I'm trying to setup a Sonar scan for C# code and from the documentation I understand that sonar scanner is deprecated and I have to use MSBuild for C#.
But in the meantime I managed to run a sonar scanner analysis on the C# code and also got some issues too. So the scan seems to be successful.
My question is: Is it worth to make the transition from sonar scan to MSBuild scan and why?
I'm asking this because making this change would require some effort, time and resources which I would rather spare if possible.
It's not shocking that you got some issues using SonarQube Scanner to analyze your C# project. But did you get all that you should have?
When you analyse with the SonarQube Scanner, you're basically doing a file by file analysis. So each source file is analyzed on its own without any information about the types that are defined in other source files. There are other differences too. For example each partial part of a
partial class is also analyzed separately. As you can image this can only be done on a best effort basis, and will result in missing or inaccurate issues.
Comparatively, when you use the Scanner for MsBuild, the analysis is integrated into your build process. So the analyzers can use all type information available to the compiler. Naturally, this results in lot more accurate issues, code coloring, ...
This is why the SonarQube Scanner for MSBuild is recommended for the analysis of .NET projects.