SonarScanner for .NET in Docker on Linux (Global Tool)

I am trying to install the SonarScanner for .NET in Docker, on Linux using the Global Tool method. However, I cannot get it to work. The documentation is also not very clear to me.

I currently have SonarQube server running in one container. It seems to be running fine. I am now trying to add a SonarScanner for .NET in a new Docker container with “” as base image.

I installed the scanner using

dotnet tool install --global dotnet-sonarscanner

However, when I try to run it, I get an error

dotnet sonarscanner begin /k:"project-key" /d:sonar.login="<token>"
> Could not execute because the specified command or file was not found.

When installing the tool DotNet complained about the tool’s path not being available in the PATH environment variable. I have added the following to the “.bash_profile” file:


Not sure if that is correct.

The documentation does not mention any configuration that needs to happen for the global tool version of the scanner, however, elsewhere on the page it does say that the " SonarQube.Analysis.xml" file needs to be updated. In my case there seem to be 3 of them. One for each of the below frameworks:

  • netcoreapp2.0
  • netcoreapp3.0
  • net5.0

Do I need to update all the files or just for the version I will be using?

I have now updated the netcoreapp3.0 version of the file. But now, how does SonarQube know the scanner exists? How does it know how to reach it? Can I somewhere see what Scanners are available to SonarQube?

Hey there.

A good measure on where the issue is would be to find out if other global tools work (like dotnetsay). This would help you isolate an issue with your .NET installation as opposed to the scanner.

I agree the documentation isn’t super clear on your last point – you should only have to update it for the scanner you’re using, but you can also forgo the configuration file at all (which mostly becomes irrelevant in a CI/CD context) and just pass /<sonarqube_url> to the begin step, like sonar.login is.

Hey Colin,

Your suggestion helped me forward. Here are some of the steps I took that made the dotnet-sonarscanner available for use. Maybe they can be added to the documentation as well:

I had to make sure the path to the dotnet tools was added to the $PATH variable. I thought I did so, but it seems I misinterpreted the suggestion dotnet provides when installing a global tool. This is the correct way:

  1. Edit the “~/.bash_profile” file
  2. Add the following line: export PATH=“$PATH:/root/.dotnet/tools”
  3. Save the changes and exit
  4. Excute the following command to run the bash_profile: source ~/.bash_profile

After this I was able to simple run “dotnetsay” or “dotnet-sonarscanner”.

Now I have hit upon the next problem:

The token you provided doesn’t have sufficient rights to check license.

I’m not quite sure what to do with this. I created a token on the administrator account and used that to start the scanner.

I also have another question: Since I am starting the scanner using the dotnet-sonarscanner command on the scanner itself, I assume the scanner just kind of “dials home” with the results? In that case, how can a scan be triggered by a CI/CD pipeline? Does it need to connect directly to the scanner and execute the scan? Or is there a way to tell SonarQube that there is a new update in GIT it needs to scan?

You’re on the right track. The scanner connects to the SonarQube instance to get information it needs (which rules are active, for example), runs the analysis, and then uploads the results to SonarQube for processing.

The scanner runs during the pipeline, just like any other tool.

There are ready integrations for a variety of CI/CD tools – and, when you create new SonarQube project, you are offered tutorials in the SonarQube UI for how to integrate within your CI/CD pipeline.