Analysing repo with multiple Salesforce-related project types (JavaScript / Apex)

zhantaof · March 18, 2021, 11:34am

ALM used: GitLab CI/CD, Salesforce
CI system used: GitLab CI/CD
Scanner command used in GitLab CI/CD pipeline:

      sonar-scanner
      -Dsonar.projectKey=[REDACTED]
      -Dsonar.organization=[REDACTED]
      -Dsonar.apex.coverage.reportPath=test-result-codecoverage.json
      -Dsonar.qualitygate.wait=true
      -Dsonar.verbose=false
      -X

Languages of the repository: Apex (.cls files) and JavaScript (Lightning Web Component, which is a UI framework similar to React, tests written using Jest)
Error observed:

SonarCloud managed to scan the Apex codebase and picked up on the Apex Code coverage from the test-result-code-coverage.json but not able to pick up the JavaScript codebase as well as the tests and code coverage.

I’ve read a few other posts regarding this and saw that the MSBuild and Maven Scanner can pick up and scan other languages provided there are references in the code or changing some form of configuration. I was wondering if something like that can be applied to my current situation?

If not, can you please recommend the best approach we should take in order to allow the scanning of both project types in our CI pipeline?

Justin_Allen · April 8, 2021, 3:07pm

Hello Zhantao, sorry for the delay. Would it be to send the analysis logs so we can investigate further. If you do not feel comfortable sending the analysis logs publicly you can send it via private message.

janos · April 28, 2021, 3:17pm

In your post we cannot see the value of sonar.sources, which is one of the most important configuration properties to tell the scanner where to look for files to analyze. In the simplest case you can set this to ., to consider all files in the project that can be analyzed. This should pick up everything, including JavaScript. To understand which files are picked up for analysis, you can find detailed information on the Narrowing the focus page in our documentation.

Based on the information we have so far, MSBuild and Maven don’t look suitable for your purpose. MSBuild is for .NET projects, and Maven is for Java projects. If your code is mostly JavaScript and APEX, then the sonar-scanner you are currently using looks appropriate.