--- /dev/null
+---
+title: SonarScanner for Ant
+url: /scan/sonarscanner-for-ant/
+---
+
+[[info]]
+| **Download SonarScanner 3.3** - Compatible with SonarQube 6.7+ (LTS)
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/ANTTASK) – [Source](https://github.com/SonarSource/sonar-scanner-ant)
+|
+| [Download](https://binaries.sonarsource.com/Distribution/sonarqube-ant-task/sonarqube-ant-task-2.6.0.1426.jar)
+
+The SonarScanner for Ant provides a `task` to allow integration of SonarQube analysis into an Apache Ant build script.
+
+The SonarScanner for Ant is an Ant Task that is wrapper of [SonarScanner](/scan/sonarqube-scanner/), which works by invoking SonarScanner and passing to it all [properties](/analysis/analysis-parameters/) named following a `sonar.*` convention. This has the downside of not being very Ant-y, but the upside of providing instant availability of any new analysis parameter introduced by a new version of a plugin or of SonarQube itself. Therefore, successful use of the SonarScanner for Ant requires strict adherence to the property names shown below.
+
+
+## Use
+Define a new sonar Ant target in your Ant build script:
+```
+<!-- build.xml -->
+<project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant">
+...
+
+<!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) -->
+<property name="sonar.host.url" value="http://localhost:9000" />
+
+...
+
+<!-- Define the SonarQube project properties -->
+<property name="sonar.projectKey" value="org.sonarqube:sonarqube-scanner-ant" />
+<property name="sonar.projectName" value="Example of SonarScanner for Ant Usage" />
+<property name="sonar.projectVersion" value="1.0" />
+<property name="sonar.sources" value="src" />
+<property name="sonar.java.binaries" value="build" />
+<property name="sonar.java.libraries" value="lib/*.jar" />
+...
+
+<!-- Define SonarScanner for Ant Target -->
+<target name="sonar">
+ <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml">
+ <!-- Update the following line, or put the "sonarqube-ant-task-*.jar" file in your "$HOME/.ant/lib" folder -->
+ <classpath path="path/to/sonar/ant/task/lib/sonarqube-ant-task-*.jar" />
+ </taskdef>
+
+ <!-- Execute SonarScanner for Ant Analysis -->
+ <sonar:sonar />
+</target>
+```
+Run the following command from the project base directory to launch the analysis:
+```
+ant sonar
+```
+
+
+## Sample Project
+To help you get started, a simple project sample is available here: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-ant
+
+## Troubleshooting
+**Enable Debug Logs**
+To enable debug logs, use the regular Ant verbose option: `-v`
+```
+ant sonar -v
+```
--- /dev/null
+---
+title: SonarScanner for Azure DevOps
+url: /scan/sonarscanner-for-azure-devops/
+---
+
+
+[[info]]
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/VSTS) – [Source](https://github.com/SonarSource/sonar-scanner-vsts)
+| **SonarScanner for Azure DevOps**
+
+The <!-- sonarqube -->[SonarQube](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarqube)<!-- /sonarqube --> <!-- sonarcloud -->[SonarCloud](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud)<!-- /sonarcloud --> extension for Azure DevOps <!-- sonarqube -->Server<!-- /sonarqube --> makes it easy to integrate analysis into your build pipeline. The extension allows the analysis of all languages supported by {instance}.
+
+<!-- sonarcloud -->
+Microsoft has published a [dedicated lab](https://aka.ms/sonarcloudlab) describing how to integrate Azure DevOps Pipelines and SonarCloud. The lab includes setting up a Branch Policy in Azure DevOps to block a Pull Request from being submitted if the changed code does not meet the quality bar.
+<!-- /sonarcloud -->
+
+## Compatibility
+Version <!-- sonarqube -->4.x<!-- /sonarqube --><!-- sonarcloud -->1.x<!-- /sonarcloud --> is compatible with:
+* TFS 2017 Update 2+
+* TFS 2018
+* Azure DevOps Server 2019
+* Azure DevOps
+
+<!-- sonarqube -->
+The SonarQube Extension embeds its own version of the [SonarScanner for MSBuild](/scan/sonarqube-scanner-for-msbuild/).
+<!-- /sonarqube -->
+
+## Installation
+1. Install the extension [from the marketplace](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarqube).
+
+If you are using [Microsoft-hosted build agents](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops) then there is nothing else to install. The extension will work with all of the hosted agents (Windows, Linux, and MacOS).
+
+2. If you are self-hosting the build agents make sure at least the minimal version of Java supported by {instance} is installed.
+In addition, make sure the appropriate build tools are installed on the agent for the type of project e.g. .NET Framework v4.6+/NET Core 2.0+ if building using MSBuild, Maven for Java projects etc.
+
+## Configure
+The first thing to do is to declare <!-- sonarqube -->your SonarQube server<!-- /sonarqube --><!-- sonarcloud -->SonarCloud<!-- /sonarcloud --> as a service endpoint in your Azure DevOps project settings.
+
+1. Open the Connections page in your Azure DevOps project: **Project Settings > Pipelines > Service Connections**.
+1. Click on **New service connection** and choose **{instance}**.
+<!-- sonarqube -->
+1. Specify a **Connection name**, the **Server URL** of your SonarQube Server (including the port if required) and the [Authentication Token](/user-guide/user-token/) to use.
+<!-- /sonarqube -->
+<!-- sonarcloud -->
+1. Specify a **Connection name** and **SonarCloud token**. There is a link in the dialog that will take you to the account security page on SonarCloud where you can create a new token if necessary. You can also button that lets you verify that connection is correctly configured.
+<!-- /sonarcloud -->
+
+Each extension provides three tasks you will use in your build definitions to analyze your projects:
+
+* **Prepare Analysis Configuration** task, to configure all the required settings before executing the build.
+ * This task is mandatory.
+ * In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
+* **Run Code Analysis** task, to actually execute the analysis of the source code.
+ * This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.
+* **Publish Quality Gate Result** task, to display the Quality Gate status in the build summary and give you a sense of whether the application is ready for production "quality-wise".
+ * This tasks is optional.
+ * It can significantly increase the overall build time because it will poll {instance} until the analysis is complete. Omitting this task will not affect the analysis results on {instance} - it simply means the Azure DevOps Build Summary page will not show the status of the analysis or a link to the project dashboard on {instance}.
+
+When creating a build definition you can filter the list of available tasks by typing "Sonar" to display only the relevant tasks.
+
+## Analysing a .NET solution
+1. In your build definition, add:
+ * At least **Prepare Analysis Configuration** task and **Run Code Analysis** task
+ * Optionally **Publish Quality Gate Result** task
+1. Reorder the tasks to respect the following order:
+ * **Prepare Analysis Configuration** task before any **MSBuild** or **Visual Studio Build** tasks.
