SonarQube – root out the Technical Debt in your C# project

If you are looking for an installation guide for SonarQube the ALM Rangers have put one together here which you can use to assist you with your configuration and setup.

Microsoft and SonarSource have been collaborating on a set of integration components that allow you to configure a TFS/VSTS Build to connect to a SonarQube server and send the following data which is gathered during a build based on the quality profiles defined on the SonarQube server:

  • results of .NET and JavaScript code analysis
  • code clone analysis
  • code coverage data from tests
  • metrics for .NET and JavaScript

To get started here is a list of the software you’ll have to download and what I have used for this post.

NOTE:  SQL Server database must be case-sensitive (CS) and accent-sensitive (CS) Latin1_General_CS_AS.  The sqljdbc_auth.dll (x32 or x64) must be in your PATH if you want to use Windows Integrated authentication for your configuration.  If you have trouble connecting verify the name of the database used in your jdbc connection string it too is case-sensitive.  Make sure the TCP/IP protocol is enabled for your database instance using SQL Server Configuration Manager.

UDPATE 2/23/2016:

The Microsoft JDBC Drivers 4.2, 4.1, and 4.0 for SQL Server provide support for features first introduced in SQL Server 2012, including AlwaysOn, Correlated Tracing via XEvents, and UTF-16 support. Support includes Type 4 Kerberos on Windows and non-Windows platforms.

Create a database named sonar and set the collation to Latin1_General_CS_AS using SQL Server Management Studio, if you are using a service account to run SonarQube don’t forget to grant it dbowner rights on the database.  If you need help constructing the jdbc connection string you can check here.

Extract SonarQube to a folder on your hard drive, for example C:\sq\sonarqube-5.2\

Extract the Java SE Server VM to a folder on your hard drive, for example C:\sq\jdk1.8.0_66\

Set a JAVA_HOME environment variable pointing to your java folder, for example C:\sq\jdk1.8.0_66

These are the settings I customized in C:\sq\sonarqube-5.2\conf\ file for this particular example:

  • sonar.jdbc.url=jdbc:sqlserver://localhost\\SQLEXPRESS:6371;databaseName=sonar;integratedSecurity=true
  • sonar.web.javaOpts=-Xmx1024m -Xms256m -XX:+HeapDumpOnOutOfMemoryError
  • sonar.web.port=9000

You should be able to open a command prompt and start SonarQube, the first time you execute StartSonar.bat it will connect to the database and create all of the database artifacts.


Executing StartSonar.bat from a Command Prompt

Once it has started successfully started you may continue the configuration using a web browser at http://localhost:9000 and login using the default credentials:



Executing StartSonar.bat from a Command Prompt

If you have any difficulties getting to this point feel free to leave a comment and I’ll try to help you out.  You should now be logged into the SonarQube portal as the Administrator.


Executing StartSonar.bat from a Command Prompt

You should see a new menu option titled Administration, select it to continue. Under the Administration menu select System followed by Update Center.

Once in the Update Center you can update any plugins that need to be updated as well as add a few that we need to configure the system to use Active Directory for user authentication and Analyze and report on C# projects.

Click on Available to show all the different plugins available for SonarQube.  The first plugin we are going to install is titled C#, click the install button to the right.  Scroll down further and we’ll install the StyleCop and TFVC plugins.  We now have to restart the SonarQube service to install those plugins.  Go to the command prompt window and press CTRL-C to shutdown SonarQube.

Configure the following properties if needed for your installation, I only needed the

  • sonar.tfvc.username {Optional for Windows authentication}
  • sonar.tfvc.password.secured {Optional for Windows authentication}
  • sonar.tfvc.collectionuri {URI corresponding to the TFVC Project Collection, mandatory if working with TFS 2015

Run the StartSonar.bat batch file again to start the service again.  The Update Center should look something like this:


Executing StartSonar.bat from a Command Prompt

NOTE:  You can install SonarQube as a Windows service if you want using the InstallNTService.bat batch file.

