Installing the scanner

Everything you need to know to install and run SonarScanner for .NET.

SonarScanner for .NET — 10.3.0.120579 | Issue Tracker

10.3.0.120579 2025-07-16 Support xUnit v3, fix RunDeploymentRoot in trx files, remove sonar.scanner.scanAll analysis warning. Download Release notes

10.2.0.117568 2025-06-03 Fix a vulnerability from embedded scanner-cli. Download Release notes

10.1.2.114627 2025-04-16 Add 'sonar' default truststore passord fallback. Download Release notes

10.1.1.111189 2025-03-25 Maintenance and dependencies updates. Download Release notes

10.1.0 2025-03-19 Maintenance and dependencies updates. Download Release notes

10.0.0 2025-03-13 Fix a vulnerability. Mandate that the truststore password is passed in the end step if used in the begin step. Added support for 7 new languages. Download Release notes

9.2.1 2025-02-25 DEPRECATED. Use system trusted certificate or JVM certificate store. Download Release notes

9.2.0 2025-02-19 DEPRECATED. Support for local trust store for private and self-signed certificates. Download Release notes

9.1.0 2025-02-06 Read new properties for downloading plugins Download Release notes

9.0.2 2024-11-12 sonar.projectBaseDir passed through extraProperties is respected with Azure DevOps extensions. Do not fail during file indexing when a directory cannot be accessed. Download Release notes

9.0.1 2024-10-25 Fix projectBaseDir path detection on Azure DevOps Linux agents. Download Release notes

9.0.0 2024-09-27 Ignore sonar.sources and sonar.tests properties. Download Release notes

8.0.3 2024-09-13 Exclude XML files from the new automatic analysis. Do not crash on mlaformed paths. Make sure server-side exclusions are not overridden. Download Release notes

8.0.2 2024-09-02 Re-enabled sonar.exclusions support. Automatically exclude files passed-in as coverage. Skip transient projects that do not exist after the build. Download Release notes

8.0.1 2024-08-21 Bug fix release which addresses two issues, improvements on messages emmitted during the analysis. Download Release notes

8.0 2024-08-12 The scanner is now supporting multi-language analysis. Files for other languages are automatically picked up (SQL, YAML, XML, JSON, CSS, HTML, JS, TS) Download Release notes

7.1.1 2024-07-24 Fixed a small issue when not specifying sonar.host.url (defaults to https://sonarcloud.io) Download Release notes

7.1 2024-07-19 Fixed a small issue when not specifying sonar.host.url (defaults to https://sonarcloud.io) Download Release notes

7.0 2024-07-18 This version does not require a JRE to be present on the machine anymore Download Release notes

6.2 2024-02-16 Fixes the failing analysis on macOS with .NET 8.0. New optional sonar.http.timeout command line parameter Download Release notes

6.1 2024-01-29 Drop support for MSBuild 14, deprecate MSBuild 15 Download Release notes

6.0 2023-12-04 Packaging change, drop support for .Net Framework 4.6, Net 2.1, and .Net 3.0. Drop Java 11 support. Drop support of SonarQube versions prior to 8.9 Download Release notes

5.15.1 2024-03-26 Fix analysis on MacOSX with .NET 8 when begin runtime doesn't match with build runtime Download Release notes

5.15 2023-11-20 Add an option to specify the scanner's temporary working directory Download Release notes

5.14 2023-10-02 Support upcoming SonarQube 10.4 API changes Download Release notes

5.13.1 2023-08-14 SonarScanner CLI update Download Release notes

5.13 2023-04-05 Support for sonar.token parameter and improved error messages Download Release notes

5.12 2023-03-17 Fast PR Analysis Support For Azure Devops Download Release notes

5.11 2023-01-27 Fast PR Analysis Compatibility Fix Download Release notes

5.10 2023-01-13 Improved FIPS Compliance Download Release notes

5.9.2 2022-12-14 Bug Fix Release related to PR analysis Download Release notes

5.9.1 2022-12-06 Bug Fix Release Download Release notes

5.9.0 2022-12-01 .NET 7 bug fixes and preparation for fast PR analysis Download Release notes

5.8.0 2022-08-24 Analysis of Azure Functions on Github Actions no longer hard fails with default behavior. See release notes for details. Download Release notes

5.7.2 2022-07-12 Log warning instead of error when not parsing environment variables to avoid hard failure when Newtonsoft does not get resolved Download Release notes

5.7.1 2022-06-21 Bug Fix Release Download Release notes

5.7.0 2022-06-20 Bug Fix Release Download Release notes

5.6.0 2022-05-30 Send warnings to users of versions where support will change Download Release notes

5.5.3 2022-02-14 Support for .NET 6 Web Projects, TLS Version selection logic removed - now responsibility of OS, Fix "MSB3677 Unable to move file" regression Download Release notes

5.5.2 2022-02-10 Support for .NET 6 Web Projects, TLS Version selection logic removed, now responsibility of OS Download Release notes

5.5.1 2022-02-08 Support for .NET 6 Web Projects, support TLS 1.3 where supported by environment Download Release notes

5.5.0 2022-02-07 Support for .NET 6 Web Projects, support TLS 1.3 Download Release notes

