SonarCloud Azure DevOps task fails with Newtonsoft.Json MissingMethodException in scanner ≥ 11.x (wo

Title:
SonarCloud Azure DevOps task fails with Newtonsoft.Json MissingMethodException in scanner ≥ 11.x (works when pinned to 10.4.1)

Description:
After upgrading the SonarCloud Azure DevOps integration to versions using .NET scanner 11.x (≥ 11.0.0.126294), pipelines started failing consistently during analysis with a runtime exception related to Newtonsoft.Json.

This issue occurs when using:

• SonarCloudPrepare@4 (scannerMode: dotnet)

• Azure DevOps pipelines (self-hosted agent)

• Modern .NET SDK (tested with .NET 10)

Error Output:

##[error]Unhandled Exception:
##[error]System.MissingMethodException: Method not found: 
'System.String Newtonsoft.Json.Linq.JToken.ToString(Newtonsoft.Json.Formatting)'.

Expected Behavior:
SonarCloud analysis should run successfully using the latest scanner version without runtime dependency conflicts.

Actual Behavior:
Pipeline fails during Sonar analysis phase with MissingMethodException, indicating a runtime dependency mismatch.

Key Finding / Regression Evidence:
The issue is version-specific and reproducible:

• Scanner 11.x (≥ 11.0.0.126294) → fails

• Scanner 10.4.1.124928 → works reliably

This confirms a regression introduced in scanner 11.x.

Working Configuration (Workaround):

- task: SonarCloudPrepare@4
  inputs:
    SonarQube: 'SonarQube Cloud Service'
    organization: 'organization'
    scannerMode: 'dotnet'
    dotnetScannerVersion: '10.4.1.124928'
    projectKey: 'projectKey'
    extraProperties: |
      sonar.exclusions=**/bin/**,**/obj/**,**/Migrations/**,**/*.Designer.cs,**/*.g.cs,**/wwwroot/**
      sonar.cs.vscoveragexml.reportsPaths=coverage.xml
      sonar.coverage.exclusions=**/*.g.cs,**/*.Designer.cs,**/Migrations/**

Impact:

• Blocks CI/CD pipelines using SonarCloud Azure DevOps tasks

• Prevents PR validation and quality gate enforcement

• Requires manual version pinning

• Root cause was non-obvious; took ~3 days to diagnose

Suspected Root Cause:
A dependency/runtime incompatibility involving Newtonsoft.Json introduced in scanner 11.x:

• Scanner likely depends on a different version of Newtonsoft.Json

• Azure DevOps agent runtime loads another version

• Results in method resolution failure (MissingMethodException)

Environment:

• Azure DevOps (self-hosted agent, Windows)

• SonarCloud Azure DevOps Extension

• Scanner:

  • Failing: ≥ 11.0.0.126294

  • Working: 10.4.1.124928

• .NET SDK: 10.0.x

• Java: JDK 21

Severity: High
(Breaks CI pipelines and PR analysis)

Recommendation:

• Fix dependency packaging / binding compatibility in scanner 11.x

• Ensure isolated runtime dependencies (avoid host conflicts)

• Add clearer diagnostics for dependency loading failures

image1033×862 122 KB

Hi @esinoheh,

Thanks for the detailed report — this helped us track down the root cause.

What’s happening

Scanner 11.x introduced telemetry code that calls JToken.ToString(Formatting.None). This overload was added in Newtonsoft.Json 13.0.4 (which scanner 11.x ships with) and does not exist in 13.0.3.

The problem is that both 13.0.3 and 13.0.4 share the same assembly identity (AssemblyVersion = 13.0.0.0). On .NET Framework, the GAC takes precedence over the application directory for strong-named assemblies. If your self-hosted agent has Newtonsoft.Json 13.0.3 in the GAC — which can happen via Visual Studio or other developer tooling — the CLR loads 13.0.3 instead of the 13.0.4 bundled with the scanner. The method is then not found at runtime.

This does not affect Microsoft-hosted agents because they have a clean environment.

Workarounds

1. Pin to 10.4.1 as you are already doing — this version was compiled against Newtonsoft.Json 13.0.3 and does not call the new ToString(Formatting) overload, so it is not affected by this GAC conflict
2. Upgrade the tool that installed Newtonsoft.Json 13.0.3 into the GAC on your agent machine. Common sources include Visual Studio and other developer tooling. Upgrading them to a version that ships with 13.0.4 or later will update the GAC entry and allow the scanner to resolve the correct version at runtime. Alternatively, you can download 13.0.4 directly from the Newtonsoft.Json releases — the assembly is in Json130r4.zip under Bin\net45\Newtonsoft.Json.dll — and register it in the GAC manually using gacutil

Fix

We are tracking a fix in the scanner to use the older ToString(Formatting, params JsonConverter[]) overload which exists in both 13.0.3 and 13.0.4, making the scanner resilient to this GAC conflict.

Thanks again for the thorough investigation on your end!

We have merged a fix for this issue: https://github.com/SonarSource/sonar-scanner-msbuild/pull/3101

The fix uses the ToString(Formatting, params JsonConverter[]) overload which exists in all Newtonsoft.Json 13.x versions, making the scanner resilient to older versions being present in the GAC.

The fix is not yet released. Release is a two-step process: the scanner will be released first, followed by the Azure DevOps extension about a week later. Once the scanner is released, you can pick up the fix immediately by pinning to the new version using the dotnetScannerVersion property in your SonarCloudPrepare@4 task, without waiting for the extension update.

I’ll update dependencies on my side to use a latest version

Thanks

Hello,
we just released a hotfix for this.
It will be available as default version early next week on Azure DevOps, meanwhile you can pin to 11.2.1.

Thanks!