Getting started with .NET
Your page to get started setting up a .NET analysis in any edition of SonarQube Server.
Setting up a .NET analysis with Sonar involves different configurations depending on your .NET environment and the CI integration used for your workflow. This page helps you get started by looking at the prerequisites, provides information to identify the version of the .NET scanner you should use, followed by links to setting up your CI environment and concluding with an overview of establishing code coverage to generate reports.
Prerequisites
Knowing which .NET version you are running is important; check this Microsoft documentation to learn which versions you have installed.
The SonarScanner for .NET must be installed in the same environment where you build your application. For example, if you’re building projects locally, the scanner must be installed locally; similarly, if you’re working with Azure Pipelines, you must add SonarScanner tasks to the pipeline.
The SonarScanner is working during the build process therefore, don’t be worried if everything takes a little longer because as mentioned above, the build is now also running an analysis during the build.
Your environment
SonarQube Server
The SonarScanner for .NET works with supported versions of SonarQube Server and with SonarQube Cloud.
SonarQube 10.4 and newer requires the SonarScanner for .NET 5.14 or newer.
SonarQube 8.9 is deprecated in the SonarScanner for .NET 9.0. The SonarScanner will fail to start if SonarQube 8.8 or older is detected.
Java
Depending on the version of the SonarScanner for .NET and SonarQube Server combination you are using, you might need to install Java. When running SonarQube 10.6 or newer with the scanner version 7.0 or newer, installing a JRE is not required because it will be automatically obtained from the server.
You can disable JRE auto-provisioning and specify your own version of Java; please check the scanner’s page General requirements when using JRE auto-provisioning.
Otherwise, you must have at least the minimal version of Java supported by your version of SonarQube Server.
Before scanner version 6.0, Java 11 or newer is required.
From and including scanner version 6.0, Java 17 or newer is required.
Open the SonarScanner for .NET version Update Center expandable box (next, below); then find the scanner version that fits with your version of SonarQube Server and your runtime to download the correct version. We recommend that you choose the latest version of the scanner.
SonarScanner for .NET — 11.1.0.132901 | Issue Tracker
11.1.0.132901 2026-02-02 This release enhances telemetry, streamlines data collection, and updates dependencies to improve performance and insights Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
11.0.0.126294 2025-10-15 The Scanner for .NET does not embed the SonarScanner CLI anymore and downloads it when needed. Adds support for MSTest 4. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.4.1.124928 2025-09-23 Fix a bug that erroneously warns that Community Build is not supported. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.4.0.124828 2025-09-22 New communication system with SonarQube. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.3.0.120579 2025-07-16 Support xUnit v3, fix RunDeploymentRoot in trx files, remove sonar.scanner.scanAll analysis warning. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.2.0.117568 2025-06-03 Fix a vulnerability from embedded scanner-cli. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.1.2.114627 2025-04-16 Add 'sonar' default truststore passord fallback. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.1.1.111189 2025-03-25 Maintenance and dependencies updates. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.1.0 2025-03-19 Maintenance and dependencies updates. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
10.0.0 2025-03-13 Fix a vulnerability. Mandate that the truststore password is passed in the end step if used in the begin step. Added support for 7 new languages. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.2.1 2025-02-25 DEPRECATED. Use system trusted certificate or JVM certificate store. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.2.0 2025-02-19 DEPRECATED. Support for local trust store for private and self-signed certificates. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.1.0 2025-02-06 Read new properties for downloading plugins Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.0.2 2024-11-12 sonar.projectBaseDir passed through extraProperties is respected with Azure DevOps extensions. Do not fail during file indexing when a directory cannot be accessed. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.0.1 2024-10-25 Fix projectBaseDir path detection on Azure DevOps Linux agents. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
9.0.0 2024-09-27 Ignore sonar.sources and sonar.tests properties. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
8.0.3 2024-09-13 Exclude XML files from the new automatic analysis. Do not crash on mlaformed paths. Make sure server-side exclusions are not overridden. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
8.0.2 2024-09-02 Re-enabled sonar.exclusions support. Automatically exclude files passed-in as coverage. Skip transient projects that do not exist after the build. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
8.0.1 2024-08-21 Bug fix release which addresses two issues, improvements on messages emmitted during the analysis. Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
8.0 2024-08-12 The scanner is now supporting multi-language analysis. Files for other languages are automatically picked up (SQL, YAML, XML, JSON, CSS, HTML, JS, TS) Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
7.1.1 2024-07-24 Fixed a small issue when not specifying sonar.host.url (defaults to https://sonarcloud.io) Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
7.1 2024-07-19 Fixed a small issue when not specifying sonar.host.url (defaults to https://sonarcloud.io) Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
