9.2.0

Warning

This release has been deprecated.

A security vulnerability was discovered in this release, leading to its deprecation. Please upgrade to a newer version.

Version 9.2 introduces support for self-signed server certificates files. You can now instruct the scanner to trust custom root certificates or self-signed server certificates when contacting your SonarQube Server. You can set the sonar.scanner.truststorePath and sonar.scanner.truststorePassword properties in the begin step like so:

dotnet-sonarscanner begin /key:your-project-key /d:sonar.host.url="https://localhost" /d:sonar.scanner.truststorePath="Self-Signed.pfx" /d:sonar.scanner.truststorePassword=changeit

This feature implements the following tickets:

• SCAN4NET-206 - Read sonar.scanner.truststorePath and sonar.scanner.truststorePassword in the begin step

• SCAN4NET-207 - Map sonar.scanner.truststorePath & sonar.scanner.truststorePassword

• SCAN4NET-209 - Implement ServerCertificateCustomValidationCallback to validate certificate against the given sonar.scanner.truststorePath

9.1.0

9.1.0

New Feature
SCAN4NET-171 Read new properties for downloading plugins

Improvement
SCAN4NET-221 Use constants for RoslynRuleSetGenerator legacy attributes

9.0.2

Hotfix release to address two problems raised in community:

• Fixed a bug where setting sonar.projectBaseDir on Azure DevOps extension’s extraProperties was not respected.
• Fixed a bug where the scanner failed during file indexing when a directory could not be accessed.

9.0.1

Hotfix release to address wrong sonar.projectBaseDir path detection when running on AzureDevOps on Unix-based systems.

9.0.0

The following properties are not taken into account when specified in the begin step:

• sonar.sources
• sonar.tests

The reason for this is that the scanner automatically populates them, and user-defined values result in an execution error.

Also, when source generated projects don't have valid GUIDs, the severity of the logging message has been reduced from WARN to INFO

8.0.3

We fixed some bugs and removed XML from the analysis:

• Multi-Language analysis: exclude XML files from the analysis.
• Bug-fix: do not crash on malformed paths.
• Bug-fix: make sure server-side exclusions are not overridden

9.0.0-rc

Disabled support for sonar.sources and sonar.tests.
These properties are automatically populated by the Scanner, and they do not function properly if they are also set by user input.
This became more apparent with the introduction of multi-language analysis.

8.0.2

Hotfix release that addresses some of the issues found in community:

• Re-enable sonar.exclusions
• Automatically exclude coverage files
• Skip projects that are transiently created and destroyed during the build.

8.0.1

Bug fix release which addresses these issues:

• Fix #2148: Root directory detection: OS root (/ on Unix or C: on Windows) is identified as the project directory
• Fix #1931: Output directory is used as a fallback when the base directory cannot be identified
• Improvement #2152: Log server version in the begin step, to ease investigations
• Improvement #2156: Better messages for Multi-file analysis

8.0.0

• The scanner is now supporting multi-language analysis. This means that it automatically picks up all the files for the following languages:
  • T-SQL
  • PL/SQL
  • YAML
  • XML
  • JSON
  • CSS
  • HTML
  • Javascript
  • Typescript

If this is not desired, it can be turned off by providing /d:sonar.scanner.scanAll=false on the begin step.

• The JRE provisioning is disabled if the targeted SonarQube instance version is less than 10.6