SonarQube tasks for Azure Pipelines
The Azure DevOps extension for SonarQube Server provides tasks to stage automations in your Azure build pipeline. This page contains the task list along with the task inputs and their descriptions.
Note that the Azure DevOps extension for SonarQube Cloud and the Azure DevOps extension for SonarQube Server are different extensions.
Although they share tasks which function in the same way, these extensions have unique software releases and version numbers. Please see the relevant links in case you're on the wrong page now:
The Azure DevOps extension for SonarQube Cloud documentation
The Azure DevOps extension for SonarQube Server documentation
Examples of each SonarQube task described on this page can be found in code samples located on pages in this section of the docs. Select your project type from the pages listed on the Adding analysis to Azure pipeline page, then read through the setup instructions to locate the example pipeline to reference.
The Azure DevOps extension
The Azure DevOps Extension makes it easy to integrate analysis into your Azure build pipeline. The extension allows the analysis of all languages supported by SonarQube Server.
SonarScanner for Azure DevOps — 8.2.0 | Issue Tracker
8.2.0 2026-03-16 Bump Scanner for .NET 11.2.0.135473 Download Release notes
8.1.0 2025-02-19 Bump scanner for Dotnet to 11.1.0.132901 & Fix UI bug with SQC Service Connection Download Release notes
8.0.1 2025-12-10 Rotation of binary signing keys Download Release notes
8.0.0 2025-12-08 Update scanner for .NET to 11.0.0 and CLI to 8.0.0 Download Release notes
7.4.2 2025-11-05 Update marketplace documentation Download Release notes
7.4.1 2025-08-07 Update tasks to Node 20+ Download Release notes
7.3 2025-04-23 Bump Scanner for .NET to 10.1.2.114627 Download Release notes
7.2 2025-04-09 Bump Scanner for .NET to 10.1.0.110937 Download Release notes
7.1.1 2024-11-26 Bump Scanner for .NET to 9.0.2.104486 Download Release notes
7.1.0 2024-11-19 Align with SonarQube rebranding Download Release notes
7.0.4 2024-11-12 Fix PR decorations for dark mode Download Release notes
7.0.3 2024-10-29 Bump Scanner for .NET 9.0.1 & Fix missing translation messages Download Release notes
7.0.2 2024-10-22 Fix windows path parsing coming from predefined variables correctly in extraProperties Download Release notes
7.0.1 2024-10-21 Fix .NET Framework scanner embedding logic. Download Release notes
7.0.0 2024-10-21 .NET analysis defaults to Scanner for .NET v9 with multi-language analysis. Embeds scanner-CLI v6.2.1 with JRE auto-provisioning. Download Release notes
6.2.0 2024-07-01 Default scanners are embedded for offline use Download Release notes
6.1.0 2024-06-18 Scanner CLI now defaults to v6 Download Release notes
6.0.1 2024-06-10 Deprecate the old SonarQube v5 tasks with proper warnings Download Release notes
6.0.0 2024-05-31 New V6 task with configurable scanner version, Drop of V3 tasks, bump of agent requirements for V4 tasks Download Release notes
5.20.0 2024-04-15 Support for JDK 21 and Bump to Scanner for .NET 5.15.1 (fix for .NET 8 on MacOS) Download Release notes
5.19.2 2024-03-11 Ignore specified JDK 11 if SonarQube does not support it Download Release notes
5.19.1 2024-03-04 Reintroduce compatibility for v4 tasks with node6 Download Release notes
5.19.0 2024-01-24 PRs show issues that will be fixed by the merge & Accepted, Retry mechanism during publish polling to tolerate unstable network conditions. Download Release notes
5.18.4 2023-11-28 Bump MSBuild Scanner to 5.15 Download Release notes
5.18.3 2023-11-20 Maximize proxy compatibility with tasks <5.18.0 Download Release notes
5.18.2 2023-11-17 Adjust PR decorations to Clean Code Taxonomy, Migrate from request to node-fetch, Support Azure proxy, Fix vulnerabilities Download Release notes
5.17.2 2023-10-18 Revert request library Download Release notes
5.16.0 2023-10-17 Fix Mend vulnerabilities & Dependencies bump Download Release notes
5.15.0 2023-06-14 Fix computation and retrieval of report-task.txt + Let user choose which java version to use for analysis Download Release notes
5.14.0 2023-06-13 Improved support for SQ >= 10.0, Change computation of metadata file path, added detection of JAVA_17 environment variable Download Release notes
5.13.0 2023-04-27 Support for sonar.token, incremental analysis outside Azure, better error message Download Release notes
5.12.0 2023-03-17 Supports for SonarCloud incremental analysis cache Download Release notes
5.11.1 2023-02-02 Azure DevOps extension is compatible with SonarQube 10.0 Download Release notes
5.11.0 2023-02-02 Update scanner for .NET to 5.11.0 Download Release notes
5.10.0 2023-01-23 Bump Scanner for .NET to 5.10.0 and ScannerCLI to 4.8.0 Download Release notes