+ * **Run Code Analysis** task after the **Visual Studio Test task**.
+ * **Publish Quality Gate Result** task after the **Run Code Analysis** task
+1. Click on the **Prepare Analysis Configuration** build step to configure it:
+ * You must specify the service connection (i.e. {instance}) to use. You can:
+ * select an existing endpoint from the drop down list
+ * add a new endpoint
+ * manage existing endpoints
+ <!-- sonarcloud -->* specify which **SonarCloud Organization** to use by choosing an organization from the drop-down<!-- /sonarcloud -->
+ * Keep **Integrate with MSBuild** checked and specify at least the project key
+ * **Project Key** - the unique project key in {instance}
+ * **Project Name** - the name of the project in {instance}
+ * **Project Version** - the version of the project in {instance}
+1. Click the **Visual Studio Test** task and check the **Code Coverage Enabled** checkbox to process the code coverage and have it imported into {instance}. (Optional but recommended)
+
+Once all this is done, you can trigger a build.
+
+## Analysing a Java project with Maven or Gradle
+1. In your build definition, add:
+ * At least **Prepare Analysis Configuration** task
+ * Optionaly **Publish Quality Gate Result** task
+1. Reorder the tasks to respect the following order:
+ * **Prepare Analysis Configuration** task before the **Maven** or **Gradle** task.
+ * **Publish Quality Gate Result** task after the **Maven** or **Gradle** task.
+1. Click on the Prepare Analysis Configuration build step to configure it:
+ * Select the **SonarQube Server**
+ * Select **Integrate with Maven or Gradle**
+1. On the Maven or Gradle task, in **Code Analysis**, check **Run SonarQube or SonarCloud Analysis**
+
+Once all this is done, you can trigger a build.
+
+## Analysing other project types
+If you are not developing a .NET application or a Java project, here is the standard way to trigger an analysis:
+
+1. In your build definition, add:
+ * At least **Prepare Analysis Configuration** task and **Run Code Analysis** task
+ * Optionaly **Publish Quality Gate Result** task
+1. Reorder the tasks to respect the following order:
+ 1. **Prepare Analysis Configuration**
+ 2. **Run Code Analysis**
+ 3. **Publish Quality Gate Result**
+1. Click on the Prepare Analysis Configuration build step to configure it:
+ * Select the **SonarQube Server**
+ * Select **Use standalone scanner**
+ * Then:
+ * Either the SonarQube properties are stored in the (standard) `sonar-project.properties` file in your SCM, and you just have to make sure that "Settings File" correctly points at it. This is the recommended way.
+ * Or you don't have such a file in your SCM, and you can click on **Manually provide configuration** to specify it within your build definition. This is not recommended because it's less portable.
+
+Once all this is done, you can trigger a build.
+
+## Branch and Pull Request analysis
+<!-- sonarqube -->
+_Branch and Pull Request analysis are available as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html) and [above](https://www.sonarsource.com/plans-and-pricing/)_
+<!-- /sonarqube -->
+
+### Branches
+When a build is run on a branch of your project, the extension automatically configures the analysis to be pushed to the relevant project branch in {instance}. The same build definition can apply to all your branches, whatever type of Git repository you are analyzing,
+
+If you are working with branches on TFVC projects, you still need to manually specify the branch to be used on {instance}: in the **Prepare Analysis Configuration** task, in the **Additional Properties**, you need to set `sonar.branch.name`.
+
+### PRs
+{instance} can analyze the code of the new features and annotate your pull requests in TFS with comments to highlight issues that were found.
+
+Pull request analysis is supported for any type of Git repositories. To activate it:
+
+1. In the **Branch policies** page of your main development branches (e.g. "master"), add a build policy that runs your build definition
+1. Create an Azure DevOps token with "Code (read and write)" scope
+1. <!-- sonarqube -->In SonarQube, in the **[Administration > General Settings > Pull Requests](/#sonarqube-admin#/admin/settings?category=pull_request)** page,<!-- /sonarqube --><!-- sonarcloud -->In SonarCloud,<!-- /sonarcloud --> set this token in the **VSTS/TFS** section
+
+Next time some code is pushed in the branch of a pull request, the build definition will execute a scan on the code and publish the results in {instance} which will decorate the pull request in TFS.
+
+
+
+## FAQ
+**Is it possible to trigger analyses on Linux or macOS agents?**
+This becomes possible from version <!-- sonarqube -->4.0 of the SonarQube task<!-- /sonarqube --><!-- sonarcloud -->1.0 of the SonarCloud extension<!-- /sonarcloud -->, in which the extension was fully rewritten in Node.js. The mono dependency was dropped in version <!-- sonarqube -->4.3<!-- /sonarqube --><!-- sonarcloud -->1.3<!-- /sonarcloud -->.
+
+This is not possible with previous versions of the extension.
+
+**How do I break the build based on the quality gate status?**
+This is not possible with the new version of the extension if you are using the most up-to-date versions of the tasks. We believe that breaking a CI build is not the right approach. Instead, we are providing pull request decoration (to make sure that issues aren't introduced at merge time) and we'll soon add a way to check the quality gate as part of a Release process.
+
+
--- /dev/null
+---
+title: SonarScanner for Gradle
+url: /scan/sonarscanner-for-gradle/
+---
+
+[[info]]
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/SONARGRADL) – [Source](https://github.com/SonarSource/sonar-scanner-gradle)
+| Current version: **SonarQube Scanner for Gradle 2.7.1**
+
+
+
+The SonarScanner for Gradle provides an easy way to start SonarQube analysis of a Gradle project.
+
+The ability to execute the SonarQube analysis via a regular Gradle task makes it available anywhere Gradle is available (developer build, CI server, etc.), without the need to manually download, setup, and maintain a SonarQube Runner installation. The Gradle build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly.
+
+## Prerequisites
+* Gradle versions 2.14+
+* At least the minimal version of Java supported by your SonarQube server is in use
+
+Bytecode created by javac compilation is required for Java analysis, including Android projects.
+
+## Configure the Scanner
+Installation is automatic, but certain global properties should still be configured. A good place to configure global properties is `~/.gradle/gradle.properties`. Be aware that the scanner uses system properties so all properties should be prefixed by `systemProp`.
+
+```
+# gradle.properties
+systemProp.sonar.host.url=http://localhost:9000
+
+#----- Token generated from an account with 'publish analysis' permission
+systemProp.sonar.login=<token>
+```
+
+## Analyzing
+First, activate the scanner in your build. For Gradle 2.1+, in `build.gradle`:
+```
+plugins {
+ id "org.sonarqube" version "2.7"
+}
+```
+More details on https://plugins.gradle.org/plugin/org.sonarqube
+
+Assuming a local SonarQube server with out-of-the-box settings is up and running, no further configuration is required.
