Yes, each module is a separate SCM repository. Submodule information is stored in the file .gitmodules. In the main GitLab project’s yaml script, we use GIT_SUBMODULE_STRATEGY: recursive to ensure all submodules are checked out.
We are using .NET solution and Visual Studio. The solution file contains many VS projects, some of the VS projects are git submodules.
- "C:\\sonar-scanner-msbuild-5.4.0.40033-net46\\SonarScanner.MSBuild.exe begin /k:\"$SONAR_PROJECT_KEY\" /d:sonar.login=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\""
- '& "$env:MSBUILD_PATH" Solution_File.sln /t:Rebuild /restore /property:Configuration=Release /property:Platform="Any CPU"'
- "C:\\sonar-scanner-msbuild-5.4.0.40033-net46\\SonarScanner.MSBuild.exe end /d:sonar.login=\"$SONAR_TOKEN\""
My thought is, since the above MSBUILD command takes the solution file and builds the entire solution code, including the code files found in git submodules, in theory, it should be possible for SonarQube to also see these code files in git submodules. Is it possible to let SonarQube scan these code files without having to set up each of the submodules as a separate SonarQube project?