How to Run Sonarqube Code Analysis for .Net Core (C#) on Linux

Analyse .NET code with SonarQube on Linux platform

First you need to have the appropriate plugins installed in your SonarQube server, so C# if it's not there already.

Then you'll install SonarQube Scanner for MSBuild on the Windows machine, and run the analysis there because full/proper analysis of .NET code requires MSBuild and that's not gonna work on Linux. Don't worry, there's no problem running the analysis on a different machine than the one that hosts your SonarQube server.

Essentially, you set up a build step to eavesdrop on the MSBuild execution, then you run the analysis based on the data gathered during the build.

Full details in the docs.

SonarQube MsBuild scanner on linux build agent

Now it is possible to run a sonar analisys on linux if you're using .NET Core 2.0 by doing the following:

dotnet <path to SonarScanner.MSBuild.dll> begin /k:"project-key"
dotnet build
dotnet <path to SonarScanner.MSBuild.dll> end

There is more info here

How to perform code analysis in sonarqube in docker in a ASP.NET web application

Thanks for your answers, but after a couple of hours, I decided to write a post in my blog in how to do it step by step.

I know that there is plenty of documentation, but there are many bits and pieces to touch before you can see the analysis done properly.

I decided to shared my views and result with you guys,

http://netsourcecode.blogspot.co.uk/2017/01/continuous-code-quality-with-net.html

have fun!

Sonar Qube for Ubuntu scans .NET project with success but no issues analyzed

Finally i found the solution my self after lot of experiments and search hope it will help others, Basically carefully observing the logs i noticed the following lines

INFO: Indexing files of module 'VulnerableCoreApp.sln'
INFO: Base dir: ./
INFO: 0 files indexed
INFO: 72 files ignored because of scm ignore settings

Which says that SCM (Source Control Management) is excluding all files for scanning, in sonar SCM used to either include or exclude files for scanning based on version control rules defined in the settings, in my case I was not interested to use SCM in the scanning so I disabled it, to include all files for scanning.

The command line switch did it all for me, you can also specify the switch in properties file of sonar project

-Dsonar.scm.disabled=True

The command now becomes

dotnet sonarscanner begin /k:"'myProjectKey'" /d:sonar.host.url="http://localhost:9000" /d:sonar.scm.disabled=True
dotnet build "myProject.sln"
dotnet sonarscanner end

Now all files are indexed for scanning and none of the files are ignored as SCM is now disabled, if you do want to use SCM then you have to change your SCM settings in sonar admin dashboard to address this issue.

SonarQube with .NET Core 1.1

Two aspects here:

on the Microsoft side: I believe .csproj is now the de-facto format (see this Q&A). Old formats (.xproj,project.json) should be migrated to csproj using VS2017 toolset.
on the SonarQube side: .Net Core projects are supported starting from Scanner for MSBuild v2.3

Sonar MSBuild: Getting coverage reports on Linux

Coverage reporting as also SonarQube integration is possible thanx to minicover.

Minicover now uses mini-OpenCover to generate (and upload to a SQ server) SQ-compatible coverage reports;
The procedure that should be followed more or less, scripted:

(assuming tools is the folder that performs the nugget installation for minicover)

echo "Starting sonarqube integration"
mono /home/pathTo/SonarQube.Scanner.MSBuild.exe begin /k:"MyProject" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="myLoginId" /d:sonar.cs.opencover.reportsPaths="coverage.xml"

dotnet restore
dotnet build
cd tools

export "MiniCover=dotnet minicover"

# Instrument assemblies inside 'MyTestFolder' folder to detect hits for source files inside 'MySrcFolder' folder
$MiniCover instrument --workdir ../ --assemblies MyTestFolder/**/bin/**/*.dll --sources MySrcFolder/**/*.cs 

# Reset hits count in case minicover was run for this project  
$MiniCover reset

cd ..    

dotnet test --no-build ./MyTestFolder/MyTest.csproj

cd tools    
# Uninstrument assemblies, it's important if you're going to publish or deploy build outputs
$MiniCover uninstrument --workdir ../

# Create html reports inside folder coverage-html
$MiniCover opencoverreport --workdir ../ --threshold 90

# Print opencover report
$MiniCover opencoverreport --workdir ../ --threshold 90

cd ..
echo "Ending sonarqube integration..."
mono /home/pathTo/SonarQube.Scanner.MSBuild.exe end /d:sonar.login="myLoginId"

More extensive discussion/details can be found on this and this threads.