Azure DevOps | MonoRepo | Node.js - Not finding sources

Template for a good new topic, formatted with Markdown:

  • ALM used :
    Azure DevOps
  • CI system used:
    Azure DevOps
  • Scanner command used when applicable (private details masked)
- task: SonarCloudPrepare@1
    SonarCloud: 'Sonar Cloud'
    organization: '13311015-canada-inc'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: '<our key>'
    cliProjectName: '<our name - same as key>'
    cliSources: 'services/service1'
  • Languages of the repository
  • Only if the SonarCloud project is public, the URL
    • And if you need help with pull request decoration, then the URL to the PR too
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
    No Errors. But when viewing the result, there is no code and no errors
  • Steps to reproduce
    We have a monorepo containing client/backend code. Structure is like:
  - /services
    - /service1
      - tsconfig.json
      - package.json
      - /src
        - ... folders and sources
   - /service2
     - tsconfig.json
     - package.json
     - /src
       - ... folders and sources
- /clients/react-native
  - package.json
  - /src
- /libraries
  - /lib1
     - sonar-project.properites
     - package.json
     - /src
       ... sub folders and files

I have found with the sonar-scanner, going to the specific project source it runs fine, finds code/issues.

% sonar-scanner \
  -Dsonar.organization=my-org \
  -Dsonar.projectKey=my-service \
  -Dsonar.sources=. \ \

However, when triggering a build, no sources are found.

We use yarn monorepo. The build is something like:

1. download node
2. checkout depth 0
3. run - task: SonarCloudPrepare@1 (for 1 of 4 backend services)
4. yarn install 
5. yarn build-libraries
6. run - task: SonarCloudAnalyze@1  (passes)
7.  run - task: SonarCloudPrepare@1 (for 2 of 4 backend services)
8. run - task: SonarCloudAnalyze@1  (passes)
9. - task: SonarCloudPublish@1 (correctly links to PR, and gives a link)
10. run tests
11. run webpack
12. other steps to deploy
  • Potential workaround
    Can run sonar-scanner manually. But really trying to figure why the pipeline doesn’t find anything…

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hey there.

It’s not clear to me what you mean by “not finding sources”. Are you receiving ane error message? Seeing something strange in the UI? Just want to make sure I fully understand the issue!

I can see that my SonarCloud project has been uploaded, and the correct branch:

When I click on that branch I see the following:

(Passed, but no bugs, no smells, no security… nothing)

And when I click on the ‘Code’ tab, its empty:

In contrast, when I manually ran sonar-scanner, then bugs and smells appeared, and code shows folders that I can drill down.

So when doing through Azure, we get no code showing which is why I’m saying its not finding the sources…

It looks like you’re running this on a pull request, where only the changed code will appear.

Are you changing code in this branch / pull request, other than configuration files such as adding SonarCloud analysis?

Ah, you might be on to something! No, I’m only checking in config files and pipeline.yml changes in order to trigger the build. Its not a PR request, its currently just an Azure DevOps pipeline triggered on any commit to the branch.

This is in my pipeline now:

- checkout: self
  fetchDepth: 0

- task: SonarCloudPrepare@1
    SonarCloud: 'Sonar Cloud'
    organization: '<ommited>'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: '<omitted>'
    cliProjectName: 'service1'
    cliSources: 'services/service1'

Is there something I’m missing? Or is there a better practice I should be doing to get this setup initially?
Thanks in advance!


Okay, you’re not analyzing a pull request but you are analyzing a short-lived branch, which also only shows changes on New Code. Once merged into your main branch, I expect you’ll see full results.

I have been pushing internally for a while that analysis setup from a short-lived branch or pull request can be confusing for new users, who see no results (because the config files aren’t analyzed by SonarCloud). I’ll add this topic to the list.