SonarCloud for Docker Windows Container

We have a SonarCloud subscription. We have a .NET standard (not .NET core) project we want to scan. Ideally, we want to do this in our Azure DevOps pipeline. However, our application runs in a docker container and does not really have a build step. In the dockerfile, we just copy our website files into /inetpub/wwwroot/appname, remove the default website (IIS), and make a new website with those copied files. I’ve been trying for over a week now many different ways of getting this working, but I’m basically at a wall.

Some additional info:
I tried to do this in the ADO pipeline, but it wouldn’t work. I also tried copying the website files out of the container onto the build agent and scanning it there but I also couldn’t get that to work. After doing some reading, I found that it may be a better idea to try and run the scan from inside my docker container - whether that be during the docker build or after, I haven’t figured out and am basically open to whatever at this point.

Right now, I’m trying to build my container, then run it, then run the following commands (maybe I’m going about it wrong?):

Begin scan

SonarScanner.MSBuild.exe begin /k:“my-key” /o:“my-org” /d:sonar.token=“my-token” /“

Build the project

MSBuild.exe “path to .sln file” /t:Rebuild

End scan

SonarScanner.MSBuild.exe end /d:sonar.token=“my-token”

I have gotten the begin command to run successfully a few times, but whenever I try the rebuild step, I always get some kind of error, the latest of which is:
ASPNETCOMPILER : error ASPCONFIG: Could not load file or assembly ‘System.ValueTuple, Version=, Culture=neutra
l, PublicKeyToken=cc7b13ffcd2ddd51’ or one of its dependencies. The located assembly’s manifest definition does not mat
ch the assembly reference. (Exception from HRESULT: 0x80131040) [C:\inetpub\wwwroot\appname\appname.metap

At this point, I’m wondering if I’m even going about any of this in the right way and would greatly appreciate some guidance so I can find a path forward.


Hey there.

If I’m not mistaken, based on your description of your project and this log line, this is a website project is normally compiled on the fly by the ASP runtime. This will make analysing your code difficult.

Take a look at this post:

You are not mistaken. And I’m not sure I have the chops to do option a or b in that other post’s reply…

Not good! :frowning:

Do most similar solutions to SonarQube have this limitation as well?

As a normally compiled language, most modern sophisticated analysis tools will run into this issue as they are built on top of the Roslyn analyzers.