Azure DevOps Extension

The Azure DevOps Extension for SonarQube Server makes it easy to integrate analysis into your build pipeline, allowing you to analyze all supported languages.

SonarScanner for Azure DevOps — 7.4.1 | Issue Tracker

7.4.1 ^_2025-08-07 ^{Update tasks to Node 20+} Download Release notes

7.3 ^_2025-04-23 ^{Bump Scanner for .NET to 10.1.2.114627} Download Release notes

7.2 ^_2025-04-09 ^{Bump Scanner for .NET to 10.1.0.110937} Download Release notes

7.1.1 ^_2024-11-26 ^{Bump Scanner for .NET to 9.0.2.104486} Download Release notes

7.1.0 ^_2024-11-19 ^{Align with SonarQube rebranding} Download Release notes

7.0.4 ^_2024-11-12 ^{Fix PR decorations for dark mode} Download Release notes

7.0.3 ^_2024-10-29 ^{Bump Scanner for .NET 9.0.1 & Fix missing translation messages} Download Release notes

7.0.2 ^_2024-10-22 ^{Fix windows path parsing coming from predefined variables correctly in extraProperties} Download Release notes

7.0.1 ^_2024-10-21 ^{Fix .NET Framework scanner embedding logic.} Download Release notes

7.0.0 ^_2024-10-21 ^{.NET analysis defaults to Scanner for .NET v9 with multi-language analysis. Embeds scanner-CLI v6.2.1 with JRE auto-provisioning.} Download Release notes

6.2.0 ^_2024-07-01 ^{Default scanners are embedded for offline use} Download Release notes

6.1.0 ^_2024-06-18 ^{Scanner CLI now defaults to v6} Download Release notes

6.0.1 ^_2024-06-10 ^{Deprecate the old SonarQube v5 tasks with proper warnings} Download Release notes

6.0.0 ^_2024-05-31 ^{New V6 task with configurable scanner version, Drop of V3 tasks, bump of agent requirements for V4 tasks} Download Release notes

5.20.0 ^_2024-04-15 ^{Support for JDK 21 and Bump to Scanner for .NET 5.15.1 (fix for .NET 8 on MacOS)} Download Release notes

5.19.2 ^_2024-03-11 ^{Ignore specified JDK 11 if SonarQube does not support it} Download Release notes

5.19.1 ^_2024-03-04 ^{Reintroduce compatibility for v4 tasks with node6} Download Release notes

5.19.0 ^_2024-01-24 ^{PRs show issues that will be fixed by the merge & Accepted, Retry mechanism during publish polling to tolerate unstable network conditions.} Download Release notes

5.18.4 ^_2023-11-28 ^{Bump MSBuild Scanner to 5.15} Download Release notes

5.18.3 ^_2023-11-20 ^{Maximize proxy compatibility with tasks <5.18.0} Download Release notes

5.18.2 ^_2023-11-17 ^{Adjust PR decorations to Clean Code Taxonomy, Migrate from request to node-fetch, Support Azure proxy, Fix vulnerabilities} Download Release notes

5.17.2 ^_2023-10-18 ^{Revert request library} Download Release notes

5.16.0 ^_2023-10-17 ^{Fix Mend vulnerabilities & Dependencies bump} Download Release notes

5.15.0 ^_2023-06-14 ^{Fix computation and retrieval of report-task.txt + Let user choose which java version to use for analysis} Download Release notes

5.14.0 ^_2023-06-13 ^{Improved support for SQ >= 10.0, Change computation of metadata file path, added detection of JAVA_17 environment variable} Download Release notes

5.13.0 ^_2023-04-27 ^{Support for sonar.token, incremental analysis outside Azure, better error message} Download Release notes

5.12.0 ^_2023-03-17 ^{Supports for SonarCloud incremental analysis cache} Download Release notes

5.11.1 ^_2023-02-02 ^{Azure DevOps extension is compatible with SonarQube 10.0} Download Release notes

5.11.0 ^_2023-02-02 ^{Update scanner for .NET to 5.11.0} Download Release notes

5.10.0 ^_2023-01-23 ^{Bump Scanner for .NET to 5.10.0 and ScannerCLI to 4.8.0} Download Release notes

