Csharp files of subprojects are not scanned by SonarQube

How is our software special project structure:

main (contains the solution main.sln)
main\Shared.ToBasis (contains the shared CSharp sources)
main\ToBasis\R231 (contains the project to build ToBasis for AutoCAD 2019)
the subproject file ToBasis_R231.csproj contains the following line:

<Import Project="..\..\Shared.ToBasis\Shared.ToBasis.projitems" Label="Shared" />

as a reference to the location of the sources files.

The main reason for this split-up is building modules for different AutoCAD versions with a shared code base.

Our problem is that the csharp files of these subprojectes are not included anymore in a SonarQube scan.

In our TFS build log i found the following lines:

2020-02-18T15:50:59.2644907Z INFO: Indexing files of module ‘ToBasis_R230’
2020-02-18T15:50:59.2646163Z INFO: Base dir: D:\Agent.2\110\s\ToBasis\R230
2020-02-18T15:50:59.2646542Z INFO: Source paths: packages.config
2020-02-18T15:50:59.2646896Z INFO: Excluded sources for coverage: **/*.cs

this is diffentent from a subproject thats not in a submap:

2020-02-18T15:50:59.2051436Z INFO: Indexing files of module ‘XmlCommon’
2020-02-18T15:50:59.2051759Z INFO: Base dir: D:\Agent.2\110\s\XmlCommon
2020-02-18T15:50:59.2052105Z INFO: Source paths: Properties/AssemblyInfo.cs, CommonXmlException.cs, Convert.cs…
2020-02-18T15:50:59.2052467Z INFO: Excluded sources for coverage: **/*.cs

This subproject contains sources paths with files included and this subproject works fine with SOnarQube.

Then i looked in the logging of SonarQube on our build server

I found the following files FilesToAnalyze.txt

D:\Agent.2\110\s\ToBasis\Properties\AssemblyInfo.cs
D:\Agent.2\110\s\Shared.ToBasis\ArcToLine.cs
D:\Agent.2\110\s\Shared.ToBasis\CommandHandler.cs
D:\Agent.2\110\s\Shared.ToBasis\Common.cs
D:\Agent.2\110\s\Shared.ToBasis\DI\Container.cs

and this file contains all the files of the subproject. But still all of these files are not scanned by SonarQube.

I hope somebody understands what i am doing.

And hopefully somebody knows a solution.

Finally: We are working with SonarQube 7.9 and the latest versions of all scanners and we are using the SonarQube plugin on TFS version 2015.

Hello @Adrie,

Thanks for the detailed information you provided, it helps a lot !

A little bit of context here: the scanner for MSBuild currently sets the base directory to the project it is building. In your case, when building ToBasis_R231.csproj, the base directory will be main\ToBasis\R231 (as shown in the logs: 2020-02-18T15:50:59.2646163Z INFO: Base dir: D:\Agent.2\110\s\ToBasis\R230). This is where the problem comes from, since the shared files are outside this base directory, even if they were detected and added to the FilesToAnalyze.txt list, they will not be resolved properly.

To avoid this issue, the base directory should manually be set to the common parent directory, so that all source files that needs to be analyzed will be found when running the analysis.
Can you try to add the following property /d:sonar.projectBaseDir={pathToMainFolder} (this property can also be set relatively using /d:sonar.projectBaseDir=../.. in your case, since the common parent directory is 2 level higher) to the begin step of the sonarscanner, this should allow for the shared files to be found by the analyzers.
Ex: dotnet sonarscanner begin /k:myProjectSharedTest /d:sonar.projectBaseDir=.. {other_scanner_properties}

Let me know if this fixes the issue for you.

Best,
-Chris

Hi Chris,

Finally i had time to try your solution.

I’ve tried to add the following parameters to the “Prepare the SonarQube analysis” task in TFS.

sonar.projectBaseDir=$(Build.SourcesDirectory)

and the second option:

sonar.projectBaseDir=…/…

both parameters doesn’t change annything and the csharp files in the subfolders are not included in the sonarqube scan. I tried to find out if i can check somewhere if this parameter is used. Do you know where i can find this information.