+
+Execute `gradle sonarqube` and wait until the build has completed, then open the web page indicated at the bottom of the console output. You should now be able to browse the analysis results.
+
+## Analyzing Multi-Project Builds
+To analyze a project hierarchy, apply the SonarQube plugin to the root project of the hierarchy. Typically (but not necessarily) this will be the root project of the Gradle build. Information pertaining to the analysis as a whole has to be configured in the sonarqube block of this project. Any properties set on the command line also apply to this project.
+
+```
+// build.gradle
+sonarqube {
+ properties {
+ property "sonar.sourceEncoding", "UTF-8"
+ }
+}
+```
+
+Configuration shared between subprojects can be configured in a subprojects block.
+```
+// build.gradle
+subprojects {
+ sonarqube {
+ properties {
+ property "sonar.sources", "src"
+ }
+ }
+}
+```
+
+Project-specific information is configured in the `sonarqube` block of the corresponding project.
+```
+// build.gradle
+project(":project1") {
+ sonarqube {
+ properties {
+ property "sonar.branch", "Foo"
+ }
+ }}
+```
+
+To skip SonarQube analysis for a particular subproject, set sonarqube.skipProject to true.
+```
+// build.gradle
+project(":project2") {
+ sonarqube {
+ skipProject = true
+ }
+}
+```
+
+## Task dependencies
+All tasks that produce output that should be included in the SonarQube analysis need to be executed before the `sonarqube` task runs. Typically, these are compile tasks, test tasks, and code coverage tasks. To meet these needs, the plugins adds a task dependency from `sonarqube` on `test` if the Java plugin is applied. Further task dependencies can be added as needed. For example:
+```
+// build.gradle
+project.tasks["sonarqube"].dependsOn "anotherTask"
+```
+
+## Sample project
+
+A simple working example is available at this URL so you can check everything is correctly configured in your env:
+https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-gradle
+
+
+## Analysis property defaults
+The SonarScanner for Gradle uses information contained in Gradle's object model to provide smart defaults for most of the standard [analysis parameters](/analysis/analysis-parameters/), as listed below.
+
+Gradle defaults for standard SonarQube properties:
+
+Property|Gradle default
+---|---
+`sonar.projectKey`|`[${project.group}:]${project.name}` for root module; `<root module key>:<module path>` for submodules
+`sonar.projectName`|`${project.name}`
+`sonar.projectDescription`|`${project.description}`
+`sonar.projectVersion`|`${project.version}`
+`sonar.projectBaseDir`|`${project.projectDir}`
+`sonar.working.directory`|`${project.buildDir}/sonar`
+
+Notice that additional defaults are provided for projects that have the java-base or java plugin applied:
+
+Property|Gradle default
+---|---
+`sonar.sourceEncoding`|`${project.compileJava.options.encoding}`
+`sonar.java.source`|`${project.sourceCompatibility}`
+`sonar.java.target`|`${project.targetCompatibility}`
+`sonar.sources`|`${sourceSets.main.allSource.srcDirs}` (filtered to only include existing directories)
+`sonar.tests`|`${sourceSets.test.allSource.srcDirs}` (filtered to only include existing directories)
+`sonar.java.binaries`|`${sourceSets.main.output.classesDir}`
+`sonar.java.libraries`|`${sourceSets.main.compileClasspath}` (filtering to only include files; rt.jar and jfxrt.jar added if necessary)
+`sonar.java.test.binaries`|`${sourceSets.test.output.classeDir}`
+`sonar.java.test.libraries`|`${sourceSets.test.compileClasspath}` (filtering to only include files; rt.jar and jfxrt.jar added if necessary)
+`sonar.junit.reportPaths`|`${test.testResultsDir}` (if the directory exists)
+
+Groovy projects get all the Java defaults, plus:
+
+Property|Gradle default
+---|---
+`sonar.groovy.binaries`|`${sourceSets.main.output.classesDir}`
+
+
+Additional defaults when JaCoCo plugin is applied
+
+Property|Gradle default
+---|---
+`sonar.jacoco.reportPaths`|`${jacoco.destinationFile}`
+`sonar.groovy.jacoco.reportPath`|`${jacoco.destinationFile}`
+
+Additional defaults for Android projects (`com.android.application`, `com.android.library`, or `com.android.test`)
+By default the first variant of type "debug" will be used to configure the analysis. You can override the name of the variant to be used using the parameter 'androidVariant':
+
+```
+build.gradle
+sonarqube {
+ androidVariant 'fullDebug'
+}
+```
+
+Property| Gradle default
+---|---
+`sonar.sources` (for non test variants)|`${variant.sourcesets.map}` (ManifestFile/CDirectories/AidlDirectories/AssetsDirectories/CppDirectories/JavaDirectories/RenderscriptDirectories/ResDirectories/ResourcesDirectories)
+`sonar.tests` (for test variants)|`${variant.sourcesets.map}` (ManifestFile/CDirectories/AidlDirectories/AssetsDirectories/CppDirectories/JavaDirectories/RenderscriptDirectories/ResDirectories/ResourcesDirectories)
+`sonar.java[.test].binaries`|`${variant.destinationDir}`
+`sonar.java[.test].libraries`|`${variant.javaCompile.classpath} + ${bootclasspath}`
+`sonar.java.source`|`${variant.javaCompile.sourceCompatibility}`
+`sonar.java.target`|`${variant.javaCompile.targetCompatibility}`
+
+
+## Passing manual properties / overriding defaults
+The SonarScanner for Gradle adds a SonarQubeExtension extension to project and its subprojects, which allows you to configure/override the analysis properties.
+```
+// in build.gradle
+sonarqube {
+ properties {
+ property "sonar.exclusions", "**/*Generated.java"
+ }
+}
+```
+SonarQube properties can also be set from the command line, or by setting a system property named exactly like the SonarQube property in question. This can be useful when dealing with sensitive information (e.g. credentials), environment information, or for ad-hoc configuration.
+
+```
+gradle sonarqube -Dsonar.host.url=http://sonar.mycompany.com -Dsonar.verbose=true
+```
+
+While certainly useful at times, we recommend keeping the bulk of the configuration in a (versioned) build script, readily available to everyone.
+A SonarQube property value set via a system property overrides any value set in a build script (for the same property). When analyzing a project hierarchy, values set via system properties apply to the root project of the analyzed hierarchy. Each system property starting with `sonar.` will be taken into account.
+
+
+
+### Analyzing Custom Source Sets
+By default, the SonarScanner for Gradle passes on the project's main source set as production sources, and the project's test source set as test sources. This works regardless of the project's source directory layout. Additional source sets can be added as needed.
