Into to SonarQube
Nobody overlooks code quality check-in 2020, there a quite a few tools to do it. SonarQube is one of the tools – generally, SonarQube is being used in team projects. Mostly the SonarQube configuration is taken care of the DevOps guy in the team. On the other hand, developers also can install it in their PCs and use it to measure the quality of their code before performing a commit or push to the remote repository. SonaQube community edition is available for free in Windows, Linux, and Docker, but you need to purchase the “Developer” edition to get C, C++, Objective C, Swift, PL/SQL languages support. Since we’re in 2020, most of the people prefer the docker way so its:
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
to run SonarQube server. Meanwhile, this also can be hosted in a VM running locally or in a cloud service.
Scanning the .NET Core Code
Before scanning the .net core code, you need to install the “dotnet-sonarscanner” tool in your local machine by executing
dotnet tool install --global dotnet-sonarscanner in the command-line, assuming you have already installed .NET core SDK.
After installation of “dotnet-sonarscanner”, the folder which has the .sln file shall be navigated in the command-line to start the code analysis using SonarQube, execute the below
dotnet sonarscanner begin /k:"[project-key]" /d:sonar.host.url=http://[sonarqube-server-machine-identifier]:9000 /d:sonar.login=[user-name] /d:sonar.password=[password]
If you are using docker, you shall not provide the “
/d:sonar.login” and “
/d:sonar.password” parameters. “
/k:” parameter is the project key, if you are scanning for the first time, you can provide a meaningful value there, which will also be taken as the project name, or you if you have an existing sonarqube project – you shall pass the key of that project. The above execution will perform the pre-processing tasks to analyze the code. On successful execution of pre-processing, you would see “
Pre-processing succeeded.” message in the command-line window. Then we need to perform the MSBuild task by executing:
Once, build is successful – we have to end the code analysis by executing the following command:
dotnet sonarscanner end /d:sonar.login=[user-name] /d:sonar.password=[password]
If you provided the “
/d:sonar.login” and “
/d:sonar.password” parameters in the beginner command, you also should provide them in the end command as well. On successful completion, you will see a message similar to the below:
ANALYSIS SUCCESSFUL, you can browse http://sonarqube-server-machine-identifier:9000/dashboard/index/project-name
Now you shall go to that URL and view the report.
Code coverage is an important KPI in software development projects, there are various tools to analyze the code coverage. “Coverlet” is one of them. You can add it to your test project by performing
dotnet add package coverlet.msbuild in the test project. Once added, you shall use
dotnet test /p:CollectCoverage=true command to get the results of your code coverage.
SonarQube Code Coverage Integration
Coverlet can output the code coverage results in “OpenCover” format, if you define the format in the command-line execution adding and additional parameter like below:
dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
successful execution will result in a “coverage.opencover.xml” file in the test project directory. This output can be used as an input for the sonarqube “
/d:sonar.cs.opencover.reportsPaths” parameter to include the code coverage results also in the sonarqube analysis report as below (“
/d:sonar.cs.opencover.reportsPaths” parameter excludes the .cs files related to the tests in the code coverage process):
dotnet sonarscanner begin /k:"[project-key]" /d:sonar.host.url=http://[sonarqube-server-machine-identifier]:9000 /d:sonar.login=[user-name] /d:sonar.password=[password] /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
After this, execute the build command followed by sonarscanner end command.