5.9.0 ^_2023-01-03 ^{Bump Scanner for .NET to 5.9.2} Download Release notes

5.8.1 ^_2022-10-11 ^{Fix task status spelling (CANCEL -> CANCELED)} Download Release notes

5.8.0 ^_2022-09-05 ^{Bump Scanner for .NET to 5.8.0} Download Release notes

5.7.0 ^_2022-08-09 ^{Bump Scanner for .NET to 5.7.2 and ScannerCLI to 4.7.0} Download Release notes

5.6.1 ^_2022-07-06 ^{Revert Scanner for .NET to 5.6.0 and ScannerCLi to 4.6.2} Download Release notes

5.6.0 ^_2022-07-05 ^{Bumped Scanner for .NET to 5.7.1 and Scanner CLI to 4.7.0} Download Release notes

5.5.0 ^_2022-06-15 ^{Bumped Scanner for .NET to 5.6.0} Download Release notes

5.4.0 ^_2022-02-16 ^{Bumped Scanner for .NET to 5.5.3} Download Release notes

5.3.0 ^_2022-02-07 ^{Bumped Scanner for .NET 5.5.0} Download Release notes

5.2.0 ^_2022-02-07 ^{Bump Scanner for .NET 5.4.1} Download Release notes

5.1.1 ^_2021-11-30 ^{Revert part of the change for SONARAZDO-264} Download Release notes

5.1.0 ^_2021-11-30 ^{Fix SSF-194, Bump Scanner for .NET 5.4.0} Download Release notes

5.0.0 ^_2021-09-28 ^{New Major Version for Azure Devops 2019 only, that resolves issues with LetsEncrypt Certs. For TFS2017/2018 use version 4.23.1} Download Release notes

4.23.1 ^_2021-10-08 ^{Rollback changes to Node handler and az pipeline task due to incompabilities with TFS 2017/2018} Download Release notes

4.23 ^_2021-10-01 ^{Change to Node10 execution handler to fix issues with LetEncrypt Certs} Download Release notes

4.22 ^_2021-09-20 ^{Updated plugin SDK from .NET Core 2 to .NET Core 3 + Bump SonarScanner for .NET v.5.3.1} Download Release notes

4.21 ^_2021-06-24 ^{Bump SonarScanner for .NET v.5.2.2} Download Release notes

4.20 ^_2021-04-30 ^{Bug fix + Bump SonarScanner for .NET and ScannerCLi versions} Download Release notes

4.19 ^_2021-04-09 ^{Support for Scanner for .NET 5.2 (Analyze test code)} Download Release notes

4.18 ^_2021-03-09 ^{Support for .NET 5, support for solo .NET Core project (without .sln)} Download Release notes

4.17 ^_2020-11-11 ^{Support for .NET 5, support for solo .NET Core project (without .sln)} Download Release notes

4.16 ^_2020-11-10 ^{Support for .NET 5, support for solo .NET Core project (without .sln)} Download Release notes

4.12 ^_2020-11-05 ^{Support for .NET 5, support for solo .NET Core project (without .sln)} Download Release notes

4.11 ^_2020-06-29 ^{Support FIPS compliant cryptographic algorithm, update to SonarScanner 4.4 and SonarScanner for MSBuild 4.10} Download Release notes

4.10 ^_2020-05-05 ^{Improve detection of duplicated coverage reports, update to SonarScanner 4.3 and SonarScanner for MSBuild 4.9} Download Release notes

4.9 ^_2020-01-29 ^{Enable scanner execution when only .NET Core 3 is installed, update to SonarScanner 4.2 and SonarScanner for MSBuild 4.8} Download Release notes

4.8.1 ^_2019-10-15 ^{Bug fix} Download Release notes

4.8 ^_2019-09-16 ^{Several bug fixes, update to SonarScanner 4.1 and SonarScanner for MSBuild 4.7.1} Download Release notes

4.7.2 ^_2019-08-14 ^{Bug fix} Download Release notes

4.7.1 ^_2019-08-14 ^{Bug fix} Download Release notes

4.7 ^_2019-08-13 ^{Fix a bug on the Publish Quality Gate Result task} Download Release notes

The Azure DevOps extension for SonarQube Server makes it easy to integrate analysis into your Azure build pipeline. The extension allows the analysis of all languages supported by SonarQube Server. For more information, see Azure Pipelines integration overview.

