I am currently in the process of writing code analysis rules for SSDT database projects for our company. We currently have SonarQube implemented for our C# projects, and our development director wanted me to integrate the SSDT Db project code analysis into SonarQube.
I am pretty new to SonarQube and have been doing a lot of googling, and I have found out how to run the SonarQube scanner using MSBuild which seems to be the right direction to head in. However, I have been unable to figure out how to get the scanner to pick up the results of my analysis.
You can test this out with the built in MSFT rules by adding this argument to your msbuild command line: /p:RunSqlCodeAnalysis=true. You can also optionally control which rules to run using /p:SqlCodeAnalysisRules=.
The question: How do I get SonarQube to generate a report from the code analysis results?
In order to push the analysis results to SonarQube you need to execute the following command after the project is built:
SonarQube.Scanner.MSBuild.exe end
Please, check the following article for more information: http://docs.sonarqube.org/display/SCAN/From+the+Command+Line
If you are using TFS you might be interested in our TFS extension, which can be found here: https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarqube