Start Free
Latest | Analyzing source code | Languages | C/C++/Objective-C | Running the analysis

Running the CFamily analysis

On this page

Refer to the Prerequisites section to pick the suitable scanner variant, and refer to the picked scanner documentation to learn how to execute it.

In short, you don’t need additional steps to analyze the CFamily code in AutoConfig mode; you need to set the sonar.cfamily.compile-commands scanner property to analyze in Compilation Database mode.

SonarScanner CLI

If you decide to use the Compilation Database mode, please ensure you have generated the compile_commands.json file before proceeding.

Step 1: Add the sonar-project.properties file at the root of your project. Sample sonar-project.properties

sonar.projectKey=myFirstProject
sonar.projectName=My First C++ Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.host.url=SonarQubeURL

Gathering all your code trees in a subdirectory of your project is recommended to avoid analyzing irrelevant source files like third-party dependencies. You can specify this subdirectory by setting the property sonar.sources accordingly. In this example, we named it src.

Step 2: Add the property sonar.cfamily.compile-commands in the sonar-project.properties file. You should set it to the path of the Compilation Database file relative to the project directory (compile_commands.json in these examples):
sonar.cfamily.compile-commands=compile_commands.json

Step 3: Execute the SonarScanner CLI (sonar-scanner) from the root directory of your project: sonar-scanner
For more SonarScanner CLI-related options, see SonarScanner CLI.

Step 4: Follow the link provided at the end of the analysis to browse your project's quality metrics in the UI.

SonarScanner for .NET

This is an example of analyzing a Solution using a C++ and C# mix in Compilation Database mode with a build wrapper.

The SonarScanner for .NET does not handle sonar-project.properties files, so the compilation database must be set during the .NET begin step.

Note that in this scenario, source code stored in shared folders, which are not considered a "Project" by Visual Studio, won't be scanned.

  1. Download and install the SonarScanner for .NET and the build wrapper (see the CFamily Prerequisites page).
  2. Execute the SonarScanner for .NET begin step with the build wrapper output parameter:
    /d:sonar.cfamily.compile-commands=<build_wrapper_output_directory>/compile_commands.json
  3. Add execution of the build wrapper to your normal .NET build command
  4. Execute the SonarScanner for .NET end step to complete the analysis
SonarScanner.MSBuild.exe begin /k:"cs-and-cpp-project-key" /n:"My C# and C++ project" /v:"1.0" /d:sonar.cfamily.compile-commands="build_wrapper_output_directory/compile_commands.json"
build-wrapper-win-x86-64.exe --out-dir build_wrapper_output_directory MSBuild.exe /t:Rebuild /nodeReuse:False
SonarScanner.MSBuild.exe end

An analysis configuration example project with a mix of C# and C++ is available on GitHub.


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License