+
+```
+// build.gradle
+sonarqube {
+ properties {
+ properties["sonar.sources"] += sourceSets.custom.allSource.srcDirs
+ properties["sonar.tests"] += sourceSets.integTest.allSource.srcDirs
+ }
+}
+```
+
+## Advanced topics
+### More on configuring SonarQube properties
+Let's take a closer look at the `sonarqube.properties` `{}` block. As we have already seen in the examples, the `property()` method allows you to set new properties or override existing ones. Furthermore, all properties that have been configured up to this point, including all properties preconfigured by Gradle, are available via the properties accessor.
+
+Entries in the properties map can be read and written with the usual Groovy syntax. To facilitate their manipulation, values still have their “idiomatic” type (File, List, etc.). After the sonarProperties block has been evaluated, values are converted to Strings as follows: Collection values are (recursively) converted to comma-separated Strings, and all other values are converted by calling their `toString()` methods.
+
+Because the `sonarProperties` block is evaluated lazily, properties of Gradle's object model can be safely referenced from within the block, without having to fear that they have not yet been set.
+
--- /dev/null
+---
+title: SonarScanner for Jenkins
+url: /scan/sonarscanner-for-jenkins/
+---
+
+[[info]]
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/JNKNS) – [Source](https://github.com/SonarSource/sonar-scanner-jenkins)
+| Current version: **SonarScanner for Jenkins 2.8.1**
+
+This plugin lets you centralize the configuration of SonarQube server connection details in Jenkins global configuration.
+
+Then you can trigger SonarQube analysis from Jenkins using standard Jenkins Build Steps or [Jenkins Pipeline DSL](https://jenkins.io/solutions/pipeline/) to trigger analysis with:
+
+* [SonarScanner](/scan/sonarqube-scanner/)
+* [SonarScanner for Maven](/scan/sonarqube-scanner-for-maven/)
+* [SonarScanner for Gradle](/scan/sonarqube-scanner-for-gradle/)
+* [SonarScanner for MSBuild](/scan/sonarqube-scanner-for-msbuild/)
+
+Once the job is complete, the plugin will detect that a SonarQube analysis was made during the build and display a badge and a widget on the job page with a link to the SonarQube dashboard as well as quality gate status.
+
+## Installation
+1. [Install the SonarScanner for Jenkins via the Jenkins Update Center](https://plugins.jenkins.io/sonar).
+1. Configure your SonarQube server(s)
+ * Log into Jenkins as an administrator and go to Manage Jenkins > Configure System:
+ * Scroll down to the SonarQube configuration section, click on Add SonarQube, and add the values you're prompted for.
+
+## Analyzing a .NET solution
+**Global Configuration**
+This step is mandatory if you want to trigger any of your analyses with the SonarScanner for MSBuild. You can define as many scanner instances as you wish. Then for each Jenkins job, you will be able to choose with which launcher to use to run the SonarQube analysis.
+1. Log into Jenkins as an administrator and go to **Manage Jenkins > Global Tool Configuration**
+1. Click on **Add SonarScanner for MSBuild**
+1. Add an installation of the latest available version. Check **Install automatically** to have the SonarScanner for MSBuild automatically provisioned on your Jenkins executors
+
+If you do not see any available version under Install from GitHub, first go to Manage Jenkins > Manage Plugins > Advanced and click on Check now
+
+**Job Configuration**
+1. Configure the project, and go to the **Build** section.
+1. Add the SonarQube for MSBuild - Begin Analysis to your build
+1. Configure the SonarQube Project Key, Name and Version in the SonarScanner for MSBuild - Begin Analysis build step
+1. Add the MSBuild build step or the Execute Windows batch command to execute the build with MSBuild 14 (see compatibility) to your build.
+1. Add the SonarQube for MSBuild - End Analysis build steps to your build
+
+## Analyzing a Java project with Maven or Gradle
+** Global Configuration**
+1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System
+1. Scroll to the SonarQube servers section and check Enable injection of SonarQube server configuration as build environment variables
+
+** Job Configuration**
+1. **Configure** the project, and go to the **Build Environment** section.
+1. Enable **Prepare SonarScanner environment** to allow the injection of SonarQube server values into this particular job. If multiple SonarQube instances are configured, you will be able to choose which one to use.
+Once the environment variables are available, use them in a standard Maven build step (Invoke top-level Maven targets) by setting the Goals to include, or a standard Gradle build step (Invoke Gradle script) by setting the Tasks to execute.
+
+Maven goal:
+```
+$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
+```
+Gradle task:
+```
+sonarqube -Dsonar.host.url=$SONAR_HOST_URL
+```
+
+In both cases, launching your analysis may require authentication. In that case, make sure that the Global Configuration defines a valid SonarQube token, and add it to the Maven goal or Gradle task with the following argument and value: `-Dsonar.login=$SONAR_AUTH_TOKEN`
+
+## Analyzing other project types
+
+**Global Configuration**
+This step is mandatory if you want to trigger any of your SonarQube analyses with the SonarScanner. You can define as many scanner instances as you wish. Then for each Jenkins job, you will be able to choose with which launcher to use to run the SonarQube analysis.
+
+1. Log into Jenkins as an administrator and go to **Manage Jenkins > Global Tool Configuration**
+1. Scroll down to the SonarScanner configuration section and click on Add SonarScanner. It is based on the typical Jenkins tool auto-installation. You can either choose to point to an already installed version of SonarScanner (uncheck 'Install automatically') or tell Jenkins to grab the installer from a remote location (check 'Install automatically')
+
+If you don't see a drop down list with all available SonarScanner versions but instead see an empty text field then this is because Jenkins still hasn't downloaded the required update center file (default period is 1 day). You may force this refresh by clicking 'Check Now' button in Manage Plugins > Advanced tab.
+
+**Job Configuration**
+1. **Configure** the project, and go to the **Build** section.
+1. Add the SonarScanner build step to your build.
+1. Configure the SonarQube analysis properties. You can either point to an existing sonar-project.properties file or set the analysis properties directly in the **Analysis properties** field
+
+
+
+## Using a Jenkins pipeline
+Since version 2.5 of the SonarScanner for Jenkins, there is official support of Jenkins pipeline. We provide a `withSonarQubeEnv` block that allows you to select the SonarQube server you want to interact with. Connection details you have configured in Jenkins global configuration will be automatically passed to the scanner.
+
+Here are a some examples for every scanner, assuming you run on Unix slaves and you have configured a server named "My SonarQube Server" as well as required tools. If you run on Windows slaves, just replace `sh` with `bat`.
