Azure Pipelines integration overview

The Azure DevOps Extension for SonarQube Server is used to manage the integration of SonarQube Server with Azure Pipelines.

It allows:

  • Integrating smoothly SonarQube analysis into your Azure build pipeline. This includes multi-branch analysis features.

  • Reporting the analysis’ quality gate status right in Azure Pipeline’s Build Summary page.

  • Checking the SonarQube quality gate status in your Azure release pipeline.

For general information about the SonarQube Server analysis integration into a CI pipeline, see SonarQube Server analysis overview.

Extension modes

The Azure DevOps extension for SonarQube Server can run in one of the following modes depending on your project type:

  • .NET: for .NET projects. The SonarScanner for .NET is used. See Introduction to SonarScanner for . Net for more information.

  • Maven or Gradle: for Maven and Gradle projects. The SonarScanner for Maven or SonarScanner for Gradle is used, respectively.

  • CLI: for the other project types (C family, JavaScript, TypeScript, Go, Python, PHP, etc.). The SonarScanner CLI is used.

The Azure DevOps Extension for SonarQube Server embeds the last compatible version of the SonarScanner for .NET and SonarScanner CLI, which is used by default.

In Maven/Gradle mode, your build task downloads the SonarScanner for Maven or Gradle from the SonarSource binaries site.

In very particular situations, you may not want to use the extension’s default version but a specific previous version of the SonarScanner for .NET or CLI. In such a case, you can configure your Azure build pipeline to download this specific version from the SonarSource binaries site, see Using various features for more details.

SonarQube tasks used in the pipeline definition

The SonarQube Server analysis is integrated into your Azure build pipeline by adding the following SonarQube tasks to your build pipeline definition:

  • Prepare Analysis Configuration

  • Run Code Analysis This task starts the SonarScanner for .NET or CLI. In the Maven/Gradle mode, it is replaced by a Maven or Gradle task that downloads the SonarScanner for Maven or Gradle, respectively.

  • Publish Quality Gate Result With this task, the quality gate status and a link to SonarQube Server are shown in the Azure Pipeline’s Build Summary page.

The Publish Quality Gate Result task can significantly increase the overall build time because it will poll SonarQube until the analysis is complete.

Analysis process overview

The figure below shows the analysis’s main steps with the example of a .NET project :

  1. The Prepare Analysis Configuration task starts the Begin step: the SonarScanner for .NET prepares the analysis by gathering all of the parameters and resources needed to analyze your project.

  2. The rules configured in your SonarQube quality profile are run during the build step. The SonarScanner for .NET collects the analysis data while your project is being built.

  3. The Run Code Analysis task starts the End step: the SonarScanner for .NET collects and prepares the analysis results which will be sent to SonarQube.

  4. The SonarScanner for .NET sends the analysis results to SonarQube (Server, Cloud) or SonarQube Community Build for further processing.

  5. SonarQube (Server, Cloud) or SonarQube Community Build sends the quality gate status to Azure DevOps where it can be used in your pipeline through the Publish Quality Gate Result task.

The SonarScanner for .NET is invoked twice during the build pipeline in Azure DevOps.

Related pages

PreviousIntroductionNextSetting up integration at global level

Last updated

Was this helpful?