What is the best practice regarding SonarQube and the Docker cache?

We currently use SonarQube for dotnet using the dotnet-sonarscanner v4.10 following the advice here. Our build chain uses bamboo for continuous integration, where the building of our dotnet projects occurs in docker for speed and reproducability. We are also using SonarQube as a pull request gate so that if the scanner finds issues the pull request will not be able to be merged.

The problem is that for Sonar to perform analysis and then publish to a specific branch it needs to be passed an ARG in our Dockerfile during the build stage. This frequently causes a docker cache miss and adds qa lot of additional time to our builds.

The only solution I can think of for this is to build the application once, run our test suite against it, and then build the application again, this time with sonar analysis. This would mean that the docker cache would be valid for as long as possible, thus making our builds faster, but I don’t find that a very good solution.

Can anyone provide any advice please?

1 Like

Hello @tomtomdurrant
And thanks for joining the SonarSource community!
Were you able to solve your issue since last week?
If not, can you explain what is the docker cache miss you mentioned? Do you really need to apply the build, test and analysis steps in distinct docker containers?

Side question, any reason for you to stick to the 4.10 version of the scanner?

Hi, I’ve not managed to solve this issue yet unfortunately.
Re the 4.10 version, I think it’s just technical debt we’ve not got round to updating.

I’ll try and explain my issue as best I can…bare with me.

So we have a full stack application, dotnet core backend and Angular front end. Our (somewhat) CI system runs on bamboo and we use sonar to provide per branch analysis to gate pull requests into our main branch. We have organised our Dockerfile in such a way that we perform our dotnet core restoring and building before our frontend building as the frontend code changes more frequently than the backend code.

If a developer changes just the front end code on a different branch, e.g. adds a new line to the front page (no server side change required), we would expect the cache to be valid right up until the front end comes to be built. However because of the change of bamboo branch, this would invalidate the cache at the point of sonar analysis, during the dotnet build stage.

Is there any way to accommodate utilizing the docker cache, whilst still being able to gather analysis from sonar to inform our pull requests?

I hope I’ve explained that well enough!


Hi, is there any response to this please?