+
+SonarScanner:
+```
+node {
+ stage('SCM') {
+ git 'https://github.com/foo/bar.git'
+ }
+ stage('SonarQube analysis') {
+ // requires SonarScanner 2.8+
+ def scannerHome = tool 'SonarScanner 2.8';
+ withSonarQubeEnv('My SonarQube Server') {
+ sh "${scannerHome}/bin/sonar-scanner"
+ }
+ }
+}
+```
+SonarScanner for Gradle:
+```
+node {
+ stage('SCM') {
+ git 'https://github.com/foo/bar.git'
+ }
+ stage('SonarQube analysis') {
+ withSonarQubeEnv('My SonarQube Server') {
+ // requires SonarScanner for Gradle 2.1+
+ // It's important to add --info because of SONARJNKNS-281
+ sh './gradlew --info sonarqube'
+ }
+ }
+}
+```
+SonarScanner for Maven:
+```
+node {
+ stage('SCM') {
+ git 'https://github.com/foo/bar.git'
+ }
+ stage('SonarQube analysis') {
+ withSonarQubeEnv('My SonarQube Server') {
+ // requires SonarScanner for Maven 3.2+
+ sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar'
+ }
+ }
+}
+```
+SonarScanner for MSBuild:
+```
+node {
+ stage('SCM') {
+ git 'https://github.com/foo/bar.git'
+ }
+ stage('Build + SonarQube analysis') {
+ def sqScannerMsBuildHome = tool 'Scanner for MSBuild 2.2'
+ withSonarQubeEnv('My SonarQube Server') {
+ // Due to SONARMSBRU-307 value of sonar.host.url and credentials should be passed on command line
+ bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe begin /k:myKey /n:myName /v:1.0 /d:sonar.host.url=%SONAR_HOST_URL% /d:sonar.login=%SONAR_AUTH_TOKEN%"
+ bat 'MSBuild.exe /t:Rebuild'
+ bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe end /d:sonar.login=%SONAR_AUTH_TOKEN%"
+ }
+ }
+}
+```
+
+## Pause pipeline until quality gate is computed
+The `waitForQualityGate` step will pause the pipeline until SonarQube analysis is completed and returns quality gate status.
+
+### Pre-requisites:
+* Configure a webhook in your SonarQube server pointing to `<your Jenkins instance>/sonarqube-webhook/`
+* Use `withSonarQubeEnv` step in your pipeline (so that SonarQube taskId is correctly attached to the pipeline context).
+
+
+Scripted pipeline example:
+```
+node {
+ stage('SCM') {
+ git 'https://github.com/foo/bar.git'
+ }
+ stage('SonarQube analysis') {
+ withSonarQubeEnv('My SonarQube Server') {
+ sh 'mvn clean package sonar:sonar'
+ } // SonarQube taskId is automatically attached to the pipeline context
+ }
+}
+
+// No need to occupy a node
+stage("Quality Gate"){
+ timeout(time: 1, unit: 'HOURS') { // Just in case something goes wrong, pipeline will be killed after a timeout
+ def qg = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv
+ if (qg.status != 'OK') {
+ error "Pipeline aborted due to quality gate failure: ${qg.status}"
+ }
+ }
+}
+```
+Thanks to the webhook, the step is implemented in a very lightweight way: no need to occupy a node doing polling, and it doesn't prevent Jenkins to restart (step will be restored after restart). Note that to prevent race conditions, when the step starts (or is restarted) a direct call is made to the server to check if the task is already completed.
+
+Declarative pipeline example:
+```
+pipeline {
+ agent any
+ stages {
+ stage('SCM') {
+ steps {
+ git url: 'https://github.com/foo/bar.git'
+ }
+ }
+ stage('build && SonarQube analysis') {
+ steps {
+ withSonarQubeEnv('My SonarQube Server') {
+ // Optionally use a Maven environment you've configured already
+ withMaven(maven:'Maven 3.5') {
+ sh 'mvn clean package sonar:sonar'
+ }
+ }
+ }
+ }
+ stage("Quality Gate") {
+ steps {
+ timeout(time: 1, unit: 'HOURS') {
+ // Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails
+ // true = set pipeline to UNSTABLE, false = don't
+ // Requires SonarScanner for Jenkins 2.7+
+ waitForQualityGate abortPipeline: true
+ }
+ }
+ }
+ }
+}
+```
+
+If you want to run multiple analysis in the same pipeline and use waitForQualityGate, it works starting from version 2.8, but you have to do everything in order:
+```
+pipeline {
+ agent any
+ stages {
+ stage('SonarQube analysis 1') {
+ steps {
+ sh 'mvn clean package sonar:sonar'
+ }
+ }
+ stage("Quality Gate 1") {
+ steps {
+ waitForQualityGate abortPipeline: true
+ }
+ }
+ stage('SonarQube analysis 2') {
+ steps {
+ sh 'gradle sonarqube'
+ }
+ }
+ stage("Quality Gate 2") {
+ steps {
+ waitForQualityGate abortPipeline: true
+ }
+ }
+ }
+}
+```
--- /dev/null
+---
+title: SonarScanner for Maven
+url: /scan/sonarscanner-for-maven/
+---
+
+[[info]]
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/MSONAR) – [Source](https://github.com/SonarSource/sonar-scanner-maven)
+| Current version: **SonarScanner for Maven 3.6.0.1398**
+
+
+The SonarScanner is recommended as the default analyzer for Maven projects.
+
+The ability to execute the SonarQube analysis via a regular Maven goal makes it available anywhere Maven is available (developer build, CI server, etc.), without the need to manually download, setup, and maintain a SonarQube Runner installation. The Maven build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly.
+
+
+
+## Prerequisites
+* Maven 3.x
+* At least the minimal version of Java supported by your SonarQube server is in use
+
+## Global Settings
+
+Edit the [settings.xml](http://maven.apache.org/settings.html) file, located in `$MAVEN_HOME/conf` or `~/.m2`, to set the plugin prefix and optionally the SonarQube server URL.
+
+Example:
+```
+<settings>
+ <pluginGroups>
+ <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
+ </pluginGroups>
+ <profiles>
+ <profile>
+ <id>sonar</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <properties>
+ <!-- Optional URL to server. Default value is http://localhost:9000 -->
+ <sonar.host.url>
+ http://myserver:9000
+ </sonar.host.url>
+ </properties>
+ </profile>
+ </profiles>
+</settings>
+```
+
+## Analyzing
+Analyzing a Maven project consists of running a Maven goal: `sonar:sonar` from the directory that holds the main project `pom.xml`.
+```
+mvn clean verify sonar:sonar
+```
+
+In some situations you may want to run the `sonar:sonar` goal as a dedicated step. Be sure to use `install` as first step for multi-module projects
+```
+mvn clean install
+mvn sonar:sonar
+```
+
+To specify the version of sonar-maven-plugin instead of using the latest:
+```
+mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar
+```
+
+To get coverage information, you'll need to generate the coverage report before the analysis.
+
+
+
+## Configuring Analysis
+Most analysis properties will be read from your project. If you would like override the default values of specify additional parameters, configure the parameter names found on the [Analysis Parameters](/analysis/analysis-parameters/) page in the `<properties>` section of your pom.xml like this:
+```
+<properties>
+ <sonar.buildString> [...] </sonar.buildString>
+</properties>
+ ```
+
+
+## Sample Project
+To help you get started, a simple project sample is available here: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-maven
+
+## Excluding a module from analysis
+* define property `<sonar.skip>true</sonar.skip>` in the `pom.xml` of the module you want to exclude
+* use build profiles to exclude some module (like for integration tests)
+* use Advanced Reactor Options (such as "-pl"). For example `mvn sonar:sonar -pl !module2`
+
+## How to Fix Version of Maven Plugin
+It is recommended to lock down versions of Maven plugins:
+```
+<build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.sonarsource.scanner.maven</groupId>
+ <artifactId>sonar-maven-plugin</artifactId>
+ <version>3.6.0.1398</version>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+</build>
+```
+
+## Troubleshooting
+**If you get a java.lang.OutOfMemoryError**
+Set the `MAVEN_OPTS` environment variable, like this in *nix environments:
+```
+export MAVEN_OPTS="-Xmx512m"
+```
+On Windows environments, avoid the double-quotes, since they get misinterpreted.
+```
+set MAVEN_OPTS=-Xmx512m
+```
--- /dev/null
+---
+title: SonarScanner for MSBuild
+url: /scan/sonarscanner-for-msbuild/
+---
+
+[[info]]
+| **Download SonarQube Scanner for MSBuild 4.6.0.1930** - Compatible with SonarQube 6.7+ (LTS)
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://github.com/SonarSource/sonar-scanner-msbuild/issues) – [Source](https://github.com/SonarSource-VisualStudio/sonar-msbuild-runner)
+|
+| [.NET Framework 4.6+](https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/4.6.0.1930/sonar-scanner-msbuild-4.6.0.1930-net46.zip) |
+| [.NET Core 2.0+](https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/4.6.0.1930/sonar-scanner-msbuild-4.6.0.1930-netcoreapp2.0.zip) |
+| [.NET Core Global Tool](https://www.nuget.org/packages/dotnet-sonarscanner)
+
+
+The SonarScanner for MSBuild is the recommended way to launch an analysis for projects/solutions using MSBuild or dotnet command as a build tool. It is the result of a [collaboration between SonarSource and Microsoft](http://www.sonarqube.org/announcing-sonarqube-integration-with-msbuild-and-team-build/).
+
+SonarScanner for MSBuild is distributed as a standalone command line executable, as a extension for <!-- sonarcloud -->[Azure DevOps](/scan/sonarqube-scanner-for-azure-devops/)<!-- /sonarcloud --><!-- sonarqube -->[Azure DevOps Server](/scan/sonarqube-scanner-for-azure-devops/)<!-- /sonarqube -->, and as a plugin for [Jenkins](/scan/sonarqube-scanner-for-jenkins/).
+
+It supports .Net Core multi-platform projects and it can be used on non-Windows platforms.
+
+## Prerequisites
+* At least the minimal version of Java supported by your SonarQube server
+* The SDK corresponding to your build system:
+ * [.NET Framework v4.6+](https://www.microsoft.com/fr-fr/download/details.aspx?id=53344) - either [Build Tools for Visual Studio 2015 Update 3](https://go.microsoft.com/fwlink/?LinkId=615458) or the [Build Tools for Visual Studio 2017](https://www.visualstudio.com/downloads/)
+ * .NET Core 2.0 - [.NET Core SDK 2.0](https://www.microsoft.com/net/learn/get-started/) (for .NET Core version of the scanner)
+ * .NET Core 2.1 - [NET Core SDK 2.1.3](https://www.microsoft.com/net/learn/get-started/) (for .NET Core version of the scanner or if you plan to use [.NET Core Global Tool](https://www.nuget.org/packages/dotnet-sonarscanner)
+
+
+## Installation
+### SonarScanner for MSBuild for .NET Framework or .NET Core
+* Expand the downloaded file into the directory of your choice. We'll refer to it as `$install_directory` in the next steps.
+ * On Windows, you might need to unblock the ZIP file first (Right click on file > Properties > Unblock).
+ * On Linux/OSX you may need to set execute permissions on the files in `$install_directory/sonar-scanner-(version)/bin`.
+
+* Uncomment, and update the global settings to point to your SonarQube server by editing `$install_directory/SonarQube.Analysis.xml`. Values set in this file will be applied to all analyses of all projects unless overwritten locally.
+Consider setting file system permissions to restrict access to this file.:
+```
+<SonarQubeAnalysisProperties xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
+ <Property Name="sonar.host.url">http://localhost:9000</Property>
+ <Property Name="sonar.login">[my-user-token]</Property>
+</SonarQubeAnalysisProperties>
+
+```
+* Add `$install_directory` to your PATH environment variable.
+
+### Installation of the SonarScanner for MSBuild .NET Core Global Tool
+```
+dotnet tool install --global dotnet-sonarscanner --version 4.3.1
+```
+The _--version_ argument is optional. If it is omitted the latest version will be installed.
+
+### On Linux/OSX, if your SonarQube server is secured:
+
+1. Copy the server's CA certs to `/usr/local/share/ca-certificates`
+1. Run `sudo update-ca-certificates`
+
+## Use
+There are two versions of the SonarScanner for MSBuild.
+
+The first version is based on the “classic” .NET Framework. To use it, execute the following commands from the root folder of your project:
+```
+SonarScanner.MSBuild.exe begin /k:"project-key"
+MSBuild.exe <path to solution.sln> /t:Rebuild
+SonarScanner.MSBuild.exe end
+```
+Note: On Mac OS or Linux, you can also use `mono <path to SonarScanner.MSBuild.exe>`.
+
+The second version is based on .NET Core which has a very similar usage:
+```
+dotnet <path to SonarScanner.MSBuild.dll> begin /k:"project-key"
+dotnet build <path to solution.sln>
+dotnet <path to SonarScanner.MSBuild.dll> end
+```
+The .NET Core version can also be used as a .NET Core Global Tool.
+After installing the Scanner as a global tool as described above it can be invoked as follows:
+```
+dotnet sonarscanner begin /k:"project-key"
+dotnet build <path to solution.sln>
+dotnet sonarscanner end
+```
+
+Notes:
+
+* The .NET Core version of the scanner does not support TFS XAML builds. Apart from that, the two versions of scanner have the same capabilities and command line arguments.
+* Single .NET Core project files (csproj or vbproj) could be built and successfully analyzed only if a `<ProjectGuid>unique guid</ProjectGuid>` element is added in the csproj or vbproj XML. The `<ProjectGuid>` element is not required if you build a solution (sln) containing that project.
+
+## Analysis steps
+### Begin
+The begin step is executed when you add the `begin` command line argument. It hooks into the MSBuild pipeline, downloads SonarQube quality profiles and settings and prepares your project for the analysis.
+
+Command Line Parameters:
+
+Parameter|Description
+---|---
+`/k:<project-key>`|[required] Specifies the key of the analyzed project in SonarQube
+`/n:<project name>`|[optional] Specifies the name of the analyzed project in SonarQube. Adding this argument will overwrite the project name in SonarQube if it already exists.
+`/v:<version>`|[recommended] Specifies the version of your project.
+`/d:sonar.login=<username> or <token>`| [optional] Specifies the username or access token to authenticate with to SonarQube. If this argument is added to the begin step, it must also be added on the end step.
+`/d:sonar.password=<password>`|[optional] Specifies the password for the SonarQube username in the `sonar.login` argument. This argument is not needed if you use authentication token. If this argument is added to the begin step, it must also be added on the end step.
+`/d:sonar.verbose=true`|[optional] Sets the logging verbosity to detailed. Add this argument before sending logs for troubleshooting.
+`/d:<analysis-parameter>=<value>`|[optional] Specifies an additional SonarQube [analysis parameter](/analysis/analysis-parameters/), you can add this argument multiple times.
+
+For detailed information about all available parameters, see [Analysis Parameters](/analysis/analysis-parameters/).
+
+[[warning]]
+|  The "begin" step will modify your build like this:
+| * the active `CodeAnalysisRuleSet` will be updated to match the SonarQube quality profile
+| * `WarningsAsErrors` will be turned off
+|
+| If your build process cannot tolerate these changes we recommend creating a second build job for SonarQube analysis.
+
+### Build
+Between the `begin` and `end` steps, you need to build your project, execute tests and generate code coverage data. This part is specific to your needs and it is not detailed here.
+
+### End
+The end step is executed when you add the "end" command line argument. It cleans the MSBuild hooks, collects the analysis data generated by the build, the test results, the code coverage and then uploads everything to SonarQube.
+
+There are only two additional arguments that are allowed for the end step:
+
+Parameter|Description
+---|---
+`/d:sonar.login=<username> or <token>`|[optional] This argument is required if it is added to the begin step.
+`/d:sonar.password=<password>`|[optional] This argument is required if it is added to the begin step and not required if you are using <token>
+
+### Known Limitations
+* MSBuild versions older than 14 are not supported.
+* Web Application projects are supported. Legacy Web Site projects are not.
+* Projects targeting multiple frameworks and using preprocessor directives could have slightly inaccurate metrics (lines of code, complexity, etc.) because the metrics are calculated only from the first of the built targets.
+
+
+## Excluding projects from analysis
+Some project types, such as [Microsoft Fakes](https://msdn.microsoft.com/en-us/library/hh549175.aspx), are automatically excluded from analysis. To manually exclude a different type of project from the analysis, place the following in its .xxproj file.
+```
+<!-- in .csproj -->
+<PropertyGroup>
+ <!-- Exclude the project from analysis -->
+ <SonarQubeExclude>true</SonarQubeExclude>
+</PropertyGroup>
+```
+
+## Advanced topics
+**Analyzing MSBuild 12 projects with MSBuild 14**
+The Sonar Scanner for MSBuild requires your project to be built with MSBuild 14.0. We recommend installing Visual Studio 2015 update 3 or later on the analysis machine in order to benefit from the integration and features provided with the Visual Studio ecosystem (VSTest, MSTest unit tests, etc.).
+
+Projects targeting older versions of the .NET Framework can be built using MSBuild 14.0 by setting the "TargetFrameworkVersion" MSBuild property as documented by Microsoft:
+
+* [How to: Target a Version of the .NET Framework](https://msdn.microsoft.com/en-us/library/bb398202.aspx)
+* [MSBuild Target Framework and Target Platform](https://msdn.microsoft.com/en-us/library/hh264221.aspx)
+
+If you do not want to switch your production build to MSBuild 14.0, you can set up a separate build dedicated to the SonarQube analysis.
+
+**Detection of Test Projects**
+SonarQube analyzes test projects differently from non-test projects, so it is important to correctly classify test projects.
+
+By default, the SonarQube Scanner for MSBuild will detect as test project:
+
+. MSTest unit test projects, thanks to the presence of a well-known project type GUID in .csproj file of such projects.
+1. Projects with names ending in "Test" or "Tests". This behavior can be changed by providing the parameter `sonar.msbuild.testProjectPattern` to the begin step (regex follows .NET Regular Expression in a case-sensitive way with the default value `.*Tests?\.(cs|vb)proj$`). This regex is applied against the fullname of the `.csproj` or `.vbproj` which is why it's recommended to keep at the end of your custom regex `\.(cs|vb)proj$`.
+To manually classify a project as a test project, mark it with `<SonarQubeTestProject>true</SonarQubeTestProject>`:
+```
+<!-- in .csproj -->
+<PropertyGroup>
+ <!-- Mark the project as being a test project -->
+ <SonarQubeTestProject>true</SonarQubeTestProject>
+</PropertyGroup>
+```
+
+**Per-project analysis parameters**
+Some analysis parameters can be set for a single MSBuild project by adding them to its .csproj file.
+```
+<!-- in .csproj -->
+<ItemGroup>
+ <SonarQubeSetting Include="sonar.stylecop.projectFilePath">
+ <Value>$(MSBuildProjectFullPath)</Value>
+ </SonarQubeSetting>
+</ItemGroup>
+```
+
+**Concurrent Analyses on the Same Build Machine**
+Concurrent analyses (i.e. parallel analysis of two solutions on the same build machine using a unique service account) are not supported by default by the Scanner for MSBuild. You can enable it as follows:
+
+1. Locate the folder containing the Scanner for MSBuild
+1. Go in the `Targets` folder and copy the folder `SonarQube.Integration.ImportBefore.targets`
+1. Paste it under your build tool global `ImportBefore` folder (if the folder doesn't exist, create it).
+ * For MSBuild, the path is `<MSBUILD_INSTALL_DIR>\<Version>\Microsoft.Common.targets\ImportBefore` where <MSBUILD_INSTALL_DIR> is:
+ *For v14, default path is: `C:\Program Files (x86)\MSBuild\14.0\Microsoft.Common.Targets\ImportBefore`
+ * For v15, default path is: `C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Microsoft.Common.targets\ImportBefore` (for VS Community Edition)
+ * For v16, default path is: 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Microsoft.Common.targets` (for VS Community Edition)
+ * For dotnet, the path is `<DOTNET_SDK_INSTALL_DIR>\15.0\Microsoft.Common.targets\ImportBefore` where `<DOTNET_SDK_INSTALL_DIR>` can be found using the `dotnet --info` and looking for the Base Path property.
