C# Analysis runs in 0ms, Returns no results with Standalone Scanner

scanner

(dave) #1

We’re experiencing an issue where an analysis of C# files succeeds in 0ms and returns no results (not expected behavior for the given PR; designed to fail many rules). Our T-SQL and Typescript files are being correctly analyzed and picking up the correct rules, only our C# file returns no results. When we run the scanner integrated with MSBuild, we DO get C# results, but we lose our T-SQL results. As well, the build step is intractably long (>15min) for our needs.

Let us know if there’s any logs we should include. We’ve been reading the forum and have found similar sounding issues, but none of the resolutions have worked for us.

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    4.4.1 - classic sonar scanner MSBuild
    Sonar for Bitbucket Integration plugin

  • what are you trying to achieve
    We submitted a test PR with code that will intentionally break rules for C#, Typescript, and T-SQL. We do not get results from a successful analysis of C#. The other two languages analyze correctly.

  • what have you tried so far to achieve this
    -with build or stand alone
    -incremental or full analysis
    -different configurations of sonar.inclusions


(Amaury Levé) #2

Hi @dwick,

The behavior is a bit weird at first but here is the explanation:

YOU HAVE TO use the scanner for msbuild if you want to analyze some C# or VB.NET code. That’s why when using the scanner cli you don’t see any issue or anything for the C# code.

The downside of using the scanner for msbuild is that it restricts the elements analyzed to the list of files included in some msbuild project (.csproj, .vbproj…). That’s probably why your T-SQL is not being analyzed.

So in order to analyze everything you have 2 options:

  1. You run 2 analysis, one through the scanner for msbuild for your c# code and one through the scanner cli for the rest. This implies that you have 2 different projects on SonarQube/SonarCloud side as we don’t support incremental analysis.

  2. You create some dummy project (that you include in your solution) and you include all the files (currently not included) so that the analyzers picks them up.

I hope my answer is clear enough for you.

Cheers,
Amaury


(dave) #3

Hi @Ammo,
Thanks for your speedy reply. Ok this explains the our troubles.

For option 1, this is a possibility for us but not preferred. If we take this approach, is it possible to import the results from both projects into a single Bitbucket PR (using Sonar for Bitbucket)? Or would one analysis overwrite the other? This would be a deal-breaker for us.

Option 2 is preferred for us, but the build step is impractical to run on every PR (now >20 minutes). For some reason, MSBuild takes nearly twice as long as when we build or project on TFS. Do you have any advice or insight as to how we can run a quick C#, Typescript, and T-SQL analysis on PRs? Perhaps there’s a way to use SonarLint in TFS? We don’t need perfection, just something that doesn’t completely overload our resources.

Thanks for your help.
-dave


(Amaury Levé) #4

Sadly with option 1, as you anticipated, the PR comments will be overwritten by the results from the other analysis (last analysis wins).

Regarding the option 2, we are aware of the performance problem and we are currently investigating multiple paths into solving/improving it. At the time we speak, I am afraid that you will have to wait for the analysis.