Azure DevOps Pipeline scan COBOL sources

Hi all,
I’m evaluating SonarCloud for my company since we are looking for a solution to analize our COBOL code.
We use Azure DevOps as CI for our .NET solutions and COBOL ones.
To compile COBOL, we launch the compiler trough a .NET app of ours who takes the code from Microsoft TFS.
As for .Net solutions, we have no problem with SonarCloud: code is compiled and correctly analized and we see results on SonarCloud.

With COBOL, I’m not able to load code into SonarCloud.
I integrated the “Prepare analysis on SonarCloud” step in our Azure Pipeline, set it to “Use standalone scanner” and added these additional properties:

# Additional properties that will be passed to the scanner, 
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
sonar.nodejs.executable=C:\Program Files\nodejs\node.exe

With these settings, Code Analysis step runs correctly but I find no code into SC project page since no code has been analyzed.

Here’s the step output:

##[section]Starting: Run Code Analysis
Task         : Run Code Analysis
Description  : Run scanner and upload the results to the SonarCloud server.
Version      : 1.9.0
Author       : sonarsource
Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](
[command]C:\Windows\system32\cmd.exe /D /S /C "F:\Agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.9.0\sonar-scanner\bin\sonar-scanner.bat"
INFO: Scanner configuration file: F:\Agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.9.0\sonar-scanner\bin\..\conf\
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner
INFO: Java 1.8.0_221 Oracle Corporation (64-bit)
INFO: Windows Server 2016 10.0 amd64
INFO: User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
INFO: SonarQube server 8.0.0
INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=189ms
INFO: Server id: 74E9293D-AWHW8ct9-T_TB3XqouNu
INFO: User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=94ms
INFO: Load/download plugins (done) | time=234ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=0ms
INFO: Project key: UAS_Main
INFO: Base dir: F:\Agent\_work\22\s\UAS\Main
INFO: Working dir: F:\Agent\_work\22\s\UAS\Main\.scannerwork
INFO: Load project settings for component key: 'UAS_Main'
INFO: Load project settings for component key: 'UAS_Main' (done) | time=47ms
INFO: Load project branches
INFO: Load project branches (done) | time=31ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=15ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=0ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=78ms
INFO: Detected Azure DevOps
INFO: Load active rules
INFO: Load active rules (done) | time=1096ms
WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
INFO: Organization key: k16v6eabfza0f81yh0gls1x36sp20w47
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/*.sql, **/*.SQL
INFO: 852 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: ------------- Run sensors on module UAS_Main
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=15ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=16ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=16ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=0ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: F:\Agent\_work\22\s\UAS\Main\.scannerwork\ucfg2\java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: F:\Agent\_work\22\s\UAS\Main\.scannerwork\ucfg2\java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=15ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: F:\Agent\_work\22\s\UAS\Main\ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: F:\Agent\_work\22\s\UAS\Main\ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: F:\Agent\_work\22\s\UAS\Main\.scannerwork\ucfg2\php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: F:\Agent\_work\22\s\UAS\Main\.scannerwork\ucfg2\php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=15ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 110ms, dir size=135 KB
INFO: Analysis report compressed in 15ms, zip size=26 KB
INFO: Analysis report uploaded in 32ms
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at
INFO: Analysis total time: 6.799 s
INFO: ------------------------------------------------------------------------
INFO: ------------------------------------------------------------------------
INFO: Total time: 8.706s
INFO: Final Memory: 36M/300M
INFO: ------------------------------------------------------------------------
##[section]Finishing: Run Code Analysis

Could you please help me understanding what I am (surely) missing?

Thank you


Do your COBOL files have an extension?
You should set up your project to reflect that, for example:


The sonarcloud documentation for COBOL may be useful.

Does that help you?

It really helps, indeed!

Using this parameter let me import the code as I wanted, thank you.
What about the other parameters I added? are they correct or I should remove them?

Now, I’d like to set COBOL dialects but, reading the documentation, it seems that I should do it through an Administration menu that I don’t have in SonarCloud. Is that only possible in the enterprise edition?

Thank you again

Your parameters look OK, even if some of them are probably superfluous.

You should see the “Administration” menu on your project page.


Choose “General Settings” and then select the “COBOL” tab.

The COBOL dialect should be set with sonar.cobol.dialect and you can set it without the user interface if you prefer.

Thank you Nicolas,
unfortunately, I can’t see that Administration menu on my SonarCloud project page.
Here’s what I see:


Anyway, if you say I can set it using the property sonar.cobol.dialect, I’ll try with it.
If I use different dialects, do I have to separate them with commas?

Thank you again

If you don’t see the “Administration” menu, you have an authorization issue. I don’t know much on that topic.

You can’t have more than one COBOL dialect per project. You may have to split your project to work around that.

Well, I’m the owner of the project and of the organization… what kind of other grant should I have?

Anyway, thanks again for your support: I was able to import code and analyse it with opencobol dialect!
Another question, the sonar cloud documentation for COBOL you mentioned before is laking of some properties for what I see. For example the dialect part. Where can I find all the others?

Thank you

The SonarCloud documentation for COBOL does mention dialects. It doesn’t mention the name of the parameter, but that’s because it assumes you set it with the user interface.

Ok, I got it.
But since, apparently, I can’t use it, where can i find those parameters list? I mean, where did you find the sonar.cobol.dialect you suggested me?

Thank you

Indeed, I copied sonar.cobol.dialect from the SonarCloud administration page of a project I own.
You may also need sonar.cobol.sourceFormat which value should be one of fixed, free or variable.
I think that the names of the other parameters is mentioned in the documentation.

Ok thank you so much Nicolas for your precious help.