Analyzing Xaml files with SonarXml


We need to verify that everytime a developer uses a certain control he does fill a specific property. My plan was to use SonarXml with the " Track breaches of an XPath rule" rule to verify it.

Sadly, even if I added .xaml extension to SonarXml, it looks like SonarQube never analyzes the xaml files. Do i have to do anything else besides modifying the extensions of the task to make sure it does analyze them?

I did activate the verbose logging and I do not see any xaml file passed to SonarQube, which makes me wonder if there’s anything else I should do

Hi @rlejeune,

I’m assuming you’re analyzing the project using the Scanner for MSBuild. XAML files are normally referenced in an MSBuild project using the ItemTypes Page or ApplicationDefinition.

The bad news is that the Scanner for MSBuild doesn’t include these ItemTypes in the list of files to be analyzed so they don’t get passed to SonarXml.

The good news is that it is easy to tell the scanner to include those item types simply by setting the MSBuild property $(SQAdditionalAnalysisFileItemTypes) e.g.

msbuild /p:SQAdditionalAnalysisFileItemTypes="Page;ApplicationDefinition"

I’ve created issue #746 to track adding those item types to the standard list of files to be analyzed.

1 Like

Hi @duncanp

Thank you for your quick reply, really appreciated. I’ll add this to my build and redo my testing.

Have a nice day :slight_smile:

Just to be sure I am doing the good thing. Is that parameter should be added to the Scanner for MSBuild task? If so what version do I have to use to be sure it works?

What I understood from your reply was that I should pass that property to MSBuild directly, but it doesn’t seem to do anything with it particulary.

I tried looking around to find an example, but found nothing.

Thank you for your help in advance.

You need v4.2 of the Scanner for MSBuild or later. If you are using Azure DevOps, that translates to v4.2 of the SonarQube extension and v1.2 of the SonarCloud extension.

Yes, pass the /p:… parameter to MSBuild, not to the scanner.

If you are performing the analysis from the command line, have a look in the .sonarqube\out\ after the end step has finished. The .xaml files should be in listed in the file.
If you’re using Azure DevOps then the contents of the generated file will be in the output of the end step if you have verbose logging turned on.