Dockerfile indexed with language 'null'

Hi community!

Hello.
I have a pipeline that runs a scan on a Dockerfile.
When running the pipeline, the file is found but not parsed.

I have tried addressing the scan directly to the Dockerfile. I have also done this by addressing the scan to the folder containing the file.

I have created a different project with a different Dockerfile and a new pipeline, but the problem persists.

I really appreciate any help you can give me

  • ALM used : Azure DevOps

  • CI system used : Azure DevOps

  • Languages of the repository : Only Dockerfile

  • Private repository

  • Error observed:

The Dockerfile is found but is not analyzed.
This is the SonarCloud Analisys Log

12:37:23.119 DEBUG:   * VB.NET => "vbnet"
12:37:23.119 DEBUG:   * Python => "py"
12:37:23.119 DEBUG:   * T-SQL => "tsql"
12:37:23.119 DEBUG:   * JavaScript => "js"
12:37:23.119 DEBUG:   * TypeScript => "ts"
12:37:23.119 DEBUG:   * CSS => "css"
12:37:23.119 DEBUG:   * COBOL => "cobol"
12:37:23.119 DEBUG:   * PHP => "php"
12:37:23.119 DEBUG:   * ABAP => "abap"
12:37:23.119 DEBUG:   * YAML => "yaml"
12:37:23.119 DEBUG:   * JSON => "json"
12:37:23.120 INFO: Quality profile for xml: Sonar way
12:37:26.546 INFO: Sensor XML Sensor [xml] (done) | time=261ms
12:37:26.546 INFO: Sensor TextAndSecretsSensor [text]
12:37:26.976 INFO: 1 source file to be analyzed
12:37:26.976 INFO: 1/1 source file has been analyzed

12:37:27.001 INFO: Sensor IaC Docker Sensor [iac]
12:37:27.011 INFO: 0 source files to be analyzed
12:37:27.083 INFO: 0/0 source files have been analyzed
12:37:27.084 INFO: Sensor IaC Docker Sensor [iac] (done) | time=83ms

  • Steps to reproduce

PipelineConfiguration (yaml file)

trigger: none

pool:
  vmImage: ubuntu-latest

steps:
- checkout: self 
  fetchDepth: 0
  
- task: SonarCloudPrepare@1
  inputs:
    SonarCloud: '***'
    organization: '***'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: '***'
    cliProjectName: '***'
    cliSources: 'SonarCloud/sonar-docker'
    extraProperties: |
      sonar.verbose=true

- task: SonarCloudAnalyze@1
  displayName: 'Run SonarCloud analysis'

- task: SonarCloudPublish@1
  displayName: 'Publish results on build summary'

SonarCloud Config

sonar.docker.activate=true
sonar.docker.file.patterns=Dockerfile,*.dockerfile

Scanning a repo with Automatic analysis does not scan Dockerfile

  • ALM used : GitHub
  • CI system used: None (Automatic analysis; otherwise : GitHub actions)
  • Scanner command used when applicable: None
  • Languages of the repository: PHP, HTML, Docker, YAML
  • Error observed: None
  • Steps to reproduce
  1. Turn on automatic analysis
  2. Look at files scanned project>main branch>code: files can be seen but no Dockerfile
  3. No rule triggered on the Dockerfile
  • Potential workaround
    Nope.
  1. commit a .sonarcloud.properties file with:
    # Path to sources
    sonar.sources=./
    sonar.exclusions=tests/**/*,doctrine_migrations/**/*
    sonar.tests=tests/
    sonar.php.coverage.reportPaths=coverage/coverage.xml
    sonar.docker.file.patterns=Dockerfile,**/Dockerfile,**/*.dockerfile,**/Dockerfile.*,**/*.dockerfile.*

Same behavior. No Dockerfile in the list of scanned files.

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hi,

Welcome to the community!

I suppose that sonar.docker.file.patterns value is what you’ve come to in your attempts to make this work?

You don’t need to specify full paths, and I suspect the fact that you have isn’t helping.

The default value for this is Dockerfile,*.dockerfile. I guess that didn’t work for you? Or perhaps, based on your value, Dockerfile,*.dockerfile, Dockerfile.*.

 
Ann

Yes Ann, you are right: those values in .sonarcloud.properties is the result of quite a few run-fail-and-try-something-else attempts…

It all started with automatic analysis with all the default settings ignoring a Dockerfile at the root of the repo. Here, I made a simple test case to reproduce:

  1. Created a public repo with a single Dockerfile file at GitHub - Evaneos/sonarcloud-test-case
  2. In SonarCloud added this project as a new project, Next, Next, Next.
  3. Waited a bit for first analysis.
  4. Result : No analysis. SonaCloud web now reads Automatic analysis not recommended : “No languages detected in your repository”.
    Was expecting : at least one issue in this Dockerfile (this one Docker static code analysis | Security Hotspot: Allowing shell scripts execution during package installation is security-sensitive)

Guillaume

Hi Guillaume,

Thanks for the confirmation. I kinda figured it was the case, especially since another SonarCloud user reported pretty much the same thing (but with standard file patterns) at the same time.

And since I do think this is the same thing, I’m going to move this into that other thread, which is already flagged for the language specialists.

 
Ann

1 Like

Hi @juanfer007,

Are you using autoscan or your own CI?

 
Thx,
Ann

Hi Ann

We are using autoscan.
My company has a paid plan of SonarCloud and our service connection uses our SonarCloud Token.

Thank you.

1 Like

Hello @juanfer007 ,

We think we found the underlying issue and are working on a fix that should be ready soon. I’ll update this thread once it is in production.

2 Likes

Hi Martin Bednorz

Do you have any news about this issue ?

Thanks so much.

1 Like

The fix should be released. Could you try again?

3 Likes

Hello Martin Bednorz

Yes. I confirm that’s working.

Thanks so much.

12:33:41.971 DEBUG: 'SonarCloud/sonar-docker-demo/Dockerfile' indexed with language 'docker'
12:33:45.157 DEBUG: 'SonarCloud/sonar-docker-demo/Dockerfile' generated metadata with charset 'UTF-8'
12:33:45.166 INFO: 1 source file to be analyzed
12:33:45.192 INFO: 1/1 source file has been analyzed
12:33:45.192 INFO: Sensor TextAndSecretsSensor [text] (done) | time=506ms
12:33:45.193 INFO: Sensor IaC Docker Sensor [iac]
12:33:45.208 INFO: 1 source file to be analyzed
12:33:45.365 INFO: 1/1 source file has been analyzed
12:33:45.367 INFO: Sensor IaC Docker Sensor [iac] (done) | time=174ms

3 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.