7.0 2024-07-18 This version does not require a JRE to be present on the machine anymore Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
6.2 2024-02-16 Fixes the failing analysis on macOS with .NET 8.0. New optional sonar.http.timeout command line parameter Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
6.1 2024-01-29 Drop support for MSBuild 14, deprecate MSBuild 15 Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
6.0 2023-12-04 Packaging change, drop support for .Net Framework 4.6, Net 2.1, and .Net 3.0. Drop Java 11 support. Drop support of SonarQube versions prior to 8.9 Download scanner for: .NET Global Tool .NET Core 3.1+ .NET Framework 4.6.2+ Release notes
5.15.1 2024-03-26 Fix analysis on MacOSX with .NET 8 when begin runtime doesn't match with build runtime Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.15 2023-11-20 Add an option to specify the scanner's temporary working directory Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.14 2023-10-02 Support upcoming SonarQube 10.4 API changes Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.13.1 2023-08-14 SonarScanner CLI update Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.13 2023-04-05 Support for sonar.token parameter and improved error messages Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.12 2023-03-17 Fast PR Analysis Support For Azure Devops Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.11 2023-01-27 Fast PR Analysis Compatibility Fix Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.10 2023-01-13 Improved FIPS Compliance Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.9.2 2022-12-14 Bug Fix Release related to PR analysis Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.9.1 2022-12-06 Bug Fix Release Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.9.0 2022-12-01 .NET 7 bug fixes and preparation for fast PR analysis Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.8.0 2022-08-24 Analysis of Azure Functions on Github Actions no longer hard fails with default behavior. See release notes for details. Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.7.2 2022-07-12 Log warning instead of error when not parsing environment variables to avoid hard failure when Newtonsoft does not get resolved Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.7.1 2022-06-21 Bug Fix Release Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.7.0 2022-06-20 Bug Fix Release Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.6.0 2022-05-30 Send warnings to users of versions where support will change Download scanner for: .NET 5+ .NET Global Tool .NET Core 3.1 .NET Core 2.1 .NET Framework 4.6 Release notes
5.5.3 2022-02-14 Support for .NET 6 Web Projects, TLS Version selection logic removed - now responsibility of OS, Fix "MSB3677 Unable to move file" regression Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.5.2 2022-02-10 Support for .NET 6 Web Projects, TLS Version selection logic removed, now responsibility of OS Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.5.1 2022-02-08 Support for .NET 6 Web Projects, support TLS 1.3 where supported by environment Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.5.0 2022-02-07 Support for .NET 6 Web Projects, support TLS 1.3 Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.4.1 2021-12-23 Updated Newtonsoft.Json to latest Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.4 2021-11-26 Updated .NET 5 Version to be forward compatible and support .NET 6 environments Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.3.2 2021-10-28 Added parameters sonar.clientcert.path and sonar.clientcert.password for securing connections to SonarQube Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.3.1 2021-09-01 Update scanner-cli, Compile with .NET Core 2.1 and 3.1, Improve uninstall of targets if multiple builds in the same pipeline Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.2.2 2021-06-24 Fix test assembly detection + mTLS certificate with password Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.2.1 2021-04-30 Update embedded SonarScanner CLI Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.2 2021-04-09 Support for test code analysis Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.1 2021-03-09 Support for .NET 5, support for solo .NET Core project (without .sln) Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.0.4 2020-11-11 Support for .NET 5, support for solo .NET Core project (without .sln) Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.0.3 2020-11-10 Support for .NET 5, support for solo .NET Core project (without .sln) Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
5.0 2020-11-05 Support for .NET 5, support for solo .NET Core project (without .sln) Download scanner for: .NET 5+ .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
4.10 2020-06-29 Support FIPS compliant cryptographic algorithm Download scanner for: .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
4.9 2020-05-05 Improve detection of duplicated coverage reports, fix categorization of fakes projects Download scanner for: .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
4.8 2019-11-06 Enable scanner execution when only .NET Core 3 is installed Download scanner for: .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
4.7.1 2019-09-10 Update SonarScanner to version 4.1 Download scanner for: .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
4.7 2019-09-03 Support dash and forward-slash in dotnet command line arguments, analyze XAML files, add analyzed targets in logs Download scanner for: .NET Global Tool .NET Core 2.1 .NET Framework 4.6 Release notes
Identify your SonarScanner version
Each .NET environment is slightly different. Check the appropriate tab for requirements and notes about the installation.
Install your .NET environment
If you are using the .NET version of the scanner or the .NET Global Tool you will need .NET Core SDK 3.1 or above. See this Microsoft page to download .NET.
