Cant get sonarcloud results after dotnet build on azure devops

Hi,

I’m trying to integrate sonarcloud into azure devops but I can’t get any significant data on the dashboard even if there are several warnings when building the dotnet project. The report is definitely being transmitted as I can see it on the dashboard. Below the build yaml.
Any clue on that?

- task: SonarCloudPrepare@1
    displayName: 'SonarCloud Prepare'
    inputs:
      SonarCloud: 'XXX'
      organization: 'XXX'
      scannerMode: 'MSBuild'
      projectKey: 'XXX'
      projectName: 'XXX'

- task: UseDotNet@2
    displayName: 'Use .Net'
    inputs:
      packageType: "sdk"
      version: "5.0.x"

- task: DotNetCoreCLI@2
    displayName: 'New Manifest for tool'
    inputs:
      command: custom
      custom: 'new '
      arguments: tool-manifest

  - task: DotNetCoreCLI@2
    displayName: 'Install EF Tool'
    inputs:
      command: custom
      custom: 'tool '
      arguments: install dotnet-ef

  - task: DotNetCoreCLI@2
    displayName: 'dotnet restore'
    inputs:
      command: 'restore'
      projects: 'src/PROJECT/project.csproj'
      feedsToUse: 'select'

  - task: DotNetCoreCLI@2
    displayName: 'dotnet build'
    inputs:
      command: 'build'
      projects: 'src/PROJECT/project.csproj'
      arguments: '-c Release'

  - task: SonarCloudAnalyze@1
    displayName: 'SonarCloud Analyse'

  - task: SonarCloudPublish@1
    displayName: 'SonarCloud Publish'
  • ALM used : Azure DevOps
  • CI system used : Azure DevOps
  • Scanner command used when applicable (private details masked)
  • Languages of the repository : C#

Ali

Hey there.

What do you see on SonarCloud that makes you think not all the data is making its way to SonarCloud? A screenshot would be best.

Hi Colin,

It’s all green which is not reflecting the real code quality :wink:
Besides, sonar generates all the warnings during the build, which is fine but they are not reported in the dashboard.

Hey there.

It looks like you’ve so far run a pull request analysis (or analysis of a short-lived branch) – rather than an analysis of your main branch.

In such an analysis, only New Code is represented (code changed in the pull request or branch).

Have you tried executing your build with the SonarCloud tasks added against your main branch?

It is indeed a separate branch which is built. Our policy is to build and test a features branch before pushing to main branch and part of the control is a good code quality which has to get a code score before merging to main. Am I missing the whole sonar philosophy here?

When analyzing a pull request or short-lived branch, a delta is computed so that issues are only raised on changed lines (the New Code being introduced)

For these analyses, the goal is to fixed the issues raised on New Code (and addressing other measures: like Coverage on New Code) until your code meets the standards in your Quality Gate, at which point you can be sure that you’re merging Clean Code into your main branch. I think we’re aligned on this goal!

(for technical reasons regarding how C# analysis is implemented, you will see issues for your entire codebase raised as warnings in your Azure DevOps build step)

On your main branch (or any long-lived branches) a full analysis is done that reports issues on all code, but breaks your code down into New Code and Overall Code. This is all in pursuit of our Clean as You Code philosophy.

So from what you’ve shown me – you have a branch/pull request analysis that has no changed lines (and therefore, no new code to raise issues on). If everything is working as expected, when you execute analysis on your Main Branch you should see issues being reported.

Hi @Colin ,

Thank you for the explanation. Is there a way to analyse pull requests on azure devops?

Hey there.

Check out this documentation on Branch and Pull Request Analysis when using the SonarClou Extension for Azure DevOps