I have a pipeline that runs a scan on a Dockerfile.
When running the pipeline, the file is found but not parsed.
I have tried addressing the scan directly to the Dockerfile. I have also done this by addressing the scan to the folder containing the file.
I have created a different project with a different Dockerfile and a new pipeline, but the problem persists.
I really appreciate any help you can give me
The Dockerfile is found but is not analyzed.
This is the SonarCloud Analisys Log
12:37:23.119 DEBUG: * VB.NET => "vbnet"
12:37:23.119 DEBUG: * Python => "py"
12:37:23.119 DEBUG: * T-SQL => "tsql"
12:37:23.119 DEBUG: * TypeScript => "ts"
12:37:23.119 DEBUG: * CSS => "css"
12:37:23.119 DEBUG: * COBOL => "cobol"
12:37:23.119 DEBUG: * PHP => "php"
12:37:23.119 DEBUG: * ABAP => "abap"
12:37:23.119 DEBUG: * YAML => "yaml"
12:37:23.119 DEBUG: * JSON => "json"
12:37:23.120 INFO: Quality profile for xml: Sonar way
12:37:26.546 INFO: Sensor XML Sensor [xml] (done) | time=261ms
12:37:26.546 INFO: Sensor TextAndSecretsSensor [text]
12:37:26.976 INFO: 1 source file to be analyzed
12:37:26.976 INFO: 1/1 source file has been analyzed
12:37:27.001 INFO: Sensor IaC Docker Sensor [iac]
12:37:27.011 INFO: 0 source files to be analyzed
12:37:27.083 INFO: 0/0 source files have been analyzed
12:37:27.084 INFO: Sensor IaC Docker Sensor [iac] (done) | time=83ms
PipelineConfiguration (yaml file)
- checkout: self
- task: SonarCloudPrepare@1
- task: SonarCloudAnalyze@1
displayName: 'Run SonarCloud analysis'
- task: SonarCloudPublish@1
displayName: 'Publish results on build summary'
Scanning a repo with Automatic analysis does not scan
- ALM used : GitHub
- CI system used: None (Automatic analysis; otherwise : GitHub actions)
- Scanner command used when applicable: None
- Languages of the repository: PHP, HTML, Docker, YAML
- Error observed: None
- Steps to reproduce
- Turn on automatic analysis
- Look at files scanned project>main branch>code: files can be seen but no
- No rule triggered on the
- Potential workaround
- commit a
.sonarcloud.properties file with:
# Path to sources
Same behavior. No Dockerfile in the list of scanned files.
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Welcome to the community!
I suppose that
sonar.docker.file.patterns value is what you’ve come to in your attempts to make this work?
You don’t need to specify full paths, and I suspect the fact that you have isn’t helping.
The default value for this is
Dockerfile,*.dockerfile. I guess that didn’t work for you? Or perhaps, based on your value,
Yes Ann, you are right: those values in .sonarcloud.properties is the result of quite a few run-fail-and-try-something-else attempts…
It all started with automatic analysis with all the default settings ignoring a Dockerfile at the root of the repo. Here, I made a simple test case to reproduce:
- Created a public repo with a single Dockerfile file at GitHub - Evaneos/sonarcloud-test-case
- In SonarCloud added this project as a new project, Next, Next, Next.
- Waited a bit for first analysis.
- Result : No analysis. SonaCloud web now reads Automatic analysis not recommended : “No languages detected in your repository”.
Was expecting : at least one issue in this Dockerfile (this one Docker static code analysis | Security Hotspot: Allowing shell scripts execution during package installation is security-sensitive)
Thanks for the confirmation. I kinda figured it was the case, especially since another SonarCloud user reported pretty much the same thing (but with standard file patterns) at the same time.
And since I do think this is the same thing, I’m going to move this into that other thread, which is already flagged for the language specialists.
Are you using autoscan or your own CI?
We are using autoscan.
My company has a paid plan of SonarCloud and our service connection uses our SonarCloud Token.
Hello @juanfer007 ,
We think we found the underlying issue and are working on a fix that should be ready soon. I’ll update this thread once it is in production.
Hi Martin Bednorz
Do you have any news about this issue ?
Thanks so much.
The fix should be released. Could you try again?
Hello Martin Bednorz
Yes. I confirm that’s working.
Thanks so much.
12:33:41.971 DEBUG: 'SonarCloud/sonar-docker-demo/Dockerfile' indexed with language 'docker'
12:33:45.157 DEBUG: 'SonarCloud/sonar-docker-demo/Dockerfile' generated metadata with charset 'UTF-8'
12:33:45.166 INFO: 1 source file to be analyzed
12:33:45.192 INFO: 1/1 source file has been analyzed
12:33:45.192 INFO: Sensor TextAndSecretsSensor [text] (done) | time=506ms
12:33:45.193 INFO: Sensor IaC Docker Sensor [iac]
12:33:45.208 INFO: 1 source file to be analyzed
12:33:45.365 INFO: 1/1 source file has been analyzed
12:33:45.367 INFO: Sensor IaC Docker Sensor [iac] (done) | time=174ms
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.