The SonarScanner for .NET works with .NET environments including .NET Core 3.1 and newer.
Install your .NET Framework environment
If you are using the .NET Framework version of the scanner you will need .NET Framework v4.6.2 or above. For commercial versions of SonarQube Server to benefit from security analysis you will need .NET Framework v4.7.2 or above. See this Microsoft page to download supported versions of .NET Framework.
Installing the scanner
SonarQube Server knows which analyzer plugins you need for a given version however, choosing the correct SonarScanner version is up to you according to your .NET environment. You can use any version of the SonarScanner that supports your .NET runtime. For full details, check the Installing the scanner page for the prerequisites and install instructions.
Below, choose the SDK corresponding to your build system for a getting started overview:
Install scanner for .NET
You can install the SonarScanner for .NET from Nuget using the .NET global tool, or download a standalone file to execute.
.NET global tool
If you are using .NET on an already installed instance of SonarQube Server, the simplest way to install the scanner is to use the dotnet install tool from the command line. The .NET Global Tool is available from .NET Core 3.1+.
The --version argument is optional; if omitted, the latest version will be installed. The full list of release versions is available on the NuGet page.
If you can’t use the dotnet install tool, other versions are available for download in the SonarScanner Update Center collapsible (access above, select Show more).
Standalone executable
You can install the SonarScanner for .NET via the .NET Core hyperlink in the Sonar Update Center panel above, or directly from the releases page.
Expand the downloaded file into the directory of your choice. We’ll refer to it as
<INSTALL_DIRECTORY>in the next steps.On Windows, you might need to unblock the ZIP file first (right-click file > Properties > Unblock).
On Linux/OSX you may need to set execute permissions on the files in
<INSTALL_DIRECTORY>/sonar-scanner-(version)/bin.
Uncomment, and update the global settings to point to your instance of SonarQube Server by editing
<INSTALL_DIRECTORY>/SonarQube.Analysis.xml. Values set in this file will be applied to all analyses of all projects unless overwritten locally. Consider setting file system permissions to restrict access to this file.
Add
<INSTALL_DIRECTORY>to yourPATHenvironment variable.
Previous versions of the .NET Framework SonarScanner are available on the releases page or found by expanding the SonarScanner for .NET version Update Center expandable box, above.
Install scanner for .NET Framework
You can install the SonarScanner for .NET by downloading a standalone file to execute.
Standalone executable
You can install the SonarScanner for .NET via the .NET Framework hyperlink in the Sonar Update Center panel above, or directly from the releases page.
Expand the downloaded file into the directory of your choice. We’ll refer to it as
<INSTALL_DIRECTORY>in the next steps.On Windows, you might need to unblock the ZIP file first (right-click File > Properties > Unblock).
On Linux/OSX you may need to set execute permissions on the files in
<INSTALL_DIRECTORY>/sonar-scanner-(version)/bin.
Uncomment, and update the global settings to point to your SonarQube Server’s instance by editing
<INSTALL_DIRECTORY>/SonarQube.Analysis.xml. Values set in this file will be applied to all analyses of all projects unless overwritten locally. Consider setting file system permissions to restrict access to this file.
Add
<INSTALL_DIRECTORY>to yourPATHenvironment variable.
Previous versions of the .NET Framework SonarScanner are available on the releases page or found by expanding the SonarScanner for .NET version Update Center expandable box, above.
Setting up your pipeline
How you set up the SonarScanner for .NET in your pipeline depends on your production environment. Here we will give a high-level overview, and link to pages with more detail, covering the most common CI environments:
Basic steps
For the most part, your pipeline should include these basic steps to run properly:
Check and install the Prerequisites in your environment (Java).
Download the correct SonarScanner version for your .NET runtime, and install it on your CI.
Then, as described on the Using the scanner page:
specify your Begin step arguments to prepare your project for analysis,
build your project which will generate the analysis data,
and define the End step arguments to collect the analysis data.
Finally, focus your analysis as part of your build process by setting up your .NET test coverage using a third-party tool to access important metrics.
For more details, select the tab box below that matches your CI:
Azure DevOps Pipelines
SonarQube Server can be integrated with both Azure DevOps Server and Azure DevOps Services. To get your analysis up and running, you will need to:
add an Azure Personal Access Token (PAT) to your instance of SonarQube Server.
install the SonarQube Server extension from the Visual Studio Marketplace. The Azure DevOps Extension for SonarQube Server embeds the most recent SonarScanner for .NET. Check the extension’s page for more details.
add a new SonarQube Server service endpoint.
finally, configure your Azure pipeline to send the analysis results to SonarQube Server.
