Sonar scanner for .NET Core in Jenkins Pipeline

Hi all,

I’m facing an issue triggering sconascanner for dotnet from my Jenkins pipeline
I’m not able to dynamically set the project Key during the scan ‘/k:’ for the projectKey
How can I fetch the project key? I’m looking at something like the below to trigger my scan where ${project_key} can be obtained from the project

bat label: ‘’, script: “cmd.exe /C dotnet sonarscanner begin /k:{project_key} /d:sonar.host.url={buildConfig.sonarUrl} /d:sonar.login=${sonarkey}”

Also, When I try to include sonar-project.properties in the repo, the execution fails with the following error

Using the .NET Core version of the Scanner for MSBuild
Post-processing started.
sonar-project.properties files are not understood by the SonarScanner for MSBuild

Thanks,
Krishna

Hello @krishnaarani
From what I understand, there is two questions here :
1.

Your projectKey can be retrieved from your SonarQube project overview, here :

image1507×577 62.1 KB

Yes, with the scanner for MSBuild, you pass all parameters from the command-line, exactly the way you did it.

Hope to help.
Regards,

Christophe

Thanks Christophe

I was looking at a dynamic way to fetch the “project-key” to trigger the scan through Jenkins pipeline.
After adding the “PackageReference” in the .csproj for sonarqube scanner tool, a “.sonarqube” folder gets generated with the run which contains “SonarQubeAnalysisConfig.xml” containing all the sonarqube configurations, including the SonarProjectKey. Looks something like below. My question was more towards, how I can grab the Project key from the properties into the SonarScanner “/k:” while we trigger the scan

PackageReference

    <PackageReference Include="MSBuild.SonarQube.Runner.Tool" Version="4.8.0" />
    <PackageReference Include="SonarAnalyzer.CSharp" Version="8.9.0.19135">
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
      <PrivateAssets>all</PrivateAssets>
    </PackageReference>
    <PackageReference Include="SonarQube.Scanner.DotNetCore.Tool" Version="4.3.1" />

SonarQubeAnalysisConfig.xml

<?xml version="1.0" encoding="utf-8"?>
<AnalysisConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
  <SonarConfigDir><--></SonarConfigDir>
  <SonarOutputDir><--></SonarOutputDir>
  <SonarBinDir><--></SonarBinDir>
  <SonarScannerWorkingDirectory><--></SonarScannerWorkingDirectory>
  <HasBeginStepCommandLineCredentials>true</HasBeginStepCommandLineCredentials>
  <SonarQubeHostUrl><--></SonarQubeHostUrl>
  <SonarQubeVersion>8.1.0.31237</SonarQubeVersion>
  <SonarProjectKey><--></SonarProjectKey>
  <AdditionalConfig>
    <ConfigSetting Id="BuildUri" />
    <ConfigSetting Id="TfsUri" />
    <ConfigSetting Id="settings.file.path" Value="C:\Users\.dotnet\tools\.store\dotnet-sonarscanner\4.8.0\dotnet-sonarscanner\4.8.0\tools\netcoreapp3.0\any\SonarQube.Analysis.xml" />
  </AdditionalConfig>
  <ServerSettings>
    <Property Name="sonaranalyzer-cs.nuget.packageVersion">8.6.1.17183</Property>
    <Property Name="sonar.cs.ignoreHeaderComments">true</Property>
    <Property Name="sonar.typescript.file.suffixes">.ts,.tsx</Property>
    <Property Name="sonar.groovy.file.suffixes">.groovy</Property>
    <Property Name="email.fromName">SonarQube</Property>
    <Property Name="sonar.python.xunit.skipDetails">false</Property>
    <Property Name="sonar.forceAuthentication">false</Property>
    <Property Name="sonar.notifications.delay">60</Property>
    <Property Name="sonar.groovy.ignoreHeaderComments">true</Property>
    <Property Name="sonar.groovy.jacoco.itReportPath">target/jacoco-it.exec</Property>
    <Property Name="sonaranalyzer-cs.ruleNamespace">SonarAnalyzer.CSharp</Property>
    <Property Name="sonar.cs.analyzeGeneratedCode">false</Property>
    <Property Name="sonar.builtInQualityProfiles.disableNotificationOnUpdate">false</Property>
    <Property Name="sonar.css.file.suffixes">.css,.less,.scss</Property>
    <Property Name="sonar.organizations.createPersonalOrg">false</Property>
And many more propreties....

Thanks,
Krishna

Hello @krishnaarani,

There are several different steps in this process and question that I’d like to clarify.

Our tools

To start with, the documentation about Jenkins and Analyzing .NET Solution section can be found here: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/

Do you have all steps done to be able to build and analyze your solution with static project key? Once you have it, we can try to help you with improving the script.

3rd party tools

Second thing is about your MSBuild.SonarQube.Runner.Tool and SonarQube.Scanner.DotNetCore.Tool package references. We do not own nor maintain these packages. So we don’t have any information about how they work, how are they supposed to be used or if they can help you to solve your problem.

The project key is a solution level information. So I don’t know where these tools take the project key from since the package reference is inside a .NET Project and you can have several .NET Projects inside a solution.

The SonarQubeAnalysisConfig.xml that you can see is a product of SonarScanner for MSBuild begin step execution. So the scanner was already started with some project key. In this step, it’s too late to work with a project key.