

My sonar server is hosted on Azure and publicly accessbile. Can i pass the same server reference along with my build ?