Different scan reports for same repository

richa · June 15, 2023, 7:38am

ALM used - Azure DevOps
CI system used - Azure DevOps
Scanner command used when applicable (private details masked)
Languages of the repository - C#
Error observed - We are trying to run scans in PR and build pipelines. Our source code is in repo-1 and yaml pipeline code is in repo-2. When PR or build pipeline is triggered, we are not able to see scan data in the scan report. All vital scan parameters are showing as 0.

image1096×562 33.2 KB

But when we run classic pipelines on same repo we are seeing different scan results.

image1085×577 41.2 KB

Can you please help us in resolving the issue.

Colin · June 16, 2023, 7:48am

This probably has something to do with how the code is being checked out from source control (say, a shallow versus a full clone). Do you see any differences in the pipeline logs regarding the checkout?

richa · June 19, 2023, 10:21am

Hi Colin,

Can you please confirm if this will this make a difference in the scan results in both of the the scenario mentioned.

Colin · June 19, 2023, 1:25pm

This will make a difference in the detection of new code (which code changed in your pull request) – which your classic pipeline appears to be better at than your YAML-based pipeline.

richa · June 20, 2023, 6:32am

Hi Colin,

We tried creating yaml pipeline from the same repo where we have our source code available. We are getting same results as with classic pipelines. The results are different and gives 0 for all vital scan parameters only when source code and pipeline yaml are in different repos.

Colin · June 21, 2023, 7:49am

Thanks.

To be honest, I’m a bit rusty about what feature of Azure DevOps allows this. Can you point me to any documentation about this?

richa · June 23, 2023, 12:09pm

Hi Colin,

Below is the high level git repo setup. We have only basic skeleton and reference in repo-1. Our YAML code is in different repo. Please let us know is it would be possible to connect over some bridge.

richa · June 27, 2023, 8:19am

Hi Colin,

Any thoughts on the shared existing setup.

Colin · June 30, 2023, 4:14pm

Hey there.

This is a free community forum – we won’t be able to connect over a bridge.

Can you share your Azure DevOps pipeline for repo 4 (which references the other repositories, 1-3)?

richa · July 4, 2023, 4:12am

Hi,

Below are the steps we are including in repo-4 yaml.

Colin · July 5, 2023, 4:25pm

Can you please share the text, rather than a screenshot?

richa · July 13, 2023, 6:24am

# DotNet Restore
  - task: NuGetCommand@2
    displayName: NuGet restore

  # Prepare Sonar Cloud
  - task: SonarCloudPrepare@1
    displayName: Prepare Sonar Cloud
    inputs:
     SonarCloud: '***'
     organization: '***'
     projectKey: '***'
     projectName: '***'
     
  # Build the Source Code    
  - task: MSBuild@1
    displayName: Build the Source Code
  
  # Perform Unit Tests on source code
  - task: VSTest@2
    displayName: Perform Unit Tests on source code
    enabled: false
    inputs:
      testSelector: 'testAssemblies'
      testAssemblyVer2: |
        **\*test*.dll
        !**\*TestAdapter.dll
        !**\obj\**
      searchFolder: '$(System.DefaultWorkingDirectory)'
      codeCoverageEnabled: true

  # Publish Test Results      
  - task: PublishTestResults@2
    displayName: Publish Test Results
    enabled: false
    inputs:
        testResultsFormat: VSTest
        testResultsFiles: "$(Agent.TempDirectory)/**.*trx"
        mergeTestResults: true

  # Run Sonar Cloud Analysis
  - task: SonarCloudAnalyze@1
    displayName: Run Sonar Cloud Analysis        

  # Publish Results to Sonar cloud
  - task: SonarCloudPublish@1
    displayName: Publish Results to Sonar cloud
    inputs:
     pollingTimeoutSec: '300'

richa · July 13, 2023, 6:24am

Hi,

Please find the pipeline steps above.