Bitbucket Pipe + SonarCloud + C#/.net core

SonarCloud
,
#1

Hi,

I’m trying to use Bitbucket Pipe with SonarCloud pipe. The configuration from guide looks simple but it doesn’t seem to analyze my code though source codes are detected

Here is the code snippet for my pipeline

      step: &sonarcloud-scan
        name: SonarCloud Scan
        script:
          - pipe: sonarsource/sonarcloud-scan:0.1.5
            variables:
              SONAR_TOKEN: ${MY_SONARCLOUD_KEY}
              DEBUG: "true"
              EXTRA_ARGS: -Dsonar.verbose="true" -Dsonar.projectVersion=1.0.0

From SonarCloud.io, my project overview says “This project is empty”
Please let me know what info I should provide cos I’m on company’s source code so I’m trying to avoid sending sensitive log for security reason

Thanks,
Hoang

.NET Code is ignored and not analyzed
#2

Hello,
Based on the error I suggest to:

  • make sure that you build the project before you run the SonarCloud Scan pipe in bitbucket-pipelines.yml
  • if build execution and SonarCloud Scan execution are not done in the same Pipelines step, you have to explicitly define the artifacts that are produced by the build step in bitbucket-pipelines.yml so that all the subsequent Pipeline steps can even see the results of the build. You can do that by using artifacts property of a Pipelines step (here is the link to Bitbucket docs: https://confluence.atlassian.com/bitbucket/using-artifacts-in-steps-935389074.html)

Please let me know if that fixes the issue and if not I’ll investigate.

#3

Hi Michal,

By “build the project before you run the SonarCloud Scan pipe”, do you mean build script to be at the same level as -pipe ?

Can you please give a sample bitbucket pipeline snippet for it? Thanks

#4

Hi Hoang,
Apologies, I missed the important part where you mention it’s C#/.net core. Unfortunately the pipe doesn’t yet work for these since they require a dedicated scanner (https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+MSBuild).

#6

Hi @Michal_Duda, that’s good to know.

Is there a plan to support it? It looks to me like SonarSource can provide some sonarsource/sonarcloud-scan-msbuild docker

#8

We don’t have plans to add MSBuild support in the Pipe at the moment but I opened a ticket to create an example MSBuild project that uses Bitbucket Pipelines to trigger SonarCloud analysis since we are missing that in our Bitbucket Pipelines examples.

1 Like
#9

awesome. I look forward to seeing that example code. Thanks, @Michal_Duda

2 Likes
#10

It would really help to get this example. Any idea of the timeframe for including it in your examples?

#11

I managed to get our particular pipeline working. The requirements were for the pipeline just to run and publish analysis of a C# .NET Core 2.2 app - the rest of the work was being done on Azure pipelines.

One issue we had was that java was not installed as we were using the microsoft/dotnet:sdk image. So I added a few additional command lines to download it - it would really have been nice to use an image that included dotnet and java so we don’t have to do this every time. We might create a custom image, but for now it’s not that big a deal.

The analysis works on all merge requests into dev in additional to all PRs
First thing I created the project manually from our designated MAIN BRANCH by running the following commands from the root of a local copy of the repo (replace the necessary properties):

dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /d:"sonar.host.url=https://sonarcloud.io"
dotnet build App.sln
dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"

If you are building a project as opposed to a solution, then I think the project file needs to include a ProjectGuid.

Here is the bitbucket-pipelines.yaml file:

NOTE: If you want to analyse multiple branches use the format {dev, master, qa} - you get the idea

image: microsoft/dotnet:sdk

pipelines:
  branches:
    "{dev}":
      - step:
          name: Running SonarCloud Analysis
          services:
            - docker
          script:
            - apt-get update
            - apt-get install --yes --force-yes openjdk-8-jre
            - export PATH="$PATH:/root/.dotnet/tools"
            - dotnet tool install --global dotnet-sonarscanner
            - dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
            - dotnet build App.sln
            - dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
  pull-requests:
      '**': #this runs as default for any branch not elsewhere defined in this script
      - step:
          name: Running SonarCloud Analysis
          services:
            - docker
          script:
            - apt-get update
            - apt-get install --yes --force-yes openjdk-8-jre
            - export PATH="$PATH:/root/.dotnet/tools"
            - dotnet tool install --global dotnet-sonarscanner
            - dotnet sonarscanner begin /k:"project.key" /d:"sonar.login=${SONAR_TOKEN}" /o:"organization-name" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
            - dotnet build App.sln
            - dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"
definitions:
  services:
    docker:
      memory: 3072 # increase memory for docker-in-docker from 1GB to 3GB
6 Likes
SonarCloud branch has no lines of code - bitbucket pipelines - sonarsource/sonarcloud-scan
. NET CORE Mvc application is failing to scan
SonarCloud Integration with Bitbucket not analysing C# files
How to install SonarScanner for .NET with SonarCloud and BitbucketCloud?
Willing to pay for help setting up first scan
Sonarcloud-scan not scanning c# files in bitbucket pipelines
Bitbucket Pipelines - Is Node.js available during analysis? ERROR
Integrate Sonar Cloud
Quality gate has not been computed for project -Error
Bitbucket pipeline with Dotnet Core
SonarCloud and C# (.net framework)
C# option not displaying in bitbucket pipelines configuration tutorial
.cs files not scanned in .NET framewok 4.6.1 project
C# option not displaying in bitbucket pipelines configuration tutorial
Doesn't detect .NET projects?
#12

Thanks a lot for contributing this! :slight_smile:
Bookmarked!