+
+The performance impact of this global installation for projects that aren't analyzed is negligible as this target is only a bootstrapper and will bail out nearly instantaneously when the `.sonarqube` folder is not found under the folder being built.
+
+**Using SonarScanner for MSBuild with a Proxy**
+On build machines that connect to the Internet through a proxy server you might experience difficulties connecting to {instance}. To instruct the Java VM to use the system proxy settings, you need to set the following environment variable before running the SonarScanner for MSBuild:
+```
+SONAR_SCANNER_OPTS = "-Djava.net.useSystemProxies=true"
+```
+To instruct the Java VM to use specific proxy settings or when there is no system-wide configuration use the following value:
+```
+SONAR_SCANNER_OPTS = "-Dhttp.proxyHost=yourProxyHost -Dhttp.proxyPort=yourProxyPort"
+```
+Where yourProxyHost and yourProxyPort are the hostname and the port of your proxy server. There are additional proxy settings for https, authentication and exclusions that could be passed to the Java VM, for full reference visit the following article: https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
+
--- /dev/null
+---
+title: SonarScanner
+url: /scan/sonarscanner/
+---
+
+[[info]]
+| **Download SonarScanner 3.3** - Compatible with SonarQube 6.7+ (LTS)
+| By [SonarSource](https://www.sonarsource.com/) – GNU LGPL 3 – [Issue Tracker](https://jira.sonarsource.com/browse/SQSCANNER) – [Source](https://github.com/Sonarsource/sonar-scanner-cli)
+|
+| [Linux 64-bit](https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-linux.zip) |
+| [Windowx 64-bit](https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-windows.zip) |
+| [Mac OS X 64-bit](https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-macosx.zip) |
+| [Any*](https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492.zip)
+| *Requires a pre-installed JVM - with the same requirements as the SonarQube server.
+
+The SonarScanner is the scanner to use when there is no specific scanner for your build system.
+
+## Installation
+* Expand the downloaded file into the directory of your choice. We'll refer to it as `$install_directory` in the next steps.
+* Update the global settings to point to your SonarQube server by editing `$install_directory/conf/sonar-scanner.properties`:
+```
+#----- Default SonarQube server
+#sonar.host.url=http://localhost:9000
+```
+* Add the `$install_directory/bin` directory to your path.
+* Verify your installation by opening a new shell and executing the command `sonar-scanner -h` (`sonar-scanner.bat -h` on Windows). You should get output like this:
+```
+usage: sonar-scanner [options]
+
+Options:
+ -D,--define <arg> Define property
+ -h,--help Display help information
+ -v,--version Display version information
+ -X,--debug Produce execution debug output
+```
+
+If you need more debug information you can add one of the following to your command line: `-X`, `--verbose`, or `-Dsonar.verbose=true`.
+
+## Use
+Create a configuration file in the root directory of the project: `sonar-project.properties`
+```
+sonar-project.properties
+# must be unique in a given SonarQube instance
+sonar.projectKey=my:project
+
+# --- optional properties ---
+
+# defaults to project key
+#sonar.projectName=My project
+# defaults to 'not provided'
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Defaults to .
+#sonar.sources=.
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8
+```
+Run the following command from the project base directory to launch the analysis:
+`sonar-scanner`
+
+## Sample Projects
+To help you get started, simple project samples are available for most languages on github. They can be [browsed](https://github.com/SonarSource/sonar-scanning-examples) or [downloaded](https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip). You'll find them filed under sonarqube-scanner/src.
+
+
+## Alternatives to sonar-project.properties
+If a sonar-project.properties file cannot be created in the root directory of the project, there are several alternatives:
+
+* The properties can be specified directly through the command line. Ex:
+```
+sonar-scanner -Dsonar.projectKey=myproject -Dsonar.sources=src1
+```
+* The property project.settings can be used to specify the path to the project configuration file (this option is incompatible with the `sonar.projectBaseDir` property). Ex:
+```
+sonar-scanner -Dproject.settings=../myproject.properties
+```
+* The root folder of the project to analyze can be set through the `sonar.projectBaseDir` property since SonarScanner 2.4. This folder must contain a `sonar-project.properties` file if `sonar.projectKey` is not specified on the command line.
+Additional analysis parameters can be defined in this project configuration file or through command-line parameters.
+
+## Alternate Analysis Directory
+If the files to be analyzed are not in the directory where the analysis starts from, use the `sonar.projectBaseDir` property to move analysis to a different directory. E.G. analysis begins from `jenkins/jobs/myjob/workspace` but the files to be analyzed are in `ftpdrop/cobol/project1`.
+```
+sonar-project.properties
+sonar.projectBaseDir=/home/ftpdrop/cobol/project1
+sonar.sources=src
+sonar.cobol.copy.directories=/copy
+For more, see the listing of analysis parameters.
+```
+
+
+## Troubleshooting
+**Java heap space error or java.lang.OutOfMemoryError**
+Increase the memory via the `SONAR_SCANNER_OPTS` environment variable:
+```
+export SONAR_SCANNER_OPTS="-Xmx512m"
+```
+On Windows environments, avoid the double-quotes, since they get misinterpreted and combine the two parameters into a single one.
+```
+set SONAR_SCANNER_OPTS=-Xmx512m
+```
+
+**Unsupported major.minor version**
+Upgrade the version of Java being used for analysis or use one of the native package (that embed its own Java runtime).
+
+**Property missing: `sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.**
+Scanner CLI is not able to analyze .NET projects. Please, use Scanner for MSBuild. If you are running Scanner for MSBuild, ensure that you are not hitting a known limitation.
+
"title": "Analyzing Source Code",
"children": [
"/analysis/overview/",
+ {
+ "title": "Scanners",
+ "children": [
+ "/scan/sonarscanner-for-msbuild/",
+ "/scan/sonarscanner-for-gradle/",
+ "/scan/sonarscanner-for-maven/",
+ "/scan/sonarscanner/",
+ "/scan/sonarscanner-for-ant/",
+ "/scan/sonarscanner-for-jenkins/",
+ "/scan/sonarscanner-for-azure-devops/"
+ ]
+ },
"/analysis/analysis-parameters/",
"/analysis/coverage/",
"/analysis/external-issues/",
"title": "Analyzing Source Code",
"children": [
"/analysis/overview/",
+ {
+ "title": "Scanners",
+ "children": [
+ "/scan/sonarscanner-for-msbuild/",
+ "/scan/sonarscanner-for-gradle/",
+ "/scan/sonarscanner-for-maven/",
+ "/scan/sonarscanner/",
+ "/scan/sonarscanner-for-ant/",
+ "/scan/sonarscanner-for-jenkins/",
+ "/scan/sonarscanner-for-azure-devops/"
+ ]
+ },
"/analysis/analysis-parameters/",
"/analysis/coverage/",
"/analysis/external-issues/",
projects / sonarqube.git / commitdiff