5.9.0 2023-01-03 Bump Scanner for .NET to 5.9.2 Download Release notes
5.8.1 2022-10-11 Fix task status spelling (CANCEL -> CANCELED) Download Release notes
5.8.0 2022-09-05 Bump Scanner for .NET to 5.8.0 Download Release notes
5.7.0 2022-08-09 Bump Scanner for .NET to 5.7.2 and ScannerCLI to 4.7.0 Download Release notes
5.6.1 2022-07-06 Revert Scanner for .NET to 5.6.0 and ScannerCLi to 4.6.2 Download Release notes
5.6.0 2022-07-05 Bumped Scanner for .NET to 5.7.1 and Scanner CLI to 4.7.0 Download Release notes
5.5.0 2022-06-15 Bumped Scanner for .NET to 5.6.0 Download Release notes
5.4.0 2022-02-16 Bumped Scanner for .NET to 5.5.3 Download Release notes
5.3.0 2022-02-07 Bumped Scanner for .NET 5.5.0 Download Release notes
5.2.0 2022-02-07 Bump Scanner for .NET 5.4.1 Download Release notes
5.1.1 2021-11-30 Revert part of the change for SONARAZDO-264 Download Release notes
5.1.0 2021-11-30 Fix SSF-194, Bump Scanner for .NET 5.4.0 Download Release notes
5.0.0 2021-09-28 New Major Version for Azure Devops 2019 only, that resolves issues with LetsEncrypt Certs. For TFS2017/2018 use version 4.23.1 Download Release notes
4.23.1 2021-10-08 Rollback changes to Node handler and az pipeline task due to incompabilities with TFS 2017/2018 Download Release notes
4.23 2021-10-01 Change to Node10 execution handler to fix issues with LetEncrypt Certs Download Release notes
4.22 2021-09-20 Updated plugin SDK from .NET Core 2 to .NET Core 3 + Bump SonarScanner for .NET v.5.3.1 Download Release notes
4.21 2021-06-24 Bump SonarScanner for .NET v.5.2.2 Download Release notes
4.20 2021-04-30 Bug fix + Bump SonarScanner for .NET and ScannerCLi versions Download Release notes
4.19 2021-04-09 Support for Scanner for .NET 5.2 (Analyze test code) Download Release notes
4.18 2021-03-09 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes
4.17 2020-11-11 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes
4.16 2020-11-10 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes
4.12 2020-11-05 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes
4.11 2020-06-29 Support FIPS compliant cryptographic algorithm, update to SonarScanner 4.4 and SonarScanner for MSBuild 4.10 Download Release notes
4.10 2020-05-05 Improve detection of duplicated coverage reports, update to SonarScanner 4.3 and SonarScanner for MSBuild 4.9 Download Release notes
4.9 2020-01-29 Enable scanner execution when only .NET Core 3 is installed, update to SonarScanner 4.2 and SonarScanner for MSBuild 4.8 Download Release notes
4.8.1 2019-10-15 Bug fix Download Release notes
4.8 2019-09-16 Several bug fixes, update to SonarScanner 4.1 and SonarScanner for MSBuild 4.7.1 Download Release notes
4.7.2 2019-08-14 Bug fix Download Release notes
4.7.1 2019-08-14 Bug fix Download Release notes
4.7 2019-08-13 Fix a bug on the Publish Quality Gate Result task Download Release notes
For more information about customizing your Azure pipeline with the task inputs listed below, please see the Using various features page.
Prepare Analysis Configuration task
This task configures the required settings before executing the build. For .NET solutions or Java projects, it helps integrate seamlessly with MSBuild, Maven, and Gradle tasks.
The Prepare Analysis Configuration task shows up in your Azure pipeline as task: SonarQubePrepare@X
where
X= the current version of the Azure DevOps Extension for SonarQube Server.
Properties passed via extraProperties should be written without any prefix, for example sonar.verbose=true. The task invokes the scanner on your behalf and handles the prefix internally. For a full explanation of prefix conventions when passing properties to the SonarScanner for .NET, see Passing properties to the SonarScanner.
Task inputs common to all modes
The table below lists the Prepare Analysis Configuration task inputs common to all modes of the Azure DevOps extension for SonarQube Server.
SonarQube
Name of the SonarQube service connection(s) (SonarQube Server Endpoint) to your Azure DevOps project. See Adding SonarQube Server service connection to Azure Pipelines in Setting up project integration.
scannerMode
The running mode of the Azure DevOps extension for SonarQube Server.
Possible values:
• dotnet: .NET mode, for .NET projects.
• other: Maven / Gradle mode, for Maven and Gradle projects.
• cli: CLI mode, for other projects.
Task inputs specific to the Maven / Gradle mode
The table below lists the Prepare Analysis Configuration task inputs specific to the Maven / Gradle mode of the Azure DevOps extension for SonarQube Server.
extraProperties
Additional sonar properties to be passed to the scanner. A property is defined through a [key, value] pair.