#13

@dibbdob - lifesaver; thanks for the above… now to get rid of the code smells I’ve just been informed about :wink:

1 Like
#14

Hi Alexander.

Thanks, your more than welcome.

If you get a chance to speed up the build with a custom image that includes the scanner (instead of downloading it every time I’d be very interested to use that instead. Perhaps some cache definitions in the pipeline might work just as well.

I might get around to creating a new image as, but probably not in the near future. Fingers crossed someone beats me to it - always too much to do and never enough time!

Good luck with the code smells!!!

#17

I am getting following error message, do you know what I am doing wrong here?

  • apt-get --assume-yes install openjdk-8-jre
    Reading package lists…
    Building dependency tree…
    Reading state information…
    E: Unable to locate package openjdk-8-jre
#18

Hi Mahendra,

You’ve got something slightly different to my configuration - perhaps that’s the reason. I’m just guessing here as my experience in this area is somewhat limited.

Just a couple of points:

Are you running apt-get update beforehand?
Can you use what I originally posted up for the install:

apt-get install --yes --force-yes openjdk-8-jre

or have you had to modify it?

By the way, if you do get this working and can get back with some suggested improvements then I’d really appreciate it.

#19

Hi @dibbdob,

When I have tried using the above yml to do the code analysis for . Net in bitbucket, I’m landing with the following error:

Nothing to do. None of the projects specified contain packages to restore.
/usr/share/dotnet /sdk/2.2.207/Microsoft.common.currentversion.targets(1183,5):error MSV3644: The reference assemblies for framework “. NETFRAMEWORK, Version=4. 5” were not found. To resolve this, install the SDK or targeting pack for this framework version or retsrget your application to a version of the framework for which you have the SDK or targeting pack installed. Note that assemblies will be resolved from the global assembly cache and wi be used in place of reference assemblies.

There seems to be a version dependencies while running the. Net framework of 4.5 version.
Can you suggest how to get rid of this error… Do we have any alternative solution to run the Pipeline for 4.5 version?

#20

Hi @dibbdob,
I’ve followed the same process by taking the above yml file,
But the build is failing with the following error:

Task “MSBUILD” execution - - FAILED
Warnings : /opt/atlasssian/agent /build/B. Sln warning : opt/atlasssian/agent /build/A/A.csproj : DATA at the root level is invalid. Line 1 position 1
opt/atlasssian/agent /build/B.sln warning: Don’t know how to handle globalsection extensibility globals, ignoring.

opt/atlasssian/agent /build/B.sln (Build) - >
/usr/lib/mono/xbuild/14.0/bin/microsoft.csharp.targets (core compile target)

3 warnings
1 error

Time elapsed 00.00.05.

#21

I ran into a similar error. Did you find any solution or work around for this problem?

#22

This is a really helpful thread, has anyone created an image with the tools pre-installed, and used the dotnet 3.1 image?

When trying to set this up (my first pipeline) I am getting the following error:

+ apt-get install --yes openjdk-8-jre
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package openjdk-8-jre

For reference my bitbucket-pipelines.yml file is below.

image: mcr.microsoft.com/dotnet/core/sdk:3.1

pipelines:
  # Build and test only
  default:
    - step:
        name: Build Test and Analyze on SonarCloud
        services:
          - docker
        script:
          - export PROJECT_NAME=project.sln
          - export TEST_NAME=projectd.sln
          - export PATH="$PATH:/root/.dotnet/tools"

           # Set SonarQube prerequisites
          - apt-get update
          - apt-get install --yes openjdk-8-jre
          - dotnet tool install --global dotnet-sonarscanner

          # start scanner
          - dotnet sonarscanner begin /k:"project" /o:team /d:"sonar.host.url=https://sonarcloud.io" /d:"sonar.login=${SONAR_TOKEN}" /v:"${BITBUCKET_COMMIT}"

          # Build
          - dotnet restore
          - dotnet build $PROJECT_NAME -c Release
          - dotnet test $TEST_NAME -o:"./output/" /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:Exclude="[xunit*]*" /p:CoverletOutput="./../../../"

          # Publish Report to SonarQube
          - dotnet sonarscanner end /d:"sonar.login=${SONAR_TOKEN}"

definitions:
  services:
    docker:
      memory: 3072 # increase memory for docker-in-docker from 1GB to 3GB

Any help would be appreciated.

Thanks

#23

This was resolved by using openjdk-11-jre

#24

HI John,

Would you mind share what the cmd you use for openjdk-11-jre works for you? We have tried following no luck
script:
- apt-get update
- apt-get install --yes --force-yes openjdk-11-jre

Getting this errors on bitbucket pipeline console
+ apt-get install --yes --force-yes openjdk-11-jre

Reading package lists...

Building dependency tree...

Reading state information...

E: Unable to locate package openjdk-11-jre

Thanks,