Add .vbproj and web.config to SonarQube scan

  • SonarQube server ( Version, community edition)

I made some custom xml rules for look at vbproj and web.config files for specific settings.
So, I want those to be included in the scan/upload for SonarQube but they aren’t being included by default.

I am running the scan in Azure DevOps pipelines
Under extra properties of the Prepare task I’ve added the following:

sonar.sources =./test1/test1.vbproj,./test2/test2.vbproj,./test3/test3.vbproj

I’ve also tried to add the xml suffixes on the server under project settings and under the admin setting for the whole server.
I’ve run this with the sonar.sources and without it under extra properties.

These options have worked before on another project but aren’t working this time so I’m not sure if I am forgetting something I did manually last time or not.


According to the docs,

For newer SDK-style projects (used by .NET Core, .NET 5, and later), the SonarScanner for .NET will analyze all file types that are supported by the available language plugins unless explicitly excluded.

So I guess the projects where this worked were SDK-style, and this project is not?


Hello Ann,

They are both on the older side,
.Net framework 4
Both are building and running in VS2019.
And, we are using default settings on the server so anything not effected by the 4 extra properties is default - there is only one reference to an excluded file by default

Logs do say:

SonarScanner for MSBuild 5.5.3
Using the .NET Framework version of the Scanner for MSBuild
INFO: 1 file ignored because of scm ignore settings

I turned off scm in general settings and got:
INFO: SCM Publisher is disabled
But the .config file and .vbproj files still did not come over


Okay, we’ve officially exhausted my .NET knowledge. I’ve flagged this for more expert attention. They should be along “soon”.


@dashaw can you tell us how you wrote the custom XML rules please?

If you are using the Scanner for .NET, you should not set the sonar.sources property - it is generated automatically by the scanner i.e. the sonar.sources property will include any file referenced in the MSBuild projects being analysed.

Here, I guess you want to reference the project file itself. You should be able to do that by adding the following in the MSBuild project itself:

    <None Include="$(MSBuildThisFile)" />

If you are still having problems, please share the verbose logs for the end step (verbose logs are generated if you pass /d:sonar.verbose=true to the scanner in the begin step)

Hello Duncan,

The custom rules are just XPath template rules

Adding the ItemGroup you provided did add each of the .vbproj files to the scan but I’m still not getting the web.config

Adding sonar.verbose=true does not appear to be doing anything to the log output.
We are using a self hosted build server so not sure if it isn’t properly updating properties?

You would need to add an include for the web.config too.

Could you share a screen shot of how you are setting the properties in the pipeline please?

The web.config was already included in an ItemGroup (I also tried to separate it out into its own item group)

Here is an example of how I am adding the properties under the

As per the example when creating the task

Any items in the Content ItemGroup should be passed to the Sonar command line scanner, which is what happened when I tried it locally (there’s no need to separate it into a separate ItemGroup). However, the file didn’t appear in the SonarCloud UI, and the debug log had the following message:

DEBUG: 'web.config' indexed with language 'null'

My guess is the file wasn’t analysed because none of the plugins are configured to handle .config files. Have you configured your SonarQube server so that the Sonar XML plugin looks at .config files?

Using a self-hosted build server shouldn’t make any difference. I passed the extra properties in an Azure DevOps pipeline, and it worked for me. Does the output for your “Run analysis” step not contain a log entry like the following one?

I thought the sonar.xml.file.suffixes=.xml,.xsd,.xsl,.vbproj,.config would configure the XML plugin to look for .config files. I have this set in the pipeline, I have also tried to set this in the SonarQube UI at the project level (Project settings > General settings > Languages …) and at the server admin level (Administration tab) with no change in the results (And, just this setting is working for another project to scan the web.config as far as I can tell).
The output does indicate that it is identifying xml files to be scanned, so sonar.xml.file.suffixes is working on the .vbproj files

For Logging:
The output does not contain the log entry line like you have highlighted there

I did try to make sure it cleaned everything before a new run but that didn’t change the output (default clean options was “Sources”)

@dashaw I was stuck for ideas, and without any diagnostic output it’s difficult to know what the problem might be.

However, I’ve tried a few things out, and I’ve worked out what part of the problem is - you’re missing a | character:

    extraProperties: |

If you add that you should get diagnostic output. It might fix both issues.


I added the | character and ran again.
Was able to get verbose logs and web.config is now present in our SonarQube scan.

A little surprised that didn’t generate a Yaml validation error since I didn’t mark that input as multiline.
But, it is working as expected now.

Thank you for the help on this.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.