Run SonarQube on Linux Docker with Mono to scan .NET 4.8 Code
Overview
Requirement
We know how to run SonarQube to scan .NET 4 code in GitLab + SonarQube + .NET 4.8 (non-docker), but it needs a Windows environment and does not support Linux.
Therefore, we want to find a solution to run SonarQube on Linux in docker if possible. In this artiflce, we try to use Mono framework (a cross platform .NET 4.7 framework) to run SonarQube on Linux to scan .NET 4 code.
Procedures
-
Download the docker image from official hub: https://hub.docker.com/_/mono, you can choose your preferred version.
1$ docker pull mono:6.12.0.182 -
Use this command to enter the bash of the docker.
1$ docker run -v /home/xxx:/tmp/host -it mono bash -
Install the environment; you need Java (to run SonarQube), wget (to download SonarQube) and unzip (to extract zip files)
1$ apt-get update && apt-get install -y openjdk-11-jdk wget unzip 2$ mkdir scanner 3$ cd scanner -
Install Sonar Scanner for .NET
1$ wget https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/5.15.0.80890/sonar-scanner-msbuild-5.15.0.80890-net46.zip 2$ unzip sonar-scanner-msbuild-5.15.0.80890-net46.zip -
Make Sonar Scanner executable (ref: https://stackoverflow.com/a/48657295/489517).
1$ chmod +x sonar-scanner-4.8.1.3023/bin/sonar-scanner -
Execute Sonar Scanner to scan code.
1$ mono /scanner/SonarScanner.MSBuild.exe begin /k:xxx /name:xxx \ 2 /d:sonar.token="squ_*****************************" 3 /d:sonar.host.url="http://localhost:9000/" 4$ msbuild project1.sln 5$ mono /scanner/SonarScanner.MSBuild.exe end /d:sonar.token="squ_*****************************""Then you can see the log on the console like:
1Microsoft (R) Build Engine version 16.10.1 for Mono 2Copyright (C) Microsoft Corporation. All rights reserved. 3 4Building the projects in this solution one at a time. To enable parallel build, please add the "-m" switch. 5Build started 12/04/2023 03:41:58. 6Project "/tmp/p1/project1.sln" on node 1 (default targets). 7... -
Connect to http://localhost:9000/ and you should see your project.
Known issues
-
Becasuse I use Mono to build code, this solution cannot support a feature is not provided by Mono (e.g. WPF)
You can reference https://www.mono-project.com/docs/about-mono/compatibility/
-
I use Java 11 to do it, but Java 11 support will be dropped by SonarQube in Jan 2024. (https://community.sonarsource.com/t/96597)
-
The path of .resx should be lower case.
Because MSBuild assumes the file paths are case-insensitive, but the file paths are NOT case-insensitive on Linux. If you use uppercase characters in your .resx file paths, MSBuild cannot find it on Linux.
Reference:
- https://stackoverflow.com/a/60973376/489517
- https://developercommunity.visualstudio.com/t/managed-resources-editor-writes-relative-file-path/856303#T-N863464
And it's fixed in VS 2022 17.6 in 2023. But because MSBuild of Mono 6.12 is still 16.10, you need to wait Mono team to ugprade it.
-
[ERROR] FATAL UNHANDLED EXCEPTION: System.ComponentModel.Win32Exception (0x80004005): ... Native error= Access denied
Please check the article above, you need to run
chmod +x sonar-scanner-4.8.1.3023/bin/sonar-scanner -
Error MSB3103: Invalid Resx file. AND data length expected 512, read 0
I'm not sure about the reason, I find a similar case but no solutino. It's for some .ico files, I changed these ico files to other images and it works. https://github.com/dotnet/msbuild/issues/2838
Posts in this Series
- Run SonarQube on Linux Docker with Mono to scan .NET 4.8 Code
- GitLab SonarQube Integration with .NET
- Use Grafana to Manage SonarQube KPI
- Use Grafana to Manage GitLab CI/CD Pipelines
- Use GitLab to do .NET 4.8 CI/CD
- GitLab Checkmarx CI/CD Integration
- GitLab Checkmarx SonarQube Integration