Different scan reports for same repository

  • ALM used - Azure DevOps
  • CI system used - Azure DevOps
  • Scanner command used when applicable (private details masked)
  • Languages of the repository - C#
  • Error observed - We are trying to run scans in PR and build pipelines. Our source code is in repo-1 and yaml pipeline code is in repo-2. When PR or build pipeline is triggered, we are not able to see scan data in the scan report. All vital scan parameters are showing as 0.

    But when we run classic pipelines on same repo we are seeing different scan results.

Can you please help us in resolving the issue.

This probably has something to do with how the code is being checked out from source control (say, a shallow versus a full clone). Do you see any differences in the pipeline logs regarding the checkout?

Hi Colin,

Can you please confirm if this will this make a difference in the scan results in both of the the scenario mentioned.

This will make a difference in the detection of new code (which code changed in your pull request) – which your classic pipeline appears to be better at than your YAML-based pipeline.

Hi Colin,

We tried creating yaml pipeline from the same repo where we have our source code available. We are getting same results as with classic pipelines. The results are different and gives 0 for all vital scan parameters only when source code and pipeline yaml are in different repos.


To be honest, I’m a bit rusty about what feature of Azure DevOps allows this. Can you point me to any documentation about this?

Hi Colin,

Below is the high level git repo setup. We have only basic skeleton and reference in repo-1. Our YAML code is in different repo. Please let us know is it would be possible to connect over some bridge.

Hi Colin,

Any thoughts on the shared existing setup.

Hey there.

This is a free community forum – we won’t be able to connect over a bridge. :slight_smile:

Can you share your Azure DevOps pipeline for repo 4 (which references the other repositories, 1-3)?


Below are the steps we are including in repo-4 yaml.

Can you please share the text, rather than a screenshot?

# DotNet Restore
  - task: NuGetCommand@2
    displayName: NuGet restore

  # Prepare Sonar Cloud
  - task: SonarCloudPrepare@1
    displayName: Prepare Sonar Cloud
     SonarCloud: '***'
     organization: '***'
     projectKey: '***'
     projectName: '***'
  # Build the Source Code    
  - task: MSBuild@1
    displayName: Build the Source Code
  # Perform Unit Tests on source code
  - task: VSTest@2
    displayName: Perform Unit Tests on source code
    enabled: false
      testSelector: 'testAssemblies'
      testAssemblyVer2: |
      searchFolder: '$(System.DefaultWorkingDirectory)'
      codeCoverageEnabled: true

  # Publish Test Results      
  - task: PublishTestResults@2
    displayName: Publish Test Results
    enabled: false
        testResultsFormat: VSTest
        testResultsFiles: "$(Agent.TempDirectory)/**.*trx"
        mergeTestResults: true

  # Run Sonar Cloud Analysis
  - task: SonarCloudAnalyze@1
    displayName: Run Sonar Cloud Analysis        

  # Publish Results to Sonar cloud
  - task: SonarCloudPublish@1
    displayName: Publish Results to Sonar cloud
     pollingTimeoutSec: '300'


Please find the pipeline steps above.