Analyzing warnings on csproj level

• ALM used: Azure Devops
• CI system used: Azure Devops
• Scanner command used when applicable:

      if [ "$BUILD_REASON" = "PullRequest" ]; then \
        dotnet sonarscanner begin \
          /k:"$SONAR_PROJECT_KEY" \
          /o:"$SONAR_ORGANIZATION_KEY" \
          /n:"$SONAR_PROJECT_NAME" \
          /d:sonar.host.url="$SONAR_HOST_URL" \
          /d:sonar.login="$SONAR_TOKEN" \
          /d:sonar.exclusions=**/obj/**,**/*.dll \
          /d:sonar.cs.opencover.reportsPaths=/testresults/coverage/coverage.opencover.xml \
          /d:sonar.cs.vstest.reportsPaths=/testresults/*.trx \
          /d:sonar.pullrequest.provider=vsts \
          /d:sonar.pullrequest.key=$SONAR_PULL_REQUEST_ID \
          /d:sonar.pullrequest.base=$SONAR_TARGET_BRANCH \
          /d:sonar.pullrequest.branch=$SONAR_SOURCE_BRANCH \
          /d:sonar.pullrequest.vsts.instanceUrl=$SONAR_COLLECTION_URI \
          /d:sonar.pullrequest.vsts.project="$SONAR_TEAM_PROJECT" \
          /d:sonar.pullrequest.vsts.repository="$SONAR_REPOSITORY_NAME"\
          /d:sonar.scm.provider=git; \
      else \
        dotnet sonarscanner begin \
          /k:"$SONAR_PROJECT_KEY" \
          /o:"$SONAR_ORGANIZATION_KEY" \
          /n:"$SONAR_PROJECT_NAME" \
          /d:sonar.host.url="$SONAR_HOST_URL" \
          /d:sonar.login="$SONAR_TOKEN" \
          /d:sonar.exclusions=**/obj/**,**/*.dll \
          /d:sonar.cs.opencover.reportsPaths=/testresults/coverage/coverage.opencover.xml \
          /d:sonar.cs.vstest.reportsPaths=/testresults/*.trx \
          /d:sonar.branch.name=$SONAR_BRANCH_NAME \
          /d:sonar.scm.provider=git; \
      fi; \

• Languages of the repository: C#, CSPROJ

• Private Sonarcloud Project

• Error observed: Warnings on the CSPROJ level (Analyzers) aren’t shown in sonarcloud

• Steps to reproduce:

  • Add the following analyzer to your project: https://www.nuget.org/packages/DotNetProjectFile.Analyzers/
  • Ensure that at least one warning is unresolved (e.g. the IsPublishable tag isn’t set)
  • Run sonarcloud on the solution. The warning on the CsProj isn’t shown in sonarcloud.

• Potential workaround: Manually go through the warnings in Visual Studio and resolve them.

I’m assuming this is simply a feature which isn’t in sonarcloud/sonarqube yet, unless I’m missing something. Is it possible to add the csproj level warnings to show in SonarCloud?

Thanks in advance,

Arie.

Hi Arie,

Roslyn-based issues should be imported automatically. Can you check your analysis context (Administration → Background Tasks → [row dots menu] → Show SonarScanner Context) to see if sonar.cs.roslyn.ignoreIssues is present and set to true?

And at the same time, I don’t think we analyze *proj files, so that may be why these are being ignored.

 
Ann

This is related to How to include issues reported on MS Build project files