Technical Debt Management: Announcing SonarQube integration with MSBuild and Team Build
[23 Sept 2015: See also the SonarQube Integration plans which provides the roadmap for the next months]
[31 August 2015: See also Build Tasks for SonarQube Analysis which provides a summary of the different ways of integrating SonarQube with MSBuild, TFS and Visual Studio Online]
[27 May 2015: Updated link to one of the downloads. Added information about stack overflow community for asking questions.]
[21 July 2015: Updated links due to rebranding by SonarSource.]
Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, difficult to validate, and creates unplanned work that blocks progress. Technical debt is insidious. It starts small and grows over time through rushed changes, lack of context and lack of discipline. Organizations often find that more than 50% of their capacity is sapped by technical debt.
SonarQube is an open source platform that is the de facto solution for understanding and managing technical debt.
Customers have been telling us and SonarSource, the company behind SonarQube, that the SonarQube analysis of .Net apps and integration with Microsoft build technologies needs to be considerably improved.
Over the past few months we have been collaborating with our friends from SonarSource and are pleased to make available a set of integration components that allow you to configure a Team Foundation Server (TFS) Build to connect to a SonarQube server and send the following data, which is gathered during a build under the governance of quality profiles and gates defined on the SonarQube server.
- code clone analysis
- code coverage data from tests
We have initially targeted TFS 2013 and above, so customers can try out these bits immediately with code and build definitions that they already have. We have tried using the above bits with builds in Visual Studio Online (VSO), using an on-premises build agent, but we have uncovered a bug around the discovery of code coverage data which we are working on resolving. When this is fixed we’ll send out an update on this blog. We are also working on integration with the next generation of build in VSO and TFS.
In addition, SonarSource have produced a set of .Net rules, branded SonarLint, written using the new Roslyn-based code analysis framework, and published them in two forms: a nuget package and a VSIX. With this set of rules, the analysis that is done as part of build can also be done live inside Visual Studio 2015, exploiting the new Visual Studio 2015 code analysis experience
The source code for the above has been made available at https://github.com/microsoft/, specifically:
We are also grateful to our ever-supportive ALM Rangers who have, in parallel, written a SonarQube Installation Guide, which explains how to set up a production ready SonarQube installation to be used in conjunction with Team Foundation Server 2013 to analyse .Net apps. This includes reference to the new integration components mentioned above.
This is only the start of our collaboration. We have lots of exciting ideas on our backlog, so watch this space.
As always, we’d appreciate your feedback on how you find the experience and ideas about how it could be improved to help you and your teams deliver higher quality and easier to maintain software more efficiently.
If you have any technical issues then please make your way over to http://stackoverflow.com, tagging your questions with sonarqube, and optionally tfs, c#, .net etc. For the current list of sonarqube questions see http://stackoverflow.com/questions/tagged/sonarqube.