Azure DevOps Extension for SonarQube Cloud

The Azure DevOps extension for SonarQube Cloud makes it easy to integrate analysis into your Azure build pipeline. The extension allows the analysis of all languages supported by SonarQube Cloud. For more information, see Azure Pipelines integration overview.

This page explains how to install the extension. Once you have created and configured your SonarQube project, you can add SonarQube analysis to your Azure build pipeline.

Installation requirements

Installing the extension

1. Sign in to your Azure DevOps Services organization or Azure DevOps Server collection with the dedicated technical account you created in Importing your Azure DevOps organization. 
2. From the Visual Studio Marketplace, install the Azure DevOps extension for SonarQube Cloud by selecting the Get it free button.

If upgrading from a previous version of the extension

Smooth migration

The v3 extension embeds the latest version of SonarScanner for .NET and SonarScanner CLI. However, to allow a smooth migration, you can set up your Azure build pipeline to use a previous version of one of these scanners and thus, continue using a previous SonarQube tasks version until you’re ready to upgrade. See Using a specific version of SonarScanner for .NET or CLI. 

Prepare analysis configuration task: new scanner mode values

Allowable values for the scannerMode required property of the Prepare Analysis Configuration task have changed with the v7 extension. Please use the following in your @3 tasks:

• dotnet for the .NET mode
• cli for the CLI mode
• other for the Maven / Gradle mode

Deprecation notices

Version @2 tasks were deprecated in v3.0 and will be dropped in a subsequent release.

Previous versions

As new scanner versions are released, previous requirements and/or deprecations will be listed here.

Azure DevOps Extension for SonarQube Cloud v2.2.x

Because the current versions of the SonarScanner for .NET or SonarScanner CLI scanners are embedded and depending on your configuration, some additional setup may be required.  

• The SonarScanner for .NET has a new parameter for scanning multiple languages. The Multi-language analysis article has full details. 
• If you want to specify the exact .NET or CLI scanner version, use the msBuildVersion and cliVersion properties. Please check the Using the Prepare Analysis Configuration task article below for details.

When specifying a particular scanner version, internet access is required by the pipelines calling the .NET or CLI scanners:

• Access to github.com is required to download previous versions of the SonarScanner for .NET. If you are white-listing sonarcloud.io, GitHub and its HTTP redirect, objects.githubusercontent.com, should also be whitelisted.
• Access to binaries.sonarsource.com is required to download previous versions of the SonarScanner CLI. If you are white-listing sonarcloud.io, the Sonar binaries should also be whitelisted.

For users running on-premise or using self-hosted agents, the minimum agent version for SonarCloud v2 tasks is 3.218.0.

in v2.0.1

• Version @1 tasks were deprecated and will be dropped in a subsequent release.

Azure DevOps Extension for SonarQube Cloud v1.x.x

Version @1 tasks were deprecated in v2.0.1 and will be dropped in a subsequent release.

From version 1.0 of the Azure DevOps extension, the extension was fully rewritten in Node.js which means that analyses can be triggered on Linux and macOS agents. The mono dependency was dropped in version 1.3; this is not possible when using previous versions of the extension.

For users running on-premise or using self-hosted agents, the minimum agent version for SonarCloud v1 tasks is 2.114.0.