Running the analysis
How to run a CFamily code analysis in SonarQube Server.
Refer to the Prerequisites to pick the suitable scanner variant, and refer to the picked scanner documentation to learn how to execute it.
In short, you don’t need additional steps to analyze the CFamily code in AutoConfig mode; you need to set the sonar.cfamily.compile-commands scanner property to analyze in Compilation Database mode.
SonarScanner CLI
If you decide to use the Compilation Database mode, please ensure you have generated the compile_commands.json file before proceeding.
Step 1: Add the sonar-project.properties file at the root of your project. Sample sonar-project.properties: 
sonar.projectKey=myFirstProject
sonar.projectName=My First C++ Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.host.url=SonarQubeURLGathering all your code trees in a subdirectory of your project is recommended to avoid analyzing irrelevant source files like third-party dependencies. You can specify this subdirectory by setting the property sonar.sources accordingly. In this example, we named it src.
Step 2: Add the property sonar.cfamily.compile-commands in the sonar-project.properties file. You should set it to the path of the Compilation Database file relative to the project directory (compile_commands.json in these examples):
sonar.cfamily.compile-commands=compile_commands.json
Step 3: Execute the SonarScanner CLI (sonar-scanner) from the root directory of your project: sonar-scanner
For more SonarScanner CLI-related options, see SonarScanner CLI.
Step 4: Follow the link provided at the end of the analysis to browse your project’s quality metrics in the UI.
SonarScanner for .NET
This is an example of analyzing a Solution using a C++ and C# mix in Compilation Database mode with a build wrapper*.*
The SonarScanner for .NET does not handle sonar-project.properties files, so the compilation database must be set during the .NET begin step.
Note that in this scenario, source code stored in shared folders, which are not considered a "Project" by Visual Studio, won’t be scanned.
- Download and install the Installing the scanner and the build wrapper (see the Prerequisites page). 
- Execute the SonarScanner for .NET - beginstep with the build wrapper output parameter:- /d:sonar.cfamily.compile-commands=<build_wrapper_output_directory>/compile_commands.json
- Add execution of the build wrapper to your normal .NET build command 
- Execute the SonarScanner for .NET - endstep to complete the analysis
SonarScanner.MSBuild.exe begin /k:"cs-and-cpp-project-key" /n:"My C# and C++ project" /v:"1.0" /d:sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
build-wrapper-win-x86-64.exe --out-dir build_wrapper_output_directory MSBuild.exe /t:Rebuild /nodeReuse:False
SonarScanner.MSBuild.exe endAn analysis configuration example project with a mix of C# and C++ is available on GitHub.
Last updated
Was this helpful?

