This is a Vagrant Environment for a SonarQube based Source Code Analysis service.

This will:

• Install a SonarQube instance and configure it through its Web API.
  • With LDAP integration (this assumes that rgl/windows-domain-controller-vagrant is up and running).
    • Login as john.doe (belongs to the sonar-administrators group).
    • Login as jane.doe (does not belong to the sonar-administrators group).
• Install Visual Studio Build Tools 2019.
• Install the SonarScanner for MSBuild.
• Analyse a C# project (MailBounceDetector); including its XUnit Unit Tests and an OpenCover Code Coverage report.

Usage

Build and install the Windows 2019 Base Box.

Install the needed plugins:

vagrant plugin install vagrant-reload # https://github.com/aidanns/vagrant-reload

Then start this environment:

vagrant up

Excluding Projects from SonarQube Analysis

sonar.exclusions (and other paths) are relative to the project directory, as such, they can only exclude files inside a project. to exclude the project itself you have to use one of the following (before calling SonarScanner.MSBuild begin):

1. Modify each .csproj file to have the following element:

   <PropertyGroup>
     <SonarQubeExclude>true</SonarQubeExclude>
   </PropertyGroup>

2. Create a <Project>.csproj.user file (on the same directory as <Project>.csproj) with:

   <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
     <PropertyGroup>
       <SonarQubeExclude>true</SonarQubeExclude>
     </PropertyGroup>
   </Project>

3. Implement some global logic by placing a MSBuild snippet (e.g. a .targets file) inside the current user or the local machine MSBuild directories, that is, at one of:

   C:\Users\<User>\AppData\Local\Microsoft\MSBuild\15.0\Microsoft.Common.targets\ImportBefore
   C:\Program Files (x86)\MSBuild\15.0\Microsoft.Common.Targets\ImportBefore
   

   NB these directories are scanned before the <Project>.csproj.user file.

   NB before importing the files MSBuild sorts them by file name; e.g. to import a file last give it a, e.g. ZZZ prefix.

For more information see:

• SonarQube jira issue (closed as won't fix): Add the ability to filter the projects to be analyzed by path
• SonarQube for Visual Studio Plugin: Appendix 3: Advanced SonarQube Scanner for MSBuild configuration
• SonarQube: Excluding Artifacts from the Analysis
• SonarQube: Narrowing the Focus
• SonarQube: Analyzing with SonarQube Scanner for MSBuild
• MSBuild Documentation