SonarQube Scanner .Net core with GitLab Container Runners

[mitchel...@live.com]

Hello, 

We are using GitLab runners that start containers to build each of our projects. Our NodeJS and Java projects run great because we have stage/job that runs the sonar-scanner (container with it installer). The issue I am facing is dotnet core. We want to be able to just run a job/stage just like java and nodejs that scans and publishes to sonar server out C# and JS code. So far I have only seen that we have to run a start, build, and then end steps and also use mono (which is weird since .net core is cross platform) to scan cs files. So this means I have to create a container with sonar scanner and mono and also pack it all in one build. This seems like a lot of extra steps We are also only building our test projects in the dotnet containers where docker is building the main project in a mult-stage conniver which makes it difficult to scan from a dockerfile build where we want to scan the source files outside. Is there something I am missing or is cs files that difficult to scan compared to others?

[mitchel...@live.com]

After doing some more searching I ended up on the sonarqube scanner download location and found .Net Core runners. https://sonarsource.bintray.com/Distribution/sonar-scanner-msbuild/sonar-scanner-msbuild-4.2.0.1214-netcoreapp2.0.zip

I was excited because I thought this meant no more need for mono or java to run the scanner. I was mistaken though because it seems it is still required to have the jre to push the results to sonar qube server. 

With all the time writing the .net core wrapper it would have been better to just port the client into .net to remove the extra dependency of the java sonar-scanner.

[valeri....@sonarsource.com]

Hi,

Indeed, in order to analyze C# code you need to have installed the JRE. It would be difficult to drop that dependency because in its end step Scanner for MSBuild executes Scanner CLI to analyze non-.NET languages and publish results to SonarQube. We could write the publishing code in C#, but If you have an application that also contains JavaScript or TypeScript code, which is very typical for ASP.NET, you will still need to run Scanner CLI and install JRE. So far we think it is not a big trouble to install JRE even if it does not feel pure in a .NET-only environment.

Kind regards,

Valeri