The .NET project page has all of the details to complete this process.
GitHub Actions
SonarQube Server can be integrated with both GitHub Enterprise and GitHub.com repositories. To get your analysis up and running, you will need to:
create a GitHub app. Please see GitHub’s documentation on creating a GitHub App.
install your GitHub App in your organization. GitHub has documentation on installing GitHub Apps.
update your SonarQube Server global settings with your GitHub App information. This information can be found on the Importing GitHub repositories page.
finally, configure your .github/workflows/build.yml file so that the SonarScanner and GitHub can talk together to send your analysis results to SonarQube Server.
The Introduction to GitHub integration page is your entry point to find all of the details to complete this process.
GitLab integration
SonarQube Server can be integrated with GitLab self-managed and GitLab SaaS subscription repositories. To get your analysis up and running, you will need to:
set your environment variables for all pipelines in GitLab’s settings. You’ll need to generate a Sonar Token and define your Sonar Host URL.
finally, configure your .gitlab-ci.yml file so that the SonarScanner can be installed and send your analysis results to SonarQube Server. If you’re running SonarQube Commercial editions and GitLab Ultimate, you can report vulnerabilities directly in GitLab.
For more details about completing this process, check out the Adding analysis to GitLab CI/CD pipeline page.
Here is a code sample for your gitlab-ci.yml file:
Jenkins integration
A SonarQube Server analysis using the SonarScanner for .NET can be triggered from Jenkins using the standard Jenkins Build Steps or the Jenkins Pipeline DSL. To get your analysis up and running, you will need to:
Install the Jenkins extension via the Jenkins Update Center.
To trigger your analysis, add the SonarScanner for .NET to the Jenkins Global Tool Configuration. Setting up Jenkins provides complete instructions.
Finally, construct your Jenkins pipeline, adding a
withSonarQubeEnvblock that allows you to select SonarQube Server.
Additional configurations are available to manage your pipeline for Setting up Jenkins and Setting up a pipeline pause while the quality gate is computed. The Jenkins extension for SonarQube and Setting up Jenkins pages will have complete details.
Bitbucket integration
SonarQube Server integrates well with Bitbucket Cloud. To get your analysis up and running, you will need to:
import your Bitbucket Cloud repository into SonarQube Server.
finally, set up your pipeline to install the SonarScanner for .NET by Configuring your bitbucket-pipelines.yml file.
It’s possible to configure more details like reporting your quality gate status in Bitbucket Cloud or failing the pipeline when the quality gate fails. Check the Bitbucket Cloud integration page for full details.
Managing your analysis
Once your CI pipeline is up and running, you can improve it to integrate pull request analyses and use your quality gate status to prevent merges when the quality gate fails. Each CI, as linked to above, manages pull requests in different ways and you’ll have to check the appropriate tab item for your CI to get the details.
The pull request analysis introduction page provides an overview of how pull requests work in SonarQube Server. The Setting up the pull request analysis page will provide you with information about pull request parameters before pointing you to pages that help configure the quality gate status.
Essentially, the main steps of the analysis process are:
Your build or CI pipeline starts the SonarScanner.
The SonarScanner scans the local repository and determines the files to be analyzed according to the configured analysis scope.
The scanner sends an analysis request to the respective language analyzer which retrieves the files to be analyzed from the file system and analyzes them according to the configured quality profiles.
The analyzer sends the analysis results to the scanner which forwards them to SonarQube Server in the form of a report. See also the Understanding measures and metrics and Issue management solution pages.
SonarQube Server computes the analysis results asynchronously to perform the following:
It identifies the new issues according to the configured new code definition and raises them in both the new code and the overall code (It uploads the code as part of the analysis and shows users the code that it raised issues on. Unanalyzed changes in the code are not visible.).
It computes the quality gates.
It generates reports.
The next article, Test Coverage, explains how SonarQube Server reports work.
Test Coverage
Test coverage reports and test execution reports are important metrics to help you assess the quality of your code.
Test coverage reports tell you what percentage of your code is covered by test cases.
Test execution reports tell you which tests have been run and their results.
To track code coverage in Sonar, you must use one of the supported coverage tools during your test run before the scanner can pick up the report. For instructions and examples of how to manage code coverage, refer to the .NET test coverage page.
Running a standard project analysis is slightly different than running an analysis on a test project. Please see the Specifying test projects page for more complete details.
If you’re still confused about code coverage and test data, we prepared some Community guides that might be helpful. A full list of guides on the Troubleshooting page.
Last updated
Was this helpful?