Using various features

This page explains features you may use when adding SonarQube analysis to your Azure build pipeline:

• Choosing the analysis configuration mode (only in the Standalone SonarScanner CLI mode).

• Using a specific version of the SonarScanner for .NET or CLI

• Using the cache feature

Choosing the configuration mode

In the CLI mode of the Azure DevOps extension for SonarQube Server, you may:

• Either use the file configuration mode (default mode) which consists of setting analysis parameters in the sonar-project.properties file stored in the repository root (or another specified configuration file).

• Or use the manual configuration mode to define analysis parameters at the pipeline level.

Using the file configuration mode

The file configuration mode is the default mode of the Azure DevOps extension for SonarQube.

YAML pipeline

1. Make sure the configMode input of the SonarQubePrepare task is set to file.

2. To use a different configuration file than sonar-project.properties, add the configFile task input to the SonarQubePrepare task, with the path to the configuration file as the value. The path can be absolute, or relative to the repository root.

Classic pipeline

In the Prepare Analysis Configuration task:

1. Make sure the Store configuration with my source code mode is selected.

2. In Settings file, you can define a different configuration file than sonar-project.properties. The path can be absolute, or relative to the repository root.

Using the manual configuration mode

To define analysis parameters at the pipeline level in Standalone SonarScanner CLI mode, proceed as described below.

YAML pipeline

1. Make sure the configMode task input in the SonarQubePrepare task is set to manual.

2. Use the extraProperties task input in the SonarQubePrepare task to define the analysis parameters: define a new sonar property by adding <propertyKey>=<propertyValue> on a new line.

Classic pipeline

In the Prepare Analysis Configuration task:

1. Select the Manually provide configuration mode and enter the required parameters.

2. In Advanced section > Additional properties, define a new sonar property by adding <propertyKey>=<propertyValue> on a new line. Example: sonar.exclusions=**/*.bin

Using a specific version of SonarScanner for .NET or CLI

The Azure DevOps extension for SonarQube Cloud embeds the latest compatible version of the SonarScanner for .NET and SonarScanner CLI. In very particular situations, you may want to use another scanner version. In such a case, you can configure the download of this specific version from the SonarSource binaries site. In addition, you can use the Azure cache task (see below) in your pipeline to manage the caching of the SonarScanner.

The figure below shows the download process of a specific version of SonarScanner for .NET or SonarScanner CLI.

Set up the download in the Prepare Analysis Configuration task of your pipeline as described below.

- task: SonarCloudPrepare@3
  inputs:
    SonarQube: '<YourSonarQubeServerEndpoint>'
    organization: '<YourOrganizationName>'
    scannerMode: 'dotnet'
    dotnetScannerVersion: '10.1.2.114627'
    projectKey: '<YourProjectKey>'

SonarScanner CLI

You must specify the full version number, such as 7.1.0.4889 (and not 7.1.0). All of the available version numbers can be found here.

YAML pipeline to specify CLI scanner version

Add the following input to the Prepare Analysis Configuration task

• cliScannerVersion: The SonarScanner CLI version to be downloaded.

The code snippet below shows a task configuration example. For more information about the task inputs, see the List of SonarQube tasks page.

Copy

- task: SonarCloudPrepare@3
  inputs:
    SonarQube: '<YourSonarQubeServiceEndpoint>'
    organization: '<YourOrganizationName>'
    scannerMode: 'cli'
    configMode: 'file'
    configFile: '<YourConfig.properties>'   
    cliScannerVersion: '7.1.0.4889'
    cliProjectKey: '<YourProjectKey>'
    cliSources: '.' 

Classic pipeline

In Scanner CLI Version, enter the version to be downloaded.

Using the cache feature

Azure DevOps allows pipeline caching to improve build performance by facilitating the download of dependencies between pipeline runs. Currently, you can only cache the SonarScanner (bootstrapper) that is downloaded when you need a specific version of SonarScanner for .NET or CLI.

Proceed as follows:

• Add a cache task to your Azure build pipeline before SonarQube’s Prepare Analysis Configuration task. See the code snippet below according to the extension mode.

- task: Cache@2
  displayName: Cache SonarScanner
  inputs:
    key: '"SonarScanner" | ".NET" | "$(Agent.OS)"'
    path: '$(Agent.ToolsDirectory)/SonarScanner .NET

- task: Cache@2
  displayName: Cache SonarScanner
  inputs:
    key: '"SonarScanner" | "CLI" | "$(Agent.OS)"'
    path: '$(Agent.ToolsDirectory)/SonarScanner CLI'

Adding the quality gate status widget to your project

You can monitor the quality gate status of your projects directly in your Azure DevOps dashboard. Follow these steps to configure your widget:

1. Once the Azure DevOps extension is installed and your project has been successfully analyzed, go to one of your Azure DevOps dashboards (or create a new dashboard). Click on the Pen icon to edit, and then select Add Widget.

2. In the Add Widget list, select Code Quality, and then select Add. An empty Configure widget is added to your dashboard.

3. Select the widget’s Cogwheel icon to configure it.

   • For public projects, you can simply select your project from the dropdown. A search bar inside the drop-down will help you find it easily. Just select it and Save.

   • For private projects, log in using the links provided under the drop-down. Once logged in, your private projects will appear in the drop-down. Select the project you are interested in and Save.

Related pages

• Gradle or Maven project

• .NET project

• C family project

• JS, TS, Go, Python, PHP, etc. project

• Monorepo projects

• List of SonarQube tasks