5.4.1 2021-12-23 Updated Newtonsoft.Json to latest Download Release notes

5.4 2021-11-26 Updated .NET 5 Version to be forward compatible and support .NET 6 environments Download Release notes

5.3.2 2021-10-28 Added parameters sonar.clientcert.path and sonar.clientcert.password for securing connections to SonarQube Download Release notes

5.3.1 2021-09-01 Update scanner-cli, Compile with .NET Core 2.1 and 3.1, Improve uninstall of targets if multiple builds in the same pipeline Download Release notes

5.2.2 2021-06-24 Fix test assembly detection + mTLS certificate with password Download Release notes

5.2.1 2021-04-30 Update embedded SonarScanner CLI Download Release notes

5.2 2021-04-09 Support for test code analysis Download Release notes

5.1 2021-03-09 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes

5.0.4 2020-11-11 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes

5.0.3 2020-11-10 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes

5.0 2020-11-05 Support for .NET 5, support for solo .NET Core project (without .sln) Download Release notes

4.10 2020-06-29 Support FIPS compliant cryptographic algorithm Download Release notes

4.9 2020-05-05 Improve detection of duplicated coverage reports, fix categorization of fakes projects Download Release notes

4.8 2019-11-06 Enable scanner execution when only .NET Core 3 is installed Download Release notes

4.7.1 2019-09-10 Update SonarScanner to version 4.1 Download Release notes

4.7 2019-09-03 Support dash and forward-slash in dotnet command line arguments, analyze XAML files, add analyzed targets in logs Download Release notes

The SonarScanner for .NET version 9.2 has been deprecated and should not be used.

Beginning with the Sonar Scanner for .NET v8, the way the sonar.projectBaseDir property is automatically detected has changed which has an impact on the files that are analyzed and how relative properties, such as sonar.exclusions and sonar.test.exclusions, are resolved.

To customize the behavior, you can set the sonar.projectBaseDir property to point to a directory that contains all the source code you want to analyze. The path may be relative (to the directory from which the analysis was started) or absolute.

The flavor used to compile the Scanner for .NET (either .NET, .NET Core or .NET Framework) is independent of the .NET version the project you want to analyze has been built with. Concretely, you can analyze .NET Core code with the .NET Framework version of the Scanner.

Knowing which installation procedure is relevant depends on your OS, and on the versions of .NET SDKs that are installed on your build machine. See below for some general prerequisites, then select the appropriate installation method depending on your SDK.

Prerequisites

  • Have compatible SonarQube Server and SonarScanner for .NET versions:

    • SonarQube 10.4 and newer requires the SonarScanner for .NET 5.14 or newer.

    • SonarQube 8.9 LTA is the minimum version that the SonarScanner for .NET is compatible with. Although support for SonarQube 8.9 has ended, the current SonarScanner for .NET is still compatible.

    • The SonarScanner will fail to start if an incompatible version of SonarQube is detected.

  • Java is no longer required because the SonarScanner will download it automatically.

    • If internet access is limited in your configuration, skip the JRE provisioning and use the Java version installed locally.

    • If you are running a previous version of the scanner you will need at least the minimal version of Java supported by your SonarQube server.

  • Use an SDK corresponding to your build system:

The flavor (either .NET Framework, .NET Core or .NET) used to compile the Scanner for .NET is independent of the .NET version used to build the project you want to analyze. Concretely, you can analyze .NET Core code with the .NET Framework version of the Scanner. It’s only relevant depending on your OS, and on the versions of .NET SDKs that are installed on your build machine.

Installation

.NET Core global tool

Using the dotnet install tool from the command line is the simplest way to install the scanner if you are using .NET Core or later on an already installed instance of SonarQube. The .NET Core Global Tool is available from .NET Core 3.1+.

dotnet tool install --global dotnet-sonarscanner --version x.x.x

The --version argument is optional; if omitted, the latest version will be installed. The full list of release versions is available on the NuGet page.

Standalone executable

  • Expand the downloaded file into the directory of your choice. We’ll refer to it as <INSTALL_DIRECTORY> in the next steps.

    • On Windows, you might need to unblock the ZIP file first (right-click file > Properties > Unblock).

    • On Linux/OSX you may need to set execute permissions on the files in <INSTALL_DIRECTORY>/sonar-scanner-(version)/bin.

  • Uncomment, and update the global settings to point to your instance of the SonarQube Server by editing <INSTALL_DIRECTORY>/SonarQube.Analysis.xml. Values set in this file will be applied to all analyses of all projects unless overwritten locally. Consider setting file system permissions to restrict access to this file.

<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
  <Property Name="sonar.host.url">http://localhost:9000</Property>
  <Property Name="sonar.token">[my-user-token]</Property>
</SonarQubeAnalysisProperties>

  • Add <INSTALL_DIRECTORY> to your PATH environment variable.

If your instance of the SonarQube Server is secured

If your SonarQube Server instance is secured behind a proxy and and a self-signed certificate, you must add the self-signed certificate to the trusted CA certificates of the SonarScanner. In addition, if mutual TLS is used, you must define the access to the client certificate at the SonarScanner level.

See TLS certificates on client side and Securing behind a proxy

Related pages

PreviousIntroductionNextUsing the scanner

Last updated

Was this helpful?