Installing the SonarScanner for .NET

The flavor used to compile the Scanner for .NET (either .NET, .NET Core or .NET Framework) is independent of the .NET version the project you want to analyze has been built with. Concretely, you can analyze .NET Core code with the .NET Framework version of the Scanner. 

Knowing which installation procedure is relevant depends on your OS, and on the versions of .NET SDKs that are installed on your build machine. See below for some general prerequisites, then select the appropriate installation method depending on your SDK.

Prerequisites

• SonarQube 10.4 requires the SonarScanner for .NET 5.14+.
• From version 7.0, Java is no longer required because the scanner will download it automatically.
  • If internet access is limited in your configuration, skip the JRE provisioning and use the Java version installed locally.
  • If you are running a previous version of the scanner you will need at least the minimal version of Java supported by your SonarQube server.
• The SDK corresponding to your build system:
  • If you are using the .NET Framework version of the scanner you will need .NET Framework v4.6.2 or above. For commercial versions of SonarQube to benefit from security analysis you will need .NET Framework v4.7.2 or above
  • If you are using the .NET version of the scanner or the .NET Core Global Tool you will need .NET Core SDK 3.1 or above
• The minimum supported version for SonarQube is now 8.9.
  • The scanner will fail to start if an older version of SonarQube is detected.

Installation

.NET Core global tool

Using the dotnet install tool from the command line is the simplest way to install the scanner if you are using .NET Core or later on an already installed instance of SonarQube. The .NET Core Global Tool is available from .NET Core 3.1+.

dotnet tool install --global dotnet-sonarscanner --version x.x.x

The --version argument is optional; if omitted, the latest version will be installed. The full list of release versions is available on the NuGet page.

Standalone executable

• Expand the downloaded file into the directory of your choice. We'll refer to it as <INSTALL_DIRECTORY> in the next steps.
  • On Windows, you might need to unblock the ZIP file first (right-click file > Properties > Unblock).
  • On Linux/OSX you may need to set execute permissions on the files in <INSTALL_DIRECTORY>/sonar-scanner-(version)/bin.
• Uncomment, and update the global settings to point to your SonarQube server by editing <INSTALL_DIRECTORY>/SonarQube.Analysis.xml. Values set in this file will be applied to all analyses of all projects unless overwritten locally.
  Consider setting file system permissions to restrict access to this file.

<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
  <Property Name="sonar.host.url">http://localhost:9000</Property>
  <Property Name="sonar.token">[my-user-token]</Property>
</SonarQubeAnalysisProperties>

• Add <INSTALL_DIRECTORY> to your PATH environment variable.

If your SonarQube server is secured

If your SonarQube server is configured with HTTPS and a self-signed certificate then you must add the self-signed certificate to the trusted CA certificates of the SonarScanner. In addition, if mutual TLS is used then you must define the access to the client certificate at the SonarScanner level.

See Managing the TLS certificates on the client side.

Related pages

Introduction to the SonarScanner for .NET

Using the SonarScanner for .NET

Configuring the SonarScanner for .NET