C# files analysis not showing up in SonarQube

  • SonarQube Server v25.5.0.107428
  • dotnet-sonarscanner for MSBuild 10.1.2
  • Running SonarQube locally as a Docker container
  • Analyze a C# solution

I am trying to analyze a Visual Studio solution with a mix of C#, TypeScript, CSS, HTML etc.

I’m using the dotnet sonarscanner with the following command (I started with a more barebones command but I’ve been trying various things to get it working):

dotnet sonarscanner begin /k:"project-key" `
    /d:sonar.host.url="http://localhost:9090" `
    /d:sonar.projectBaseDir="D:\code\project\" `
    /d:sonar.scanner.scanAll="false" `
    /d:sonar.language="cs" `
    /d:sonar.token="$token" `
    /d:sonar.exclusions="**/node_modules/**,**/bin/**/*,**/obj/**/*" `
    /d:sonar.sourceEncoding="UTF-8" `
    /d:sonar.verbose=true

The analysis runs and finishes and I can see data in the SonarQube web UI but only for non-C# issues. The issues for all C# code don’t show in SonarQube.

Looking at the verbose log I can see the scanner finding C# issues like:

D:\code\project\src\something\ExtensionMethods.cs(49,23): warning S3260: Private classes which are not derived in the current assembly should be marked as 'sealed'. (https://rules.sonarsource.com/csharp/RSPEC-3260) 

So I know things are working locally.

In the analysis step I do see lots of these errors:

No Code Analysis ErrorLog file found at obj\Release\net8.0\\csc_diagnostics.json.
11:11:47.38  No Code Analysis ErrorLog file found at obj\Release\net8.0\\csc_diagnostics.json.
11:11:47.38  No Code Analysis ErrorLog file found at obj\Release\\csc_diagnostics.json.

And these:

WARNING: File 'D:\packages\NuGet\microsoft.net.test.sdk\17.13.0\build\netcoreapp3.1\Microsoft.NET.Test.Sdk.Program.cs' is not located under the base directory 'D:\code\Project\' and will not be analyzed.
File was referenced by the following projects: 'D:\code\Project\tests\Something.csproj',

And finally:

WARN: No Roslyn issue reports were found. The C# files have not been analyzed. You can get help on the community forum: https://community.sonarsource.com

Any idea what might be wrong and how to debug this?

My goal is to get a working scan and see if this data might help us with some code improvements we have planned before looking at purchasing SonarCloud.

Hey @Wouter_de_Kort!

It does seem super weird that you get the S3260 message during your build (clearly an SQ issue) but nothing is analyzed via dotnet sonarscanner end. Could you share the complete logs from dotnet sonarscanner end?

If that’s not possible, but you can reproduce the issue on a small sample project (with dummy code), that would be just as useful!

Hi @Colin ,

is there a secure way I can send you these logs?

Hi there, @Wouter_de_Kort

Generally speaking, you should not need to indicate the projectBaseDir property.
If you run the scanner from the root of the repo, it should figure out the right locations.
Can you try without this property?

Also, is there a reason you specify sonar.language?

Denis

I started without projectBaseDir and without sonar.Language but that didn’t work. The current script is just me trying out a bunch of different things hoping to it get it working.

The end result is the same with or without these extra switches.

It would be great if you could share them, redacted as neccessary. See our policy here.

Redacted is not an option. The logs contains all our project and file names. The policy mentions that we can share things privately but not how to do that?

Hey @Wouter_de_Kort

This is a community forum–our default is transparency. We typically accept logs privately when logs that have made an initial effort to be redacted do not give us enough information. In those cases, we initiate a private message with the user.