CI: Azure DevOps
Build Agents: Microsoft Hosted Agent - Windows 2019
Languages of the repository: C# .Netcore 3.1
SonarQube: Community Edition - 7.9.3
SonarQube analysis result is empty stating that the main branch has no lines of code. Build runs in a Microsoft hosted agent and during the build process we are cloning the repository (other organization). Seems like SonarQube is unable to recognize the repository source code. Thus, resulting this issue.
When we place the source code in Azure Repos then the analysis is working fine. But, our use-case is not to maintain the source code in Azure Repos due to which we are cloning the external repo in our build pipeline.
Kindly advise on how to analyse the source code in this case. Thanks in advance!
Technically speaking, cloning a repo for wherever you want is not a problem for the scanner. Except for some automated detection of branches parameters, it makes no difference on the code analysis itself.
So I don’t know what could be the issue to be honest.
Did you enable the pipeline debug variable
system.debug so it says what files are indexed? Could this give you any hints of the actual problem? Attach it there if you don’t figure out, I could have a look.
System.debug was enabled. Based on the logs - “However, SonarQube was considering all the source code and tests for analysis but indexing 0 files due to scm ignore messages”. I’m not sure why SonarQube is pertaining to excluding scm ignore errors?
Solution is enabled the sonar.scm.exclusions.disabled=true and this is relevant to All files excluded by the scm ignore settings