We currently use SonarQube for dotnet using the dotnet-sonarscanner v4.10 following the advice here. Our build chain uses bamboo for continuous integration, where the building of our dotnet projects occurs in docker for speed and reproducability. We are also using SonarQube as a pull request gate so that if the scanner finds issues the pull request will not be able to be merged.
The problem is that for Sonar to perform analysis and then publish to a specific branch it needs to be passed an ARG in our Dockerfile during the build stage. This frequently causes a docker cache miss and adds qa lot of additional time to our builds.
The only solution I can think of for this is to build the application once, run our test suite against it, and then build the application again, this time with sonar analysis. This would mean that the docker cache would be valid for as long as possible, thus making our builds faster, but I don’t find that a very good solution.
Can anyone provide any advice please?