Sonarqube provides static code analysis, testing and continuous inspection. Also see Quality Assurance Tools
You can also have these validations as part of your IDE – https://www.sonarlint.org/visualstudio/
Docker
To spin up a docker container you can use the public sonarqube image and embedded H2 database (not suited for production) however fine for stand alone small projects.
- Spin up a container, there is a shell script here
- Default login is admin/admin
- Create a key and project
- Example key – 93292c24ba95f6dc5a9275ec169dd654a3382a2d
- Example project – PatternsAndPrinciples
- Download .Net Core SDK (if your target project is .Net Core)
- dotnet-sdk-2.1.302-win-x64.exe
- If you are targeting classic .net as long as you have msbuild you are fine
- Download Java Runtime
- Download sonar-scanner-msbuild
- sonar-scanner-msbuild-4.3.1.1372-netcoreapp2.0.zip
- extract to C:\sonarscanner-msbuild-netcoreapp2\
- Add the path to your Environmental Variables – Path
- Ensure you add with the ending \
Run For .Net Core
Once you have the container up and the above installed, navigate via command prompt to the path your solution is on your local disk, example:
- C:\Dev-Code-School\Boilerplate\Class Library\PatternsAndPrinciples
Then run the following substituting your container hosts IP and your key
1 | dotnet sonarscanner begin /k:"PatternsAndPrinciples" /d:sonar.host.url="http://172.29.5.203:9000" /d:sonar.login="93292c24ba95f6dc5a9275ec169dd654a3382a2d" |
Then build
1 | dotnet build |
Then end, once done navigate to the sonarcube containers UI and fix what it moans about :D
- Example: http://172.29.5.203:9000
1 | dotnet sonarscanner end /d:sonar.login="93292c24ba95f6dc5a9275ec169dd654a3382a2d" |
Exclusions
If you need to exclude a class from quality checks while you are dev/testing just add [ExcludeFromCodeCoverage]