I have a .NET 5 application that is being scanned for review in SonarCloud. I have the project setup correctly as far as I can see and scans are making it into SonarCloud. BUT… it doesn’t appear to be registering any code smells or security issues. It just gives it an A grade and shows zero issues.
I intentionally added a hard coded password to the Program → Main() method to throw a security issue. But it looks like it ignored it. Below is a screenshot showing that SonarCloud sees the correct code, that it was recently added, but it doesn’t show any problems with it.
Any thoughts on what I might be missing on successfully scanning this C# code?
So I initially deleted this post thinking I was re-asking a question I had asked before. SonarCloud not catching intentional hard-coded password
BUT… I have added the
<SonarQubeTestProject>false</SonarQubeTestProject> to each of the projects and removed references to any project with “Test” in the name, but I still cannot get it to scan.