Ado Scanner does not a analyze typescript files

  • ALM used: Azure DevOps
  • CI system used: Azure DevOps
  • Scanner command used when applicable
    Azure Devops (does not analyze TS files)
-task: SonarCloudPrepare@3
  inputs:
    SonarQube: "${{ parameters.sonar_service_connection }}"
    organization: '<org name>'
    scannerMode: 'cli'
    cliScannerVersion: "${{ parameters.sonar_scanner_version }}"
    configMode: 'manual'
    cliProjectKey: "${{ parameters.sonar_project_key_prefix }}-${{ parameters.artifactName }}"
    cliSources: ./
    extraProperties: |
      sonar.verbose=true
      sonar.exclusions=**/.next/**,**/coverage/**,**/node_modules/**
      sonar.scm.exclusions.disabled=true
      sonar.javascript.exclusions=*.git,**/node_modules/**,**/.next/**
      sonar.typescript.exclusions=*.git,**/node_modules/**,**/.next/**
      sonar.projectBaseDir=${{ parameters.sourceDirectory }} 

- task: SonarCloudAnalyze@3
  inputs:
    jdkversion: "${{ parameters.sonar_scanner_jdk_version }}"
  displayName: Execute Sonar Analysis

- task: SonarCloudPublish@3
  inputs:
    pollingTimeoutSec: '300'
  displayName: Publish Sonar Results

Local Mac (successful analyses)

sonar-scanner -Dsonar.verbose=true \
    -Dsonar.token="<token>"\
    -Dsonar.organization=<org name> \
    -Dsonar.projectKey=<project key> \
    -Dsonar.host.url=https://sonarcloud.io \
    -Dsonar.scm.exclusions.disabled=true \
    -Dsonar.javascript.exclusions='*.git,**/node_modules/**,**/.next/**' \
    -Dsonar.typescript.exclusions='*.git,**/node_modules/**,**/.next/**' \
    -Dsonar.flex.cobertura.reportPaths=./apps/web/coverage/cobertura-coverage.xml \
    -Dsonar.branch.name=feature/E1901-26270-sonar-integration-develop \
    -Dsonar.branch.target=develop \
    -Dsonar.sources=./apps/web 2>&1 | less
  • Languages of the repository: JavaScript, Typescript, Bicep

  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)

When i analyze the code with the command shown above from my mac everything works fine and the lines in the typescript files are properly recognized and the issues are reported.

When i do it within the Azure Devops Pipeline with the command shared above, the analyze runs successfull (no error message) but the TS files are shown with 0 lines and the issues are not found.

I cannot share the full log as this is a client environment.

Here is a screenshot from the UI after ADO scan:

And this is the scan done from local:

Strangely the local scan doesnt include all files and folders even that they are present in the log (for instance apps/web/actions is missing from the local scan but the log shows that it has been analyzed)

The sonar scanner version that we use is 7.1.0.4889 in both cases. (i have already tried other versions without a change)

Any idea is appreciated.

Thanks upfront and best regards

Frank

Hi,

Welcome to the community!

With these two parameters, you’ve configured short-lived branch analysis, which only looks at code that’s new in the branch.

I’m guessing none of your TypeScript code has been updated in feature/E1901-26270-sonar-integration-develop?

 
HTH,
Ann

Thanks for the answer, yes that is right. However, as there is no other branch analyzed, all the code is new.

If it would be related to the branch, then it would be the same when scanning locally and in the pipeline, didnt it?

BR
Frank

in an combined effort from our integration engineer and some probing i was able to fix that.
For people who are in the same situation i am providing the culprint…

First i made sure that the paths are correct. when projectBaseDir is configured in the extra properties, cliSources become relative. So i removed projectBaseDir and just configured cliSources with a full path.

Next i checked the warnings that can be seen in sonar cloud in the project under Administration → Background Tasks. There find the last task and click on the 3 dots. If there is an option “Show Warnings” click on it and fix the issue.

In my case i got a message that no ref for master could be found. As our main branch is also called main i have simply renamed the branch and after that the analyze was successful showing all files and all lines.

Not sure if that is a bug or why there was a master branch listed as main but at least this solved it for me.

Thanks and best regards

Frank

1 Like