Running the analysis

How to run a CFamily code analysis in SonarQube Server.

Refer to the prerequisites to pick the suitable scanner variant, and refer to the picked scanner documentation to learn how to execute it.

In short, you don’t need additional steps to analyze the CFamily code in AutoConfig mode; you need to set the sonar.cfamily.compile-commands scanner property to analyze in Compilation Database mode.

SonarScanner CLI

If you decide to use the Compilation Database mode, please ensure you have generated the compile_commands.json file before proceeding.

Step 1: Add the sonar-project.properties file at the root of your project. Sample sonar-project.properties: 

sonar.projectKey=myFirstProject
sonar.projectName=My First C++ Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.host.url=SonarQubeURL

Gathering all your code trees in a subdirectory of your project is recommended to avoid analyzing irrelevant source files like third-party dependencies. You can specify this subdirectory by setting the property sonar.sources accordingly. In this example, we named it src.

Step 2: Add the property sonar.cfamily.compile-commands in the sonar-project.properties file. You should set it to the path of the Compilation Database file relative to the project directory (compile_commands.json in these examples): sonar.cfamily.compile-commands=compile_commands.json

Step 3: Execute the SonarScanner CLI (sonar-scanner) from the root directory of your project: sonar-scanner For more SonarScanner CLI-related options, see SonarScanner CLI.

Step 4: Follow the link provided at the end of the analysis to browse your project’s quality metrics in the UI.

SonarScanner for .NET

This is an example of analyzing a Solution using a C++ and C# mix in Compilation Database mode with a build wrapper*.*

The SonarScanner for .NET does not handle sonar-project.properties files, so the compilation database must be set during the .NET begin step.

Note that in this scenario, source code stored in shared folders, which are not considered a "Project" by Visual Studio, won’t be scanned.

  1. Download and install the SonarScanner for .NET and the build wrapper (see the Prerequisites page).

  2. Execute the SonarScanner for .NET begin step with the build wrapper output parameter: /d:sonar.cfamily.compile-commands=<build_wrapper_output_directory>/compile_commands.json

  3. Add execution of the build wrapper to your normal .NET build command

  4. Execute the SonarScanner for .NET end step to complete the analysis

SonarScanner.MSBuild.exe begin /k:"cs-and-cpp-project-key" /n:"My C# and C++ project" /v:"1.0" /d:sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
build-wrapper-win-x86-64.exe --out-dir build_wrapper_output_directory MSBuild.exe /t:Rebuild /nodeReuse:False
SonarScanner.MSBuild.exe end

An analysis configuration example project with a mix of C# and C++ is available on GitHub.

PreviousPrerequisitesNextCustomizing the analysis

Last updated

Was this helpful?