I’m new to Sonar and need guidance in setting-up Sonar appropriately for my CI needs. I have both .net core and .net framework solutions on which I have setup CI.
I have followed instructions in the documentation here - https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS#space-menu-link-content
My CI Setup -
Task 1: Prepare Analysis on SonarQube
Sonar is not hosted on my build server. So, I’ve set “Choose the way to run the analysis” to “Use standalone scanner” and “Mode” is set to “Manually provide configuration (I know, that configurations are not to be provided manually and is not recommended. I’ll change this later)”
Task 2: Dotnet restore (Nuget package restore for .net core solution)
Task 3: Dotnet build (for .net core solution)
Task 4: Nuget restore (Nuget package restore for .net framework solution)
Task 5: MsBuild (for .net core solution)
Task 6: Run Code Analysis
Task 7: Publish Quality Gate Result
TFS Version - 16.131.*
SonarQube - 5.6.6
Upon queuing a build:
I see the Run code analysis task fails with an error, “sonar.cs.fxcop.assembly” must be set and the project must have been built to execute FxCop rules. This property can be automatically set by the Analysis Bootstrapper for Visual Studio Projects plugin, see: http://docs.codehaus.org/x/TAA1Dg.If you wish to skip the analysis of not built projects, set the property “sonar.visualstudio.skipIfNotBuilt”.
I’ve seen another article - [RFF] Release Candidate of FxCop Plugin that claims to have resolved the “sonar.cs.fxcop.assembly” issue. I guess, I should upgrade my SonarQube installation from 5.6.6 to latest and update the installed plugins and see what happens
I have another question to ask as well -
When I setup the “Prepare Analysis on SonarQube” task I selected “Use standalone scanner” as I needed Sonar to analyze both .net core and .net framework code. I hope this thought is correct?