Regards,
Adrie

Hello Adrie,

Just to be sure, when you say you tried the second option sonar.projectBaseDir=…/…, can you confirm it’s a typo in the posted message and that the actual parameter you tried was: sonar.projectBaseDir=../.. ?

Ok, if this did not work for you, could you try to add the /d:sonar.verbose=true parameter (See https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/) to the begin step of the analysis, and then share the full log of the end step of the analysis. These debug logs should display more information and would help to find the root of the issue.

Thanks.

Best,
-Chris

Hi Chris,

I can confirm that I use two dots instead three in my post.

sonar.sourceEncoding=windows-1252
sonar.projectBaseDir=…/…
sonar.verbose=true

I’ve added now verbose parameter.

I’am working with the integrated with SonarQube scanner within TFS. Thats way i cannot use the commandline parameter as you mentioned, but within TFS there is a possibility to enter additional parameters.

In the log I found that the parameter sonar.projectBaseDir still point to the folder where the solution resides and not to the folder where the source code can be found. In the following (sub)project this should be D:\Agent.2\110\s\Shared.ToObject. This means the shares sources are still not found of used by SonarQube.

2020-03-27T14:56:22.4509405Z 5264DF0F-9145-4D96-92F1-5F999B48447F.sonar.projectName=ToObject_R231
2020-03-27T14:56:22.4509605Z 5264DF0F-9145-4D96-92F1-5F999B48447F**.sonar.projectBaseDir**=D:\Agent.2\110\s\ToObject\R231
2020-03-27T14:56:22.4509818Z 5264DF0F-9145-4D96-92F1-5F999B48447F.sonar.sourceEncoding=windows-1252
2020-03-27T14:56:22.4510015Z 5264DF0F-9145-4D96-92F1-5F999B48447F.sonar.sources=\

If necessary I can upload the full logging.

Kind Regards,
Adrie

Hi Andrie,

I’ve tried to reproduced your scenario and this is what happened: First run of scanner end step starts like this, with warning about what’s going to happen.

SonarScanner for MSBuild 4.7.1
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
WARNING: File 'C:\Projects\WithShared\Shared\SharedClass.cs' is not located under the root directory 'C:\Projects\WithShared\SmazatWithShared' and will not be analyzed.
Calling the SonarQube Scanner...

This file was not indexed as warned. Then I’ve changed the relative dir by adding projectBaseDir argument (it’s only one dir up in my case, you should keep …/…)

SonarScanner.MSBuild.exe begin /k:"WithShared" /d:sonar.projectBaseDir=..

And the warning disappeared. Shared file was indexed.

So far it looks that there’s something wrong with passing the argument to begin step. Do you have the /d: prefix there?

Hi Pavel,

In you’re example you are using the command-line version of the SonarScanner.

In my situation i am using the SonarQube plugin on TFS (Team Foundation server).

In this plugin there’s no need to enter parameters in the same syntax as the commandline interface. For the plugin you set parameters in the key=value format.

Like:
sonar.verbose=true
sonar.sourceEncoding=windows-1252
sonar.projectBaseDir=…/…

But still this has no effect. I tried it with a relative path and with a absolute pad, both without any success. Probably this doesn’t work with the SonarQube plugin on TFS.

But last Friday i found a work-around for this problem. In this work around i moved all the shared folders back to a map below one of the projects, when i am getting all the sources for the automatic build in TFS. With a search and replace action (a task in TFS), i replaced the location of the project files in the solution and other project files. It was a little work to setup a new build procedure under TFS, but now i have SonarQube results again.

So probably you’re solution works for command-line scanners, but it isn’t a solution in our environment with TFS.

For now i can continue.

Thanks for your reaction.

Kind regard,
Adrie

Hi Adrie,

Sorry I missed that point. Scanner for TFS embeds Scanner for MSBuild under the hood so the behaviour should be the same.

Can you please try to:

  • share full logs,
  • clarify what exact version of scanner do you have (you’ve mentioned “latest” at the beginning),
  • find some other place in your SQ project/config files/environment that is already setting this variable and overriding it? Although explicit scanner parameter should have highest priority.

I’ve installed TFS 2015 and SQ extension. There’s Advanced/Additional settings field for additional command line arguments. Can you try to use /d:sonar.projectBaseDir=..\.. there?