Search code examples
sonarqubesonar-runner

SonarQube overwrites ruleset and analyzers

I have a C# project that uses the StyleCop.Analyzers (based on Roslyn). When we compile this project using msbuild 14, we see the following warning raised by StyleCop.Analyzers:

warning SA1005: Single line comment must begin with a space.

So far, so good. That's what we expect.

Then, we created a simple script that does this compilation within a SonarQube msbuild start/stop:

cd MyProjectRoot
"D:\MSBuild.SonarQube.Runner-2.0\MSBuild.SonarQube.Runner.exe" begin /k:test /n:test /v:1.0.0 /d:sonar.host.url=https://mysonar.com/ /d:sonar.login=abc
"C:\Program Files (x86)\MSBuild\14.0\bin\msbuild.exe" /p:Configuration=Debug /t:Rebuild
"D:\MSBuild.SonarQube.Runner-2.0\MSBuild.SonarQube.Runner.exe" end

When we run this, we have something strange: we don't see the previous warning SA1005.

By looking at the msbuild output we see that when msbuild is not called within SonarQube start/stop, we have the following:

C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe ... /analyzer:..\packages\StyleCop.Analyzers.1.0.0\analyzers\dotnet\cs\Newtonsoft.Json.dll /analyzer:..\packages\StyleCop.Analyzers.1.0.0\analyzers\dotnet\cs\StyleCop.Analyzers.CodeFixes.dll /analyzer:..\packages\StyleCop.Analyzers.1.0.0\analyzers\dotnet\cs\StyleCop.Analyzers.dll

But when StyleCop is used within SonarQube start/stop, we have:

C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe ... /analyzer:C:\Users\myuser\AppData\Local\Temp\1\.sonarqube\.static\csharp_1.11.0\SonarAnalyzer.zip\SonarAnalyzer.CSharp.dll /analyzer:C:\Users\myuser\AppData\Local\Temp\1\.sonarqube\.static\csharp_1.11.0\SonarAnalyzer.zip\SonarAnalyzer.dll

So as you can see, we are not using the same analyzers! In fact, I am not using my configured Analyzers at all. Furthermore, we are not using the same ruleset. I haven't shown it in the msbuild output, but you can trust me ;)

So two questions:

  • How can we preserve our configured code Analyzers when compiling with SonarQube enabled?
  • How can we preserve our configured RuleSet when compiling with SonarQube enabled?

Note that I am using:

  • SonarQube msbuild runner 2.0
  • SonarQube server 5.3
  • SonarQube c# plugin 5.2
Solution

  • SonarQube overrides the ruleset used during analysis. If you want your ruleset to be the same you will need to setup the quality profile in SonarQube to match your current ruleset. There is a VS plugin that will sync your ruleset from the SonarQube server to your local projects if you want to use it.

    As for the StyleCop analyzer you need to package the analyzer by using the following SDK: https://github.com/SonarSource-VisualStudio/sonarqube-roslyn-sdk/blob/master/README.md

    Once you do that the rules should be available as Quality gate rules for use within sonar, and will run automatically during the analysis.