This page explains how to install the extension. Once the integration at a global level with Azure DevOps is complete, and you have set up project integration, you can Add SonarQube analysis to your pipeline.

Installation requirements

Category

Requirement

Azure DevOps

The extension will work with these Azure product versions:

• Azure DevOps Services

• Azure DevOps Server 2022.2

• Azure DevOps Server 2020.1.2

• Azure DevOps Server 2019.1.2

Azure pipeline agents

The extension will work with all of the hosted agents (Windows, Linux, and macOS):

• If you are using Microsoft-hosted agents, there is nothing else to install.

• If you are self-hosting the agents, see General requirements on scanner environment. In addition, make sure the appropriate build tools are installed on the agent for the type of project you are analyzing. For example, .NET Framework v4.6.2+/NET Core 3.1+ if building using MSBuild, Maven for Java projects, etc.

The minimum agent version for @7 tasks of the Azure DevOps Extension for SonarQube Server is 3.218.0.

Allowed websites

In order to download binaries and communicate with SonarQube Server, the following URLs should be whitelisted:

• SonarQube base URL.

• If using the Maven/Gradle mode or not using the default version of SonarScanner for .NET or CLI: the SonarSource binaries site (binaries.sonarsource.com).

If your instance of SonarQube Server is secured

If your SonarQube Server instance is secured behind a proxy and a self-signed certificate, you must add the self-signed certificate to the trusted CA certificates of the SonarScanner. In addition, if mutual TLS is used, you must define the access to the client certificate at the SonarScanner level.

See TLS certificates on client side and Securing behind a proxy.

Installing the extension

Sign in to your Azure DevOps Services organization or Azure DevOps Server collection with the dedicated technical account you created in Setting up integration at global level.
From the Visual Studio Marketplace, install the Azure DevOps extension for SonarQube by selecting the Get it free button.

If upgrading from a previous version of the extension

Smooth migration

The v7 extension embeds the latest version of SonarScanner for .NET and SonarScanner CLI. However, to allow a smooth migration, you can set up your Azure build pipeline to use a previous version of one of these scanners and thus, continue using a previous SonarQube tasks version until you’re ready to upgrade. See Using various features.

In that case, the SonarSource binaries site (binaries.sonarsource.com) must be whitelisted.

Prepare analysis configuration task: new scanner mode values

Allowable values for the scannerMode required property of the SonarQube tasks (see SonarQube tasks for Azure Pipelines) have changed with the v7 extension. Please use the following in your @7 tasks:

dotnet for the .NET mode
cli for the CLI mode
other for the Maven / Gradle mode

Deprecation notices

@6 tasks are deprecated in v7.0 extension and will be dropped in a subsequent release.

Previous versions

As new scanner versions are released, previous requirements and/or planned deprecations will be listed here.

Azure DevOps v6.2.x extension for SonarQube Server

The current versions of the SonarScanner for .NET and SonarScanner CLI are embedded and depending on your configuration, some additional setup may be required.

If you want to specify the exact .NET or CLI scanner version, use the the msBuildVersion and cliVersion properties. Please check the Using the Prepare Analysis Configuration task on the Azure DevOps integration page for details.

When specifying a particular scanner version, internet access is required by the pipelines calling the .NET or CLI scanners:

Access to github.com is required to download the SonarScanner for .NET. The GitHub URL and its HTTP redirect, objects.githubusercontent.com, should be whitelisted.
Access to binaries.sonarsource.com is required to download the SonarScanner CLI. The Sonar binaries should be whitelisted.

For users running on-premise or using self-hosted agents, the minimum agent version for SonarQube v6 tasks is 3.218.0.

in v6.0.1

Version @5 tasks were deprecated in v6.0.1 and will be dropped in a subsequent release.

Azure DevOps v5.x.x extension for SonarQube Server

Version @5 tasks were deprecated in v6.0.1 and will be dropped in a subsequent release.
For users running on-premise or using self-hosted agents, the minimum agent version for SonarQube version @5 tasks is 2.114.0.

PreviousSonarScanner CLI NextJenkins extension

Last updated 3 days ago

Was this helpful?