I am currently using SonarQube Enterprise edition (9.6.1.59531).
I am using AzureDevOps pipeline integrated with SonarQube. All the three SonarQube tasks (Prepare analysis Configuration, Run Code Analysis, Publish Quality Gate Result) are added to the pipeline. “Integrate with MSBuild“ scanner is configured in Prepare analysis Configuration task. Pipeline is running fine.
I want to add two more projects(folders) to the above pipeline.
Is it possible to add two more “Prepare analysis Configuration” tasks one after another in the above AzureDevOps pipeline with “Use Standalone Scanner” configured for the two tasks. Each “Prepare analysis Configuration” task points to different “Sources directory root” (example, ParentFolder/Database, ParentFolder/SubFolder/SHS.SmartCareWeb)
If it is not feasible/possible what is the best Solution to configure the three different projects?
So I got below idea to simulate your suggestion ( prepare, run, publish, repeat)
I ran the same project folder with Standard scanner once and next time with MSBuild scanner. Standard scanner results are overwritten with MSBuild scanner results.
It looks like we can not configure two scanners in one pipeline.
Please let me know if you find a solution for my business case.
I did manual scan in community edition.
One time with standard scanner ( prepare, run, publish) and second time with MSBuild scanner( prepare, run, publish). The project (name) in the SonarQube is same for both the scans.
Hmm… Maybe I’m the one missing something. Specifically:
I guess the project key is the same too. So the replacement you’re complaining about is the normal and expected behavior. It looks like you’re going to need to analyze all your code in the .NET analysis.
See the “Analzying languages other than C# and VB” topic in the docs
I already configured “.Net scanner”. It is running with purchased license. “.Net scanner” requires .sln file. One of the projects in the solution is not picked up by the “.Net scanner”, The reason being it is legacy Web Site project. I am using standard scanner to scan this project separately manually.
Now we are planning to scan database files. This project is independent of the projects I discussed above. I need to use standard scanner here as well.
Our pipeline has all the code as different tasks. we are targeting few tasks (few projects) in it as discussed above.
The docs link I gave you tells how to get your other code into your .NET analysis. Your other option is to pass a different sonar.projectKey for the other two analyses.
ProjectKey will be one as the project is pulled from AzureDevOps.
Regarding your second suggestion, below text from the documentation link that you shared says:
===
For older-style projects, the scanner will only analyze files that are listed in the .csproj or .vbproj project file. Normally this means that only C# and VB files will be analyzed. To enable the analysis of other types of files, include them in the project file.
More specifically, any files included by an element of one of the ItemTypes in this list will be analyzed automatically. For example, the following line in your .csproj or .vbproj file
<Content Include=“foo\bar*.js” />
==
My project is “Web Site project”. so, it does not contain project file (“.csproj”).
I have created a separate project manually in SonarQube. This project is integrated with AzureDevOps pipeline. Project key is different as it is separate project. I think it should work. I will request a trial license to check it. It solves scanning of Database files. Thanks for your suggestion.
I have another project (Website project) along with other Dotnet projects. All these projects are configured as one task in AzureDevOps pipeline. I configured Dotnet scanner around this task. It scans all the projects except the Website project.
Is there any solution to scan the files present in the Website project folder?.
This suggestion helps for scanning Database Task. Please see the below Pipeline & Tasks.
AzureDevOps pipeline:
Agent 1
Prepare Analysis Configuration - Standard scanner Database Task - Your Override suggestion solves scanning this task
Run Code Analysis
Publish Quality Gate Result
Some Other Task 1 - not configured for scan
Some Other Task 2 - not configured for scan
Prepare Analysis Configuration - MSBuild scanner DotNet code Task - This task contains Website Project, DotNet Project 1 to N
Run Code Analysis
Publish Quality Gate Result
Some Other Task 3 - not configured for scan
Some Other Task 4 - not configured for scan
I have been running MSBuild scanner around the DotNet code Task. This task contains Website project and a few other DotNet projects. The scanner scans all the projects except Website Project.
Is there any way to scan the Website Project? If yes, how can we do it?
I know this limitation. We can not scan Website project with MSBuild scanner.
But we can scan Website project with Standard scanner (I am doing it manually locally in another machine).
My intentions is to scan Website project as part of the above Pipeline so than I can avoid scanning manually. I am looking for alternatives. Do you have any suggestion in this direction?