DEV Community

Cover image for SonarQube + Docker + .NET Core Code Analysis
Chinthaka Bandara
Chinthaka Bandara

Posted on • Updated on

SonarQube + Docker + .NET Core Code Analysis

Writing quality code plays a vital role in the software development life cycle. There are few tools to help us to write cleaner code. SonarQube is one of the tools which has a free community version.
SonarQube performs various analyzes, bugs, code smells, test coverage, vulnerabilities, duplicate blocks.

Install SonarQube on Docker

Let's now install the SonarQube on docker desktop. You should have Docker Desktop installed & logged in. Run this command on command prompt.



docker pull sonarqube


Enter fullscreen mode Exit fullscreen mode

Now we have to do the port mapping



docker run --name Sonarqube --publish 192.168.4.176:9000:9000 sonarqube


Enter fullscreen mode Exit fullscreen mode

Replace the followings with your values
Sonarqube - Name of the containter (Sonarqube)
192.168.4.176 - IP Address of the PC
9000 - Port that we are going to map

once the installation completes, Open your browser & go to http://localhost:9000, it will prompts you to change the "admin" password. After that you will be directed to SonarQube home page.

Install SonarScanner for .NET Core Global Tool



dotnet tool install --global dotnet-sonarscanner


Enter fullscreen mode Exit fullscreen mode

Create a project in SonarQube

Image description click on the "Manually" option & on the next screen provide name & key for the project.
Create projectIn this article we will go with a local repository.
Image descriptionProvide a name for the token & press "Generate" button. Once token is generated press on "Continue" button to run analysis on your project.
Image description

Run analysis on your project

Select ".NET" as the build type & ".NET Core" as the build tool.
Image descriptionGo to the root folder of your .NET Core project solution & open a command prompt from it. Now we can run the commands provided in the page one by one in the command prompt.



dotnet sonarscanner begin /k:"DemoProject" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"


Enter fullscreen mode Exit fullscreen mode


dotnet build


Enter fullscreen mode Exit fullscreen mode


dotnet sonarscanner end /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"


Enter fullscreen mode Exit fullscreen mode

make sure to save these commands to re-run the code analysis.
Once the last commands completes the page will be automatically refreshed with the report.
Image description

Happy Coding šŸ˜€

Top comments (1)

Collapse
 
stphnwlsh profile image
Stephen Walsh

I love using SonarQube or SonarCloud for this kind of thing. It's great feedback on your code. You can get feedback in the IDE by installing the Sonar Analyzer.

The other thing I find helpful is using this in a build pipeline. You can use the results of the analysis to block the build pipeline which can help stop bad changes hitting your main branch.

Also it's worth running dotnet test inside the sonarscanner block too to get code coverage as well.