Using SonarCloud: How to Integrate SonarCloud with Azure DevOps Pipeline


SonarCloud is an application that you can use to build robust and safe applications. With this application, you can use it to rapidly assess your code health to know where your code stands at every level of the software development life cycle (SDLC). This is an application that you can use to build clean code, detect bugs, vulnerability and fix issues in your code very early in your SDLC and thereby make your customers happy. This is an application that meets every security standard and can be used to protect your data from getting exposed to a malicious user. This application can help analyze your code and can be integrated into the Azure DevOps pipeline. All you need is to push your code to the designated repo and set up your pipeline and start analyzing your code while building it before deployment to either the staging environment or production environment. SonarCloud stands out in terms of accuracy, it does not waste useful time on false positives but will always help you find the real issue for you to fix.

In this guide we will learn how to integrate Azure DevOps Services with SonarCloud:
- We will set up an Azure DevOps project and CI/CD Pipeline to integrate with SonarCloud.
- We will Analyze SonarCloud reports

You need:

  1. A Microsoft account to log in to Azure DevOps.
  2. Create an Azure DevOps organization
  3. Create a new Azure DevOps project.

First login into your Microsoft account and continue to Azure DevOps (

Trying to Login to Azure DevOps

Create your Azure DevOps Organization. In this guide, we are creating techdirectarchive as the Azure DevOps organization.

Giving your Azure DevOps Organization a name

If your plan is to sign up for a paid plan with SonarCloud (see below), make sure that you set your Azure DevOps project to private. If your plan is not to sign up for a paid plan then select public. If your project is open source you can select public but if your code is intellectual property then the option of a paid plan and making your project private is the best.

In this project, we will be using the public.

Getting a Project name and selecting a visibility plan

You can either import your repository from Github or from any other Repo. You can as well push your code from your local computer to Azure Repo.
– Select Repos in your project overview:

your Project Overview page
your Repository initiation

Follow the below steps if you are importing your repository from Github:
– Login to your Github where you have your repository and copy the URL

your GitHub Repository

Paste the URL on the Clone URL box and click import.

Importing a repository from GitHub

Immediately this is done it gets pushed to the Azure DevOps Repo where you can run a build on it.

Repos Overview
This push your code to Repo

You can also use the Push an existing repository from the command line by opening the application project with an IDE and running the following Git commands on the terminal.

This push your code to Repo
Pushing your source code from IDE

Next, you will need to install the SonarCloud extension in your Azure DevOps account. Navigate to the SonarCloud Extension via the Visual Studio Marketplace and click Get it free to install it.
– Then Proceed to the organization once the installation is completed.

Marketplace Overview
Installing SonarCloud Extension
SonarCloud Extension installed

You can use the same account you used for your Azure DevOps.
– Sign into SonarCloud:

Login to SonarCloud and linking with Azure DevOps
Login to SonarCloud and linking with Azure DevOps

Next, you will need to create an organization and within the organization, you will need to create a new Project. Both the organization and project you set up in SonarCloud must have the same name as the organization and project that you set up in Azure DevOps.

Creating an Organization on SonarCloud

Enter or create a Personal Access Token from your Azure DevOps under the User setting.

Creating a Personal Access Token for your Azure DevOps
Creating a Personal Access Token for your Azure DevOps

Once all these are created you will be able to Import organization details from Azure.
– Enter the key you plan to use for your project and click on Continue.

Creating an Organization on SonarCloud

Choose a plan: you can select a Free Plan that has all projects you analyzed in the public and anyone can browse the source code because it’s not restricted.

The Paid Plan has unlimited private projects and the source code is restricted to public access.
– Click on Create Organization

Choosing a Free or Paid Plan on SonarCloud

When you click on the Create new project the Analyze projects – Select repositories page will open that has all the organization and Azure DevOps repositories that exist and you can then make your selection.

Then click Set Up and click on Azure DevOps Pipelines. On the next page you can ignore the SonarCloud extension installation if you have earlier installed it.

Linking your Azure DevOps Repo with SonarCloud

Next, you need to select the stack technology used for your build. This is what you will need to configure the Azure Pipeline.

Selecting your Stack Technology for build

Now you need to create a new pipeline on your Azure DevOps

Follow the below steps on Azure DevOps to initialize your pipeline and link it to your repository.

Add a new SonarCloud Service Endpoint

  1. Go to Project settings > Service connections
  2. Add a new service connection of the type SonarCloud
  3. Use this token: Enter the token that shows here 
  4. Click on Verify to check that everything is linked correctly.
Creating your first Pipeline
Configuring your Service connections
Configuring your Service connections
Configuring your Service connections

On the Create your first Pipeline page clicks on the Create Pipeline button.

Select where your code is situated and use it to create a pipeline or you can use the classic editor to create a pipeline. If your stack technology is .NET Core or ASP.NET Core you can use a .NET Core with SonarCloud as a template that will build your app.

From the drop-down select Azure pipelines as the Agent pool and also select your Agent Specification.

Choose your code Pipeline
Choose a template for your Pipeline
Configuring your Pipeline

Follow these three steps to analyze your code in the pipeline

1. Prepare Analysis Configuration

  1. Select the SonarCloud endpoint.
  2. Select the SonarCloud organization techdirectarchive 
  3. In Choose the way to run the analysis, select Integrate with MSBuild.
  4. In the Project Key field, enter techdirectarchive_Techdirectarchive_Proj 
  5. In the Project Name field, enter Techdirectarchive_Proj 
  6. Save and Queue
  7. Run

Please ensure this task runs before your build step.     

Configuring your Pipeline (Prepare analysis on SonarCloud)
Configuring your Pipeline (Run Code Analysis)
Pipeline build result

Immediately the Pipeline is run successfully you will get the scan report on the SonarCloud and the needed remediation can be performed and a re-run of the Pipeline can be done after remediation.

SonarCloud Report

2. Run Code Analysis

This task needs to run after your build step.

3. Publish Quality Gate Result

This task is not mandatory but will allow you to decorate your Pull Request.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x