Format: One [key, value] pair per line as follows:
<key>=<value>
For example: sonar.exclusions=**/*.bin
(to set the project key)
Task inputs specific to the .NET mode
The table below lists the Prepare Analysis Configuration task inputs specific to the .NET mode of the Azure DevOps extension for SonarQube Server. The Corresponding sonar property column indicates the sonar property that SonarQube Server will set with the input value. See the sonar property description in Analysis parameters for more information on the possible values and default-from-build values.
projectKey
• If the project exists already in SonarQube Server (It is highly recommended to create your project first: see Creating your project): the project’s unique key (is displayed in SonarQube UI).
• If the project doesn’t exist yet in SonarQube Server, it will be created with this key. Allowed characters are letters, numbers, -, _, ., and :, with at least one non-digit.
sonar.projectKey
projectName
The name of the SonarQube Server project that will be displayed on the web interface.
Default: projectKey input value (if no default-from-build value applies).
sonar.projectName
projectVersion
The version of the SonarQube Server project.
sonar.projectVersion
dotnetScannerVersion
The version of the SonarScanner for .NET to be downloaded. See Using various features.
Default: The extension’s default version of the SonarScanner for .NET (the latest compatible version).
extraProperties
Additional sonar properties to be passed to the scanner. A property is defined through a [key, value] pair.
Format: One [key, value] pair per line as follows:
<key>=<value>
For example: sonar.scanner.scanAll=false
Task inputs specific to the CLI mode
The table below lists the Prepare Analysis Configuration task inputs specific to the CLI mode of the Azure DevOps extension for SonarQube Server. The Corresponding sonar property column indicates the sonar property that SonarQube Server will set with the input value. See the sonar property description in Analysis parameters for more information on the possible values and default-from-build values.
cliSources
The path to the root directory containing source files. The path can be absolute, or relative to the repository root.
Warning: The possible values are different from the sonar.sources property:
• You can only set a single path.
• The relative path must be relative to the repository root (and not the to the sonar.projectBaseDir property).
• If you want to set a list of paths, define instead sonar.sources in the extraProperties input or in sonar-project.properties (See Choosing your configuration mode)
Default: .
sonar.sources
configMode
Specifies the configuration mode.
Possible values:
• file (default): The configuration is stored in the file defined through the configFile input.
• manual: The configuration is defined through the extraProperties input.
cliScannerVersion
Version of the SonarScanner CLI to be downloaded. See Using various features.
Default: The extension’s default version of the SonarScanner CLI (the last available version).
configFile
Is used if configModeis set to file.
The path to the file containing your analysis configuration. Path can be absolute or relative to the repository root.
Default: sonar-project.properties
cliProjectKey
Is used if configMode is set to manual.
• If the project exists already in SonarQube Server (It is highly recommended to create your project first: see Creating your project): the project’s unique key (is displayed in SonarQube UI).
• If the project doesn’t exist yet in SonarQube Server, it will be created with this key. Allowed characters are letters, numbers, -, _, ., and :, with at least one non-digit.
sonar.projectKey
cliProjectName
Is used if configMode is set to manual.
The name of the SonarQube Server project that will be displayed on the web interface.
Default: cliProjectKey input value (if no default-from-build value applies).
sonar.projectName
cliProjectVersion
Is used if configMode is set to manual.
The version of the SonarQube Server project.
sonar.projectVersion
extraProperties
Is used if configMode is set to manual.
Additional sonar properties to be passed to the scanner. A property is defined through a [key, value] pair.
Format: One [key, value] pair per line as follows:
<key>=<value>
For example: sonar.exclusions=**/*.bin
Run Code Analysis task
This task executes the analysis of the source code. It is not used in the Gradle / Maven mode of the Azure DevOps extension for SonarQube Server.
The Run Code Analysis task shows up in your Azure pipeline as task: SonarQubeAnalyze@X
where
X= the current version of the Azure DevOps Extension for SonarQube Server.
The table below lists the task inputs.
jdkversion
The version of Java used by the scanner for analysis. See General requirements.
If you select a value other than JAVA_HOME, the analyze task will revert to using JAVA_HOME if the selected environment variable does not exist.
Possible values:
• JAVA_HOME: Use the value of the JAVA_HOME environment variable on the system.
• JAVA_HOME_17_X64: Use the value of the JAVA_HOME_17_X64 environment variable on the system, if available. This environment variable is already set when running on Microsoft-hosted agents.
• JAVA_HOME_21_X64: Use the value of the JAVA_HOME_17_X64 environment variable on the system. This environment variable is already set when running on Microsoft-hosted agents.
Default: JAVA_HOME
Publish Quality Gate Result task
This task allows you to report the quality gate status directly to your Azure Pipeline’s Build Summary page. It is not mandatory but highly recommended.
The Publish Quality Gate Result task can significantly increase the overall build time because it will poll SonarQube until the analysis is complete.
The Publish Quality Gate Result task shows up in your Azure pipeline as task: SonarQubePublish@X
where
X= the current version of the Azure DevOps Extension for SonarQube Server.
The table below lists the task inputs.
pollingTimeoutSec
The maximum time (in seconds) for the task to wait for the analysis results sent by SonarQube Server.
Default: 300
Related pages
Last updated
Was this helpful?