Mapping My .NET Code Quality Pipeline with SonarQube

In this throwback Tuesday post is a draft post from 2013 that I updated the post to use the latest SonarQube. I got the new server running, but SonarQube is not currently a part of our production pipelines. Actually, I think it is a lot easier to run the Docker image for this (docker pull sonarqube:latest). Although, doing it the hard way was a fun trip down memory lane.

Lately, I’ve been sharing updates about my Code Quality Pipeline. Today, I’m thrilled to report that the core pipeline is nearly operational. What’s even more exciting is that I’ve integrated SonarQube, a powerful tool to monitor and analyze code quality. For those unfamiliar, here’s how SonarQube defines itself:

SonarQube® is an open-source quality management platform. It is designed to continuously analyze and measure technical quality. This analysis ranges from project portfolios to individual methods. It supports multiple programming languages via plugins, including robust support for Java and .NET.

In this post, I’ll guide you on setting up SonarQube to monitor your Code Quality Pipeline. We will leverage its capabilities for a .NET-focused development environment.

---

Setting Up SonarQube for .NET: Step-by-Step

To get started, I grabbed the latest versions of the required tools:

• SonarQube: The core application.
• Sonar Scanner for .NET: A tool that executes the code analysis.
• C# Plugins: Plugins for monitoring the quality of .NET and C# projects.

The SonarQube Docs was a helpful reference. It has been updated here. I’ll share the specific steps I followed to install and configure SonarQube on a Windows 11 environment.

---

1. Database Configuration

SonarQube requires a database for storing analysis results and configuration data. Here’s how I set it up on PostgreSQL (reference):

1. Create an empty database:
   • Must be configured to use UTF-8 charset.
   • If you want to use a custom schema and not the default “public” one, the PostgreSQL search_path property must be set:
     ALTER USER mySonarUser SET search_path to mySonarQubeSchema
2. Create a dedicated SonarQube user:
   • Assign CREATE, UPDATE, and DELETE permissions.
3. Update the sonar.properties file with the database connection after unziping the SonarQube package (see below): sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar;SelectMethod=Cursor sonar.jdbc.username=your-sonarqube-user sonar.jdbc.password=your-password

---

2. Installing the SonarQube Web Server

The SonarQube server handles analysis and provides a web interface for viewing results.

1. Unzip the SonarQube package.
2. Open the conf\sonar.properties file and configure:
   • Database connection details (see above).
   • Web server properties: sonar.web.host=0.0.0.0 sonar.web.port=9000 sonar.web.context=/sonarqube
3. Ensure Java JDK 17 is installed. Any higher and I had issues with SecurityManager.
4. Start the server by running the batch file: \bin\windows-x86-{your-system}\StartSonar.bat
5. Verify the server is running by visiting http://localhost:9000 in your browser. The default credentials are: Username: admin Password: admin

---

3. Adding Plugins for .NET Support

SonarQube’s plugins for .NET projects enhance its ability to analyze C# code quality.

• Navigate to the Marketplace within the SonarQube web interface.
• Install the ecoCode – C# language plugin and any additional tools needed for your pipeline.

---

4. Integrating Sonar Scanner

Sonar Scanner executes code analysis and sends results to the SonarQube server.

1. Download and extract Sonar Scanner.
2. Add its bin directory to your system’s PATH.
3. Configure the scanner by editing sonar-scanner.properties: sonar.host.url=http://localhost:9000 sonar.projectKey=my_project sonar.projectName=My Project sonar.projectVersion=1.0
4. Run the scanner from the root of your project: sonar-scanner

---

Monitoring Key Metrics

One of my goals with SonarQube is to track critical operational metrics like:

• Code Quality: Bugs, vulnerabilities, code smells.
• Performance: Memory and CPU usage, database load, cache requests.
• Application Metrics: Web server requests, bandwidth usage, key transactions (e.g., logins, payments, background jobs).

To achieve this, I’ll leverage SonarQube’s dashboards and custom reports. These tools make it easy to visualize and monitor these KPIs in real-time.

---

The Impact: A Quality-First Development Workflow

With SonarQube integrated, my Code Quality Pipeline is equipped to ensure:

• Continuous Code Quality: Early detection of bugs and vulnerabilities.
• Performance Optimization: Proactive monitoring of resource utilization.
• Improved Collaboration: Shared insights into code quality for the entire team.

---

Ready to Level Up Your Code Quality?

SonarQube makes it simple to raise the bar on your development processes. Whether you’re optimizing legacy code or building new features, this tool provides the insights you need to succeed.

Start your journey today: Download SonarQube.

Have questions or need guidance? Let me know in the comments—I’d love to hear how you’re leveraging SonarQube in your own pipelines!