SonarQube, Coverlet and .NET Core Code Analysis

Into to SonarQube

Nobody overlooks code quality check-in 2020, there a quite a few tools to do it. SonarQube is one of the tools – generally, SonarQube is being used in team projects. Mostly the SonarQube configuration is taken care of the DevOps guy in the team. On the other hand, developers also can install it in their PCs and use it to measure the quality of their code before performing a commit or push to the remote repository. SonaQube community edition is available for free in Windows, Linux, and Docker, but you need to purchase the “Developer” edition to get C, C++, Objective C, Swift, PL/SQL languages support. Since we’re in 2020, most of the people prefer the docker way so its:

docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube

to run SonarQube server. Meanwhile, this also can be hosted in a VM running locally or in a cloud service.

Scanning the .NET Core Code

Before scanning the .net core code, you need to install the “dotnet-sonarscanner” tool in your local machine by executing dotnet tool install --global dotnet-sonarscanner in the command-line, assuming you have already installed .NET core SDK.

After installation of “dotnet-sonarscanner”, the folder which has the .sln file shall be navigated in the command-line to start the code analysis using SonarQube, execute the below

dotnet sonarscanner begin /k:"[project-key]" /[sonarqube-server-machine-identifier]:9000 /d:sonar.login=[user-name] /d:sonar.password=[password]

If you are using docker, you shall not provide the “/d:sonar.login” and “/d:sonar.password” parameters. “/k:” parameter is the project key, if you are scanning for the first time, you can provide a meaningful value there, which will also be taken as the project name, or you if you have an existing sonarqube project – you shall pass the key of that project. The above execution will perform the pre-processing tasks to analyze the code. On successful execution of pre-processing, you would see “Pre-processing succeeded.” message in the command-line window. Then we need to perform the MSBuild task by executing:

dotnet build

Once, build is successful – we have to end the code analysis by executing the following command:

dotnet sonarscanner end /d:sonar.login=[user-name] /d:sonar.password=[password]

If you provided the “/d:sonar.login” and “/d:sonar.password” parameters in the beginner command, you also should provide them in the end command as well. On successful completion, you will see a message similar to the below:

ANALYSIS SUCCESSFUL, you can browse http://sonarqube-server-machine-identifier:9000/dashboard/index/project-name

Now you shall go to that URL and view the report.

Code Coverage

Code coverage is an important KPI in software development projects, there are various tools to analyze the code coverage. “Coverlet” is one of them. You can add it to your test project by performing dotnet add package coverlet.msbuild in the test project. Once added, you shall use dotnet test /p:CollectCoverage=true
command to get the results of your code coverage.

SonarQube Code Coverage Integration

Coverlet can output the code coverage results in “OpenCover” format, if you define the format in the command-line execution adding and additional parameter like below:

dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover

successful execution will result in a “coverage.opencover.xml” file in the test project directory. This output can be used as an input for the sonarqube “/d:sonar.cs.opencover.reportsPaths” parameter to include the code coverage results also in the sonarqube analysis report as below (“/d:sonar.cs.opencover.reportsPaths” parameter excludes the .cs files related to the tests in the code coverage process):

dotnet sonarscanner begin /k:"[project-key]" /[sonarqube-server-machine-identifier]:9000 /d:sonar.login=[user-name] /d:sonar.password=[password] /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"

After this, execute the build command followed by sonarscanner end command.


Happy Coding!

One thought on “SonarQube, Coverlet and .NET Core Code Analysis

  1. Order of commands (assuming the sonarqube server is running in a VM):
    1) dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover

    2) dotnet sonarscanner begin /k:”samplecalc” / /d:sonar.login=s_admin/d:sonar.password=password /d:sonar.cs.opencover.reportsPaths=”**/coverage.opencover.xml” /d:sonar.coverage.exclusions=”**Tests*.cs”

    3) dotnet build

    4) dotnet sonarscanner end /d:sonar.login=s_admin /d:sonar.password=password

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s