In SonarQube again I want to create a user account that can be used for the MSBuild.SonarQube.Runner.  Login again to SonarQube using the administrator account and perform the following steps:

  • Click Administration
  • Click Security | Users
  • Click Create User
  • Enter values for Login, Name and Password
  • Click Create

Let’s now update the groups for that user, by default the user is added to sonar-users.  Click the Update Groups buttons and in the Update Groups dialog click All and select the checkbox for sonar-administrators and click Done.

Active Directory Support

If you want to add support for Active Directory now by going back to the Update Center and install the LDAP plugin.  Before restarting the SonarQube server, add the following section to the end of the file

# LDAP configuration

You can read up more about the LDAP plugin here.

MSBuild SonarQube Runner Configuration

If you want to execute the analysis as part of your build definition, you must have the following software installed on your build agent machine.

NOTE: Don’t forget to edit the SonarQube.Analysis.xml settings file in the MSBuild.SonarQube.Runner folder and set the following properties.  Your login and password are most likely different than what I am using below, please make sure you enter the account you created earlier if you aren’t using Windows Integrated Security.  I was not successful using Windows Integrated security for the MSBuild SonarQube Runner.

<Property Name=”sonar.login”>msbuild</Property> <Property Name=”sonar.password”>Password1</Property> <Property Name=”sonar.scm.enabled”>true</Property> <Property Name=”sonar.scm.provider”>tfvc</Property>

The TFVC SCM Provider requires analysis to be executed from Windows machines with the Team Foundation Server 2013 Object Model installed. If you’re using Team Foundation Server 2015 the task also needs to specify the Team Foundation Server Collection URI.  This property can be set and edited either through SonarQube.Analysis.xml or the SonarQube Server.

Create a Project in SonarQube to send the analysis during build

  • Log into SonarQube using the administration account
  • Click on Administration | Projects | Management
  • Click Create Project
  • Enter a Name and a Key (save these for later)
  • Click Create

Executing StartSonar.bat from a Command Prompt

Now we can configure the MSBuild Sonar Qube tasks in the build definition.  I’m using the new build agent that is available in VSTS and TFS 2015 which means I just need to add two build tasks

We need to add two command-line tasks to our build, the first at the beginning:


Executing StartSonar.bat from a Command Prompt


Set the following four arguments:

  • begin
  • /key:{the project key of the SonarQube project to which the build definition relates}
  • /name:{the project name of the SonarQube project}
  • /version:{the project version of the SonarQube project}

The aliases /k:, /n: and /v: can also be used.  If any of the arguments contain spaces then make sure it is surrounded by quotes.
The second command-line task can be placed after the Visual Studio Test task:


Executing StartSonar.bat from a Command Prompt

You should be able to queue a new build and have it analyze your code.


Executing StartSonar.bat from a Command Prompt

If you login to SonarQube you should see your project has been analyzed (depending on the size it may take a few minutes)


Executing StartSonar.bat from a Command Prompt

If you click on the name of your project, in my case it’s Fabrikam you will be brought to the Main Dashboard where you will be shown various information about your project.


Executing StartSonar.bat from a Command Prompt

My next post will be around enabling the rules for StyleCop and FxCop in the profile for your project.

Have fun!







About Wes MacDonald

Wes MacDonald is a DevOps Consultant for LIKE 10 INC., a DevOps consulting firm providing premium support, guidance and services for Azure, Microsoft 365 and Azure DevOps.

2 Responses to “SonarQube – root out the Technical Debt in your C# project”

  1. Reblogged this on Blog de Uriel Hdez ALM and commented:
    muy buen post



  1. SonarQube 6.0 integration with TFS15 RC2 behind ARR 3.0 | Team Services, Team Foundation Server and Visual Studio Awesomeness - September 26, 2016

    […] can see reference to the issue here.   The StyleCop plugin for C# which I referenced in an earlier post has […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: