SonarQube Developer and BitBucket integration for .NET Framework project

Hello,

we have solution with .NET Framework 4.7 projects and React projects together. We want to intgrate SonarQube Developer with BitBucket pipeline and use PR decorations. Currently we’re testing SonarQube Developer DEMO version. Because we cannot compile the solution with “dotnet build” command, I guess we cannot use .NET bitbucket-pipelines.yml file as it uses “dotnet build”. Question 1: is it possible to use MSBuild in BitBucket pipelines, as I cannot find any information about suitable docker image?

I’ve tried simple bitbucket-pipelines.yml available for other languages: “Other (for Go, python, PHP, …)”.

definitions:
  steps:
    - step: &build-step
        name: SonarQube analysis
        script:
          - pipe: sonarsource/sonarqube-scan:3.0.2
            variables:
              SONAR_HOST_URL: ${SONAR_HOST_URL} # Get the value from the repository/workspace variable.
              SONAR_TOKEN: ${SONAR_TOKEN} # Get the value from the repository/workspace variable. You shouldn't set secret in clear text here.
  caches:
    sonar: ~/.sonar

clone:
  depth: full

pipelines:
  branches:
    '{nf/33755}':
      - step: *build-step

  pull-requests:
    '**':
      - step: *build-step

but as I see in logs it probably analyses only javascript files:

08:42:46.539 INFO  Starting analysis with current program
08:42:51.843 INFO  4/990 files analyzed, current file: ReactPages/src/api/spedycja/customsOrder.api.js
08:43:01.843 INFO  14/990 files analyzed, current file: ReactPages/src/Spedycja/Folder/folder.reducer.js
08:43:11.861 INFO  44/990 files analyzed, current file: ReactPages/src/Spedycja/Folder/folder.actions.js
08:43:22.187 INFO  49/990 files analyzed, current file: ReactPages/src/Spedycja/CustomsOrder/customsOrder.actions.js
08:43:32.147 INFO  49/990 files analyzed, current file: ReactPages/src/Spedycja/CustomsOrder/customsOrder.actions.js
08:43:44.367 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:43:54.055 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:44:04.847 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:44:14.654 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:44:25.881 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js

Besides it throws an error:

08:45:16.684 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:45:23.961 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:45:34.179 INFO  50/990 files analyzed, current file: ReactPages/src/api/spedycja/customerOrder.api.js
08:45:41.613 INFO  Time spent writing ucfgs 3003ms
08:45:41.711 INFO  Hit the cache for 0 out of 51
08:45:41.717 INFO  Miss the cache for 51 out of 51: ANALYSIS_MODE_INELIGIBLE [51/51]
08:45:41.707 ERROR Failed to get response while analyzing file:///opt/atlassian/pipelines/agent/build/ReactPages/src/Spedycja/customerOrder/customerOrder.actions.js
java.lang.IllegalStateException: The bridge server is unresponsive
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.request(BridgeServerImpl.java:435)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.analyzeJavaScript(BridgeServerImpl.java:

Before I start fixing the error I need to know: (question 2) is this kind of analyzing .NET framework project sensible?

I’ve found .NET framework specific integration. It is available in “Analysis Method > Locally”:

SonarScanner.MSBuild.exe begin /k:"VIA-TMS-LOCAL" /d:sonar.host.url="http://example.com:9000/" /d:sonar.token="sqp_XXX"
MsBuild.exe /t:Rebuild
SonarScanner.MSBuild.exe end /d:sonar.token="sqp_XXX"

Question 3: Can this method be used for BitBucket PR decorations?

Kind regards,
Mariusz

Hey there.

Indeed, you cannot use the sonarsource/sonarqube-scan to analyze .NET code as documented. You must use the SonarScanner for .NET.

Ignoring SonarQube, What does your build look like today? Does it run in Bitbucket Pipelines? As of last year, Atlassian states Pipelines builds that run on Atlassian’s infrastructure don’t support .NET framework but only .NET Core., so you would need to have a self-hosted Windows runner.

Hello Colin,

thank you for clarifications about .NET code analysys.

Currently our build runs on our local Jenkins server. The whole process is:

1. Get source code from BitBucket (BB) repository, make changes in new local branch, commit and push branch to BB.
2. Create a Pull Request (PR) in BB. PR runs pipeline that generates comment in our local REDMINE system.
3. Approve PR in BB
4. Get source code from BB to our local JENKINS server. Build package for the client.

We would like to use Pull Request Decorations in step 2. Is it possible with SonarScanner for .NET?

I’ve found Decorating a Pull Request — Jenkins + Bitbucket + SonarQube and I see it uses scanner options:

sonar.pullrequest.key
sonar.pullrequest.branch
sonar.pullrequest.base

Unfortunately, I cannot find those options in Using the SonarScanner for .NET

You’re probably looking for the Jenkins Extension for SonarQube Server. You can find details for adding the analysis for .NET in Jenkins here.

Yes – PR Decorations work just fine with the Scanner for .NET. And the values for the sonar.pullrequest.* values should be picked up automatically if you’re using the Bitbucket branch source plugin.