0 issues after running SonarScanner CLI on dotnet6.0 project

  • ALM used: Github
  • CI system used: Github Actions
  • Scanner command used when applicable (private details masked)
    sonar-scanner -Dsonar.projectVersion=0.0.28 -X -Dsonar.branch.name=feature/foo
  • Languages of the repository: C#
  • Error observed: None, in fact coverage data got correctly processed

I’m trying to run SonarScanner CLI on the dotnet6.0 project. I know that SonarScanner for .NET exists, which I presume offers more accurate scan results, however I’d like to proceed with using SonarScanner CLI as we have a zoo of projects in different languages and it is appealing to us to use the same way to perform Sonar scans in each case. My expectations about what code quality issues SonarScanner CLI would be able to report are - same as what Automatic Analysis does.

However after running the SonarScanner CLI on the project, the issue count went down from 209 (collected by Automatic Analysis) to 0, but the coverage data got updated.

Here is the sonar-project.properties that I used:

sonar.projectKey=myorg_myproj
sonar.organization=myorg
sonar.host.url=https://sonarcloud.io
sonar.projectName=myproj

sonar.sources=src/
sonar.exclusions=**/*.json, **/*.py, **/*.js, **/*.xml, **/*.html, **/*.yml, **/*.yaml

sonar.tests=test/

# =====================================================
#   Properties specific to .Net
# =====================================================

sonar.cs.vscoveragexml.reportsPaths=dist/coverage.xml

I’ve seen the troubleshooting chapter in the docs that mentions the error message Property missing: 'sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project., however I’m not seeing that in my logs. I’m not sure how to interpret the text that follows after that:

Scanner CLI is not able to analyze .NET projects

Does it apply only in case the above error message is displayed or is it a “permanent” limitation?

The SonarScanner CLI offers zero results for C# code. It simply doesn’t work based on the architecture of our C# analysis (which runs the meat of the analysis during the build by attaching Roslyn analyzers to the build).

You have to use the Scanner for .NET.

Does that mean that when running “Automatic Analysis” on the project, SonarCloud also builds the project under the hood “somehow” (with some default parameters I presume)?

There’s some magic going on in the backend to get the best analysis we can get, but that’s only available through Automatic Analysis, and not the SonarScanner CLI.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.