Hi Team,
I just ran a scan of my dotnet project and at the top is show that 249 lines of code was scanned. In the dashboard, under Duplications, it shows me that I have about 1.8k lines of code. How do I know if my entire code / project was scanned?
Hi,
Welcome to the community!
How did you analyze? Did you use the SonarScanner for .NET? In conjunction with a full rebuild?
Ann
Hi Ann, thank you for your response. I utilized the integrated SonarQube extension provided within Azure DevOps Pipelines to perform the code analysis. This built-in analyzer was configured as part of our CI/CD pipeline.
Hi,
Can you share your pipeline?
Ann
Here is it Ann:
stages:
- stage: sonarScan
jobs:
- job: sonarqube_check
displayName: SonarQube Check
condition: eq(variables\['Build.SourceBranchName'\], 'dev')
steps:
- task: SonarQubePrepare@7
inputs:
SonarQube: 'my_sonar_connection'
scannerMode: 'cli'
cliScannerVersion: '7.3.0.5189'
configMode: 'manual'
cliProjectKey: 'Message'
cliProjectName: 'Message'
cliSources: '.'
extraProperties: |
sonar.branch.name=$(Build.SourceBranchName)
\# sonar.sources=.
\# sonar.inclusions=Services/\*\*,IAC/\*\*
- task: SonarQubeAnalyze@7
inputs:
jdkversion: 'JAVA_HOME'
\# extraProperties: |
\# sonar.branch.name=$(Build.SourceBranchName)
\# sonar.sources=.
\# sonar.inclusions=Services/\*\*,IAC/\*\*
- task: SonarQubePublish@7
inputs:
pollingTimeoutSec: '300'
Hi,
Thanks for sharing your pipeline. Here’s your problem:
You’re not going to be able to analyze a .NET project with the CLI scanner. In an ADO context, you need to ‘prepare’, build, then
analyze. Take a look at the sample pipeline.
HTH,
Ann