ASP.NET Core Application Code Analysis Using SonarQube


The code quality is very important for any project and it’s a developer's responsibility to make sure the code which is written is clean by reviewing it. There are lots of tools available in the market to analyze the code. In this article we are going to learn about the SonarQube tool, it is a free and open-source tool in the community version. It performs code analysis, debugging, code smells, duplicate blocks, code coverage, and vulnerabilities.

Configuring the SonarQube

Before installing and configuring the SonarQube, we need to install Java -JDK, because the SonarQube scanner requires version 8 or 11 of the JDK.

Use the below link to download Java,

Once Java installation is completed, go to Advanced System Settings in the control panel -> System and Security-> System-> Advanced system setting.

Control Panel


Under “System variables”, select “Path” and click “Edit”.

System variables

Click “New” and add the path for “jdk-11.0.4\bin\”.

New Item

Click “OK”.

Download the SonarQube Community edition using the below link

Once the download is completed, unzip the file.

Go to sonarqube\bin\windows-x86-64 - >and run StartSonar.

Start Sonar


Once the SonarQube is up and running, you can open the dashboard in the browser using http://localhost:9000/, and log in as admin.

By default, the username: admin password: admin

I created an ASP.NET Core application using Visual Studio, now we are going to analyze the code using SonarQube.

Click on New Project in SonarQube running in the browser.


New project


Open the Visual Studio command prompt, switch to the project path, and provide the below command.

Command prompt

SonarScanner.MSBuild.exe begin /k:"[Project Name]" /"http://localhost:9000" /d:sonar.login="[Give your project token]"

Next, we want to rebuild the project using the below command.


MsBuild.exe [Project Solution file Name] /t:Rebuild /p:Configuration=Release /p:Platform="Any CPU" /p:TargetProfile=Local

The final step, end SonarScanner using the below command.

SonarScanner.MSBuild.exe end /d:sonar.login="Give your project token"

Now go to the SonarQube dashboard in the browser and switch to your project, you can see the code analysis report as shown below.


Let’s add some new code to the project to compare the report with the latest code update.

Run the below command to do further analyses to compare the new report with the old one, we need to provide the version number as given in the below command.

SonarScanner.MSBuild.exe begin /k:"[Project Name]" /"http://localhost:9000" /d:sonar.login="[Give Project Token]" /v:"[provide the version number]"

MsBuild.exe [Project Solution file Name] /t:Rebuild /p:Configuration=Release /p:Platform="Any CPU" /p:TargetProfile=Local

SonarScanner.MSBuild.exe end /d:sonar.login="Give your project token"

Project token

From the above figure, the highlighted part is the report based on the new code which we added recently.


We have seen how to install and configure the SonarQube in Windows to analyze the code quality of ASP.NET Core applications and how to take the comparison report based on versioning the report. Will see more about the code coverage analysis using SonarQube in my next article.