If you are using Sonar Cloud for your automated CI quality gate within Azure DevOps, you might find that creating a new Sonar Project from within Sonar doesn’t work as Sonar does not have the permission to read/write your code in order to find the Azure DevOps project, and pushes the following toast notification:

I’ve looked around in Sonar for where I might be able to provide a PAT from Azure DevOps that grants this right but to no avail. I’m not the owner of the Organization in Sonar, however, so it may be that I do not have the permission to view/ edit this section.

In the meantime, even if I have CI pipelines that utilise Sonar, I will still get an analysis result I can use, but no Sonar project.

To remedy this, I can instead run a local sonar scan on my code and publish this to Sonar and consequently creating a new Sonar project in the process.

To do this, you need the following dotnet tools:

dotnet tool install --global dotnet-sonarscanner
dotnet tool install --global dotnet-reportgenerator-globaltool

The first installs the dotnet sonar scanner tool to perform the scan and the second allows for a unit test coverage report to be generated that can be used by the sonar scanner as part of the analysis.

You will also need to reference the coverlet.msbuild package from nuget that will generate the reports.

You also need to have JDK installed and be aware of what version as well as a PAT generated from Sonar to be used as the login.

Then, from the root directory of your dotnet solution, the following bash script will set up your variables, build the solution, run dotnet test with coverage and all within the scope of a sonar scan before publishing to Sonar Cloud:

echo Initialising Sonar Scan....
export SOLUTION=<Your Solution Name>
export TEST_RESULTS_PATH=<e.g. ./Tests/TestResults/Coverage>
export SONAR_ORGANIZATION=<Your Organization Name in Sonar>
export SONAR_LOGIN=<PAT generated from Sonar>
export JAVA_HOME="C:\Program Files\Java\jdk-<Your Jdk Version>"
echo Java home has been set to $JAVA_HOME

# begin sonar analsysis
echo Begin sonar analsysis....
$HOME/.dotnet/tools/dotnet-sonarscanner begin -k:"$SONAR_PROJECT_KEY" -d:sonar.host.url="https://sonarcloud.io" -d:sonar.login="$SONAR_LOGIN" -d:sonar.cs.opencover.reportsPaths="$TEST_RESULTS_PATH/coverage.opencover.xml" -o:"$SONAR_ORGANIZATION"

# rebuild
echo Rebuilding Release config
dotnet build $SOLUTION --no-incremental --configuration Release

# run tests with coverage
echo Running tests with coverage
dotnet test --no-build --configuration Release -p:CollectCoverage=true -p:CoverletOutputFormat=cobertura%2copencover -p:CoverletOutput=$TEST_RESULTS_PATH/ $SOLUTION

# complete sonar analysis
echo Completing sonar analysis
$HOME/.dotnet/tools/dotnet-sonarscanner end -d:sonar.login="$SONAR_LOGIN"

echo Scan Complete

You’ll need to think about your set up of folders to write test coverage result and reports to, but the setup of variables should help you diagnose any errors. If you are struggling to get the test reports to work, then it’s worth breaking out the dotnet test command separately and working with that until you’ve worked it through.


Certified Azure Developer, .Net Core/ 5, Angular, Azure DevOps & Docker. Based in Shropshire, England, UK.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: