VSTS-TFS - Code analysis for both .net core and .net framework solutions

dotnet
fxcop
sonarqube

(Kiran Mahadev) #1

Hi,

I’m new to Sonar and need guidance in setting-up Sonar appropriately for my CI needs. I have both .net core and .net framework solutions on which I have setup CI.

I have followed instructions in the documentation here - https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS#space-menu-link-content

My CI Setup -
Task 1: Prepare Analysis on SonarQube
Sonar is not hosted on my build server. So, I’ve set “Choose the way to run the analysis” to “Use standalone scanner” and “Mode” is set to “Manually provide configuration (I know, that configurations are not to be provided manually and is not recommended. I’ll change this later)”
Task 2: Dotnet restore (Nuget package restore for .net core solution)
Task 3: Dotnet build (for .net core solution)
Task 4: Nuget restore (Nuget package restore for .net framework solution)
Task 5: MsBuild (for .net core solution)
Task 6: Run Code Analysis
Task 7: Publish Quality Gate Result

TFS Version - 16.131.*
SonarQube - 5.6.6

Upon queuing a build:
I see the Run code analysis task fails with an error, “sonar.cs.fxcop.assembly” must be set and the project must have been built to execute FxCop rules. This property can be automatically set by the Analysis Bootstrapper for Visual Studio Projects plugin, see: http://docs.codehaus.org/x/TAA1Dg.If you wish to skip the analysis of not built projects, set the property “sonar.visualstudio.skipIfNotBuilt”.

I’ve seen another article - [RFF] Release Candidate of FxCop Plugin that claims to have resolved the “sonar.cs.fxcop.assembly” issue. I guess, I should upgrade my SonarQube installation from 5.6.6 to latest and update the installed plugins and see what happens

I have another question to ask as well -
When I setup the “Prepare Analysis on SonarQube” task I selected “Use standalone scanner” as I needed Sonar to analyze both .net core and .net framework code. I hope this thought is correct?


(Daniel Wehrle) #2

Hi,
you only Need to update the plugin, but in the Moment it is just a release candidate Version.
But please note .net core is not supported by FxCop.exe (what is part of vs and used for the scan) so you can not scan .net core Projects with the fxcop plugin.
I plan to Support this with a future release, see the github Project of the plugin(https://github.com/DanielHWe/sonar-fxcop/issues/18).
Best,
Daniel