In case you haven’t read previous posts in this series, you can find a short introduction to SonarQube and values it brings to the table here.

SonarQube server installation


The required pieces are: SonarQube server app and a database server. One can pick either MySQL (5.6+), PostgresSQL (8+), MS SQL (2012+) or Oracle (11g+). SonarQube server is licensed within a GNU LGPLv3 and works on top of Oracle JRE 8 or OpenJDK 8. As far as hardware requirements are concerned, it’s worth to mention RAM (at least 2 GB) and efficient hard drives. They have the biggest impact on the effective throughput mainly because of the Elasticsearch indices. More information can be found in the guide on the authors’ website.

Let’s install a database server (MySQL 5.7 in our case). Bear in mind that at the time of this writing MariaDb is not supported yet. Next, we need to download a ZIP package from the SonarQube server. There are two options: the latest and LTS. For the completeness, there is also a docker image that could be used by some container-oriented people.

  1. Create sonar scheme in the database as well as sonar user with sonar password.
  2. Grant full privileges of sonar scheme to sonar user.
  3. Unpack the downloaded archive to a directory of choice.
  4. Modify YOUR_SONAR_PATH/conf/
     # file - minimum configuration needed by SonarQube
     # User credentials.
     #----- MySQL 5.6 or greater
     sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&    rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
  5. Run YOUR_SONAR_PATH/bin/windows-*/InstallNTService.bat (Note! The processor architecture needs to match JVM architecture in use on your machine).
  6. Run YOUR_SONAR_PATH/bin/windows-*/StartNTService.bat.
  7. Go to http://localhost:9000.
  8. Enter admin (password: admin) which should land you on the SonarQube dashboard.

SonarSource AS offers also a SaaS service SonarCloud. It is free for open source projects.

  1. Go to
  2. Click Log in.
  3. Choose authentication; create such if you don’t have one yet.
  4. You are in (still) empty projects panel.
  5. Click the account icon in the top right corner and choose My Account.
  6. Generate a token in the Security tab (used as credentials by analysis scripts to communicate with SonarCloud API).
  7. Create a new organization in the Organizations tab (used by analysis scripts).
  8. We have infrastructure in place, now we need to configure analysis for our .NET projects.

Configuring .NET project analysis automation

Jon Skeet doesn’t need to be introduced to a .NET programmer. His C# in Depth as well as the amount of contribution to StackOverflow are world renowned. Working at Google he develops .NET client libraries for Google cloud services. Let’s try to test drive the quality of his code. By the following example you will also learn how to configure .NET projects analysis in general:

  1. Clone the repository:
  2. Ensure you have Visual Studio with C# 7 onboard.
  3. Install Sonar Scanner. This will alter MSBuild building, collect build results and send them to the SonarQube server.
     cinst sonarscanner-msbuild-net46
  4. Install JetBrains dotCover console tool for code coverage analysis.
     cinst dotcover-cli
  5. In the project root catalogue install xunit runner.
     nuget install xunit.runner.console -ExcludeVersion

All pieces in place. The last step is to automate analysis execution. The common approach is as follows:

# alters MSBuild (injects analyzers, makes sure they output to a result file)
SonarScanner.MSBuild begin ...

# builds as usual (test execution for code coverage is optional)
MSBuild ...                   
# collects analysis results, sends them to the server for further processing
SonarScanner.MSBuild end

Since Jon Skeet’s libraries are split between many solutions, we need to run the procedure in a loop. The following automation example can be easily adapted to the vast majority of .NET projects:

# Template analysis script that runs SonarQube analysis for .NET projects

  $version = '',  # SQ records analysis history, each having its version label
  $authToken = '' # auth, generated in SQ administration

# retrieve all solution files that exist in the project subtree
$slns = Get-ChildItem *.sln -r

foreach ($sln in $slns) {
  $sqProj = $sln.Name -replace '\.sln$',''
  Write-Host "Analysing $sqProj"

  # initiating - passing analysis parameters to 'begin' step
  SonarScanner.MSBuild begin `
    /key:"$($sqProj -replace '\.', '_')" `
    /name:"$($sqProj -replace '\.', ' ')" `
    /version:"$version" `
    # the following is needed for
    #/d:"" `
    #/d:"sonar.organization=ORGANIZATION_WE_CREATED_AT_SONARCLOUD" `

  # actual building
  nuget restore $sln
  MSBuild $sln /p:Configuration=Release          
  # running unit tests and calculating code coverage 
  $testPathPattern = "$($sln.Directory)\**\bin\Release\net452\*.Tests.dll"
  $dlls = Get-ChildItem $testPathPattern -r
  $xUnitRelativePath = ".\xunit.runner.console\tools\net452\xunit.console.exe"
  $runner = Resolve-Path $xUnitRelativePath
  $coverConfig = Get-ChildItem $("$($sln.Directory)\*.Tests\coverage.xml")
  dotCover analyse $coverConfig.FullName `
    /TargetExecutable="$runner" `
    /TargetArguments="$dlls" `
    /ReportType=HTML `

  # collecting results and sending to SonarQube server
  SonarScanner.MSBuild end
  Write-Host "Analysing $sqProj completed!"

I’ve uploaded analysis results to my local server as well as to the You can try them out.


This article explained how to install and configure your first SonarQube analysis in .NET stack.

The next one elaborates on the results of that analysis. It answers the question whether Jon Skeet writes good quality code or not (joke! Of course not, it’s rather about various attributes of his style of coding we all can learn from).