Sonarqube Installation Process And Viewing Quality Report For .Net Projects

Sonar is an open source platform, which is used by development teams to maintain the code quality. It has been developed with a main objective in mind to make the code quality management accessible to everyone with minimal effort. It provides code analyzers, reporting tools, detects hunting modules etc.

SonarQube is an open platform to manage the code quality. It covers 7 axes of code quality.


Prerequisites and assumptions

  • Assume that you have a .NET source code that compiles with no errors and generates .pdb files.
  • Install .NET reference assemblies.
  • Install Java JDK here.

Once JVM is installed in your system, you can run SonarQube with the steps given below.

Step 1

Download SonarQube setup online for the testing purpose.

Step 2

Let's say you have downloaded setup files and placed them in your D\, as shown below.


Open a command Window and run D\Santosh\Practices\2016\SonarQube\sonarqube-5.1\bin\windows-x86-64\StartSonar.bat (or -x86-32 for 32-bit machines).

Once, you run “StartSonar.bat” batch file, the command prompt will give you the screen, as shown below.


Step 3

After Step 2 completes, if you try to access SonarQube Server at http//localhost9000, then it should be able to access it. The default username/password is admin/admin. If you observe the Server port number, which is "9000" and you want to change it to another port number, then you can change it to another port number as well. Please refer to the screenshot given below, where you can change the port number.


In the same way, if you want to change the default user credentials, then you can do it from the screenshot given above.

Step 4

Open a new Windows Command prompt and navigate to the "D\Santosh\Practices\2016\SonarQube\sonar-runner-dist-2.4\sonar-runner-2.4\bin" folder and run "sonar-runner –h". This will show you the usage statement; if things are working fine.

Step 5

Change the conf/sonar-runner.properties file. This has configuration items, which are used by the runner and a few of which can be overridden in the project's config file. Up to a minimum extent, you need to set the sonar.host.url to point to where you have your Sonar Server running and the database configured. For reference, refer  to the screenshot given below.


 

  1. sonar.projectKey=OWASP  
  2. sonar.projectVersion=1.0  
  3. sonar.projectName=OWASP  
  4.  
  5. # Info required for Sonar   
  6. sonar.sources=.  
  7. sonar.language=cs   
  8.  
  9. #Core C# Settings  
  10. sonar.dotnet.visualstudio.solution.file=OWASP.sln  
  11. #sonar.silverlight.4.mscorlib.location=C:/Program Files (x86)/Reference Assemblies/Microsoft/Framework/Silverlight/v4.0  
  12. sonar.dotnet.excludeGeneratedCode=true  
  13. sonar.dotnet.4.0.sdk.directory=C:\Windows\Microsoft.NET\Framework64\v4.0.30319  
  14. sonar.dotnet.version=4.0   
  15. # To prevent any issues while analyzing multiple solutions containing projects with similar keys  
  16. # Will be set by default to safe starting at version 2.2: http://jira.codehaus.org/browse/SONARDOTNT-339  
  17. sonar.dotnet.key.generation.strategy=safe  

 

Step 6

Copy C plugin (\Sonar\sonar-csharp-plugin-4.1.jar) files into the /extensions/plugins location of your SonarQube Server installation folder. For reference, find the screenshot given below.


Step 7

Each Solution should have its own sonar-project.properties file. Please find the screenshot given below for reference.


Step 8

In sonar-project.properties file, you can find the project identification section, where you should configure the project key, which is used by the SonarQube Server to group analysis report with time and at the same time, it provides your project name in the UI etc. This should be unique across all the projects. The project version can be used to track different branches.


Now, describe the source code layout. The sources field points to the top-level folder, where  the source code exists. If your .sln and .csproj files have a relative file location internally, then this should be the top-level folder location. Let's assume you do not have any strange layouts.This will likely be the same folder as your .sln file (where your .properties file exists), so it can just be "." If your language used is C, then you can set sonar.language = cs. See the image given below for easy understanding.


Step 9

In sonar-project.properties file, you can find C specific settings, where you should configure the information like where the .sln file exists and which version of .NET; you are using and where the key libraries are located. The screenshot is given below for the reference.


Step 10

Run the highlighted batch file given below, using Windows command prompt from its physical location.


You will see the SonarQube runner start up by listing some details like the working folder etc. If there are any errors, then you will receive an exception. Sometimes the received exception details are enough to troubleshoot the issue and sometimes the exception details are not enough to resolve the issue. In such scenarios, you need to run with the -X command line argument to get more details when the error occurs.

For instance, you have received a source file parsing fail error. You can see this in 2 ways, which are given below.

  1. Maybe the files do not end up in the SonarQube Web UI.
  2. Something like the below error shows in the runner log


You can resolve such issues by setting the encoding in your sonar-runner.properties file or in sonar-project.properties file.


Step 11

View SonarQube Report

Once you run successfully, then you can see the results in SonarQube Server page with port number 9000 (http//localhost9000/). Here, the port number is 9000, which is a default port number. If you want to change the port number, as per your need, then you can change it in the sonar.properties file.

In the SonarQube Server home page, you can see the configured Application with the provided Application's solution name. The home page of the Application will show you the project's quality control with a few configurable metrics.


To get the complete report, you can click on the project and get its dashboard.


If you observe the screenshot given above, then you can find 3 fields Critical, Major and Minor. Thus, as per the report in your project code, you have 24 critical issues, 678 major issues and 1536 minor issues. When you click on any item, which is either critical or major or minor, then you will get a complete list of issues in each section. Also, SonarQube will tell you what is the wrong with your code and how can you rectify it.

SonarQube is one of the best tool to optimize your code in the best way and it helps you to minimize the risk. It also helps you to boost your Application performance.