TSP Logo TSP Wiki
Docs
TSP Wiki

    SonarQube and code coverage

    Getting Started

    SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells.

    Commands

    Let’s take a quick look at the commands we’ll run to trigger the code analysis and get code coverage report.

    Use CMD instead of bash to run the commands or see https://github.com/SonarSource/sonar-scanner-msbuild/issues/548#issuecomment-417004068

    // let's initiate the SQ analysis
// ask your project lead/PM/BA to get the project-key and token
// with sonar.coverage.exclusions we exclude generic front-end related files from code-coverage
dotnet sonarscanner begin /k:<project-key> /d:sonar.host.url="http://sq.tsp.dev" /d:sonar.login="<token>" /d:sonar.coverageReportPaths="./coveragereport/SonarQube.xml" /d:"sonar.coverage.exclusions=**/*.js,**/*.ts,**/*.svelte,**/*.cshtml,**/*.cjs,**/wwwroot/**/*,**/node_modules/**/*"

// let's delete the coveragereport directory to remove codecoverage report generated in previous analysis
rmdir /s /q coveragereport

// SQ needs to analyze the compiled binaries and other generated files as part of the analysis
dotnet build

// run tests and gather code coverage information
// check coveragereport directory
dotnet test ./ --collect:"XPlat Code Coverage" --results-directory:coveragereport --no-build

// let's transform the previously collected information into something SQ understands
reportgenerator -reports:".**\coverage.*.xml" -targetdir:"coveragereport" -reporttypes:SonarQube

// let's end the analysis; in a couple of minutes, you should see the latest result in SQ web UI
dotnet sonarscanner end /d:sonar.login="<token>"

    Installation

    Install dotnet-sonarscanner and reportgenerator by running the following commands

    dotnet tool install --global dotnet-sonarscanner

dotnet tool install --global dotnet-reportgenerator-globaltool

    Ensure that you have Java JDK installed in your system. If it is not, you may download it here

    https://www.oracle.com/java/technologies/downloads/

    Getting Token

    Go to My account page on Sonarqube and generate a token. Save it somewhere safe i.e. BitWarden

    Running a scan

    Go to the directory that contains the .sln file and run the following commands. Replace {projectName} with the name of your project in SonarQube. Replace {token} with the token generated from the previous steps.

    Command to start scan (use cmd instead of git bash on windows):

     dotnet sonarscanner begin /k:"{projectName}" /d:"sonar.host.url=http://sq.tsp.dev" /d:"sonar.login={token}"

    Commands to build the solution :

    dotnet build

    Commands to finish the scan" :

    dotnet sonarscanner end /d:"sonar.login={token}"

    Excluding a project

    Add the following in the .csproj

    <PropertyGroup>
  <SonarQubeExclude>true</SonarQubeExclude>
</PropertyGroup>

    Including Code Coverage

    update the dotnet sonarscanner begin command to include the codecoverage report

    dotnet sonarscanner begin /k:"{projectName}" /d:"sonar.host.url=http://sq.tsp.dev" /d:"sonar.login={token}" /d:sonar.coverageReportPaths="./coveragereport/SonarQube.xml"

    you may wonder what/where is the SonarQube.xml; we’ll generate that file using the below commands

    Run the tests

    dotnet test ./ --collect:"XPlat Code Coverage" --results-directory:coveragereport

    Note: if your project is using a different coverage tool, the command will be different

    Export the report, choose the report type as SonarQube

    reportgenerator -reports:".**\coverage.*.xml" -targetdir:"coveragereport" -reporttypes:SonarQube"

    Exclude the files for SonarQube code coverage, add the following in .csproj

      <ItemGroup>
    <SonarQubeSetting Include="sonar.coverage.exclusions">
      <Value>{files you want to exclude}</Value>
    </SonarQubeSetting>
  </ItemGroup>

    Things inside <Value> </Value> is the files/folders you want to exclude from coverage. Split files by “,”. Matching rule is:

    • *- Match zero or more characters

    • ** - Match zero or more directories

    • ? - Match a single character

      can refer to this link for more information about matching

    Excluding folders/files from test coverage; alternative approach

    We can also specify our exclusions directly on the command

     dotnet sonarscanner begin /k:"{projectName}" /d:"sonar.host.url=http://sq.tsp.dev" /d:"sonar.login={token}" /d:sonar.coverageReportPaths="./coveragereport/SonarQube.xml" /d:"sonar.exclusions=**/*.js,**/*.ts,**/*.svelte,**/*.cshtml,**/*.cjs,**/wwwroot/**/*,**/node_modules/**/*"

    Excluding files/folders for SonarScan

    Add the following in csproj, the following shows exclude scan for all files in folder Migrations

      <ItemGroup>
    <SonarQubeSetting Include="sonar.exclusions">
      <Value>Migrations/*.*</Value>
    </SonarQubeSetting>
  </ItemGroup>

    To exclude all the files in a project, you can do the following:

      <ItemGroup>
    <SonarQubeSetting Include="sonar.exclusions">
      <Value>**,*.*</Value>
    </SonarQubeSetting>
  </ItemGroup>
    • ** means all the folders under project, and . means all the files under the project.
    • Things inside <Value> </Value> is the files you want to exclude from coverage. Split files by “,”
    Edit this page on Gitlab