Dotnet sonarscanner missing dependencies

Introduction

Hello everyone, I’ve looked through the topics on the forum and I believe I did not find any that describes the issue that I’m currently facing. I’ve come across this issue on Friday and I hope to fix it soon so that I can continue with my current setup.

I hope this is the proper location to post this question.

What I’m trying to achieve

I currently have a multi-stage dockerfile that builds two applications separately in a pipeline and spits out two images to a private image registry. I wish to add the dotnet sonarscanner to the build step so that an analysis is performed each time the pipeline runs, the results of this analysis are sent to an azure sonarcloud instance that my university provides.

My four projects (separated in 2 solutions) make use of dotnetcore 3.0 which isn’t supported by the sonarscanner, for this reason I’m using a base dockerfile that includes the sdk of 3.0 and the runtime of dotnetcore 2.1 which according to a few GitHub issues should not be a problem.

I’ve written my own dockerfile that installs dotnet scanner and the runtime of 2.1 on top of the base dotnetcore 3.0 sdk image, however I’m currently using nosinovacao/dotnet-sonar:19.10.1. I’ve also made a github issue on the github repository of that image, however given that the error occurs even in my own dockerfile I suspect it isn’t the image that is wrong.

Switching to a 2.1 project is a possibility, however I’d rather not go that far.

The issue I’m facing

Any time my docker build reaches the dotnet build step it returns this error:

Copyright © Microsoft Corporation. All rights reserved.

  Restore completed in 19.18 sec for /app/Case1.MVC/Case1.MVC.csproj.
  Restore completed in 1.19 min for /app/Case1.MVC.Test/Case1.MVC.Test.csproj.
CSC : error CS0006: Metadata file '/tmp/.sonarqube/resources/2/analyzers/dotnet/YamlDotNet.dll' could not be found [/app/Case1.MVC/Case1.MVC.csproj]
CSC : error CS0006: Metadata file '/tmp/.sonarqube/resources/2/analyzers/dotnet/SecurityCodeScan.dll' could not be found [/app/Case1.MVC/Case1.MVC.csproj]

Build FAILED.

CSC : error CS0006: Metadata file '/tmp/.sonarqube/resources/2/analyzers/dotnet/YamlDotNet.dll' could not be found [/app/Case1.MVC/Case1.MVC.csproj]
CSC : error CS0006: Metadata file '/tmp/.sonarqube/resources/2/analyzers/dotnet/SecurityCodeScan.dll' could not be found [/app/Case1.MVC/Case1.MVC.csproj]
    0 Warning(s)
    2 Error(s)

What I’ve tried so far

So far I’ve tried installing the missing dependencies in my projects, didn’t seem to work. I’ve also tried different sonarscanner versions, all to no avail. I’ve also tried a few different base docker images, however none seemed to accomplish a successful scan.

I’ve also deleted my current project and added an empty test and console app project to see if the build would fail with an empty project, and it gave me the same error.

Note that I’m building the image locally on Linux Mint with a 4.15.0-66-generic kernel, the pipeline uses an ubuntu-16.04 image and throws the same error.

Relevant logs and code

My dockerfile (excluding runtime):

FROM nosinovacao/dotnet-sonar:19.10.1 AS build

WORKDIR /app
COPY ./Frontend /app/

RUN dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin
/k:Batcat-frontend
/d:sonar.login=""
/d:sonar.host.url=""
&& dotnet build
&& dotnet test
&& dotnet /sonar-scanner/SonarScanner.MSBuild.dll end
/d:sonar.login=""

Full error log

Building MVC
Step 1/9 : FROM nosinovacao/dotnet-sonar:19.10.1 AS build
—> 57fd2ef405bb
Step 2/9 : WORKDIR /app
—> Using cache
—> 6e98cbaa9b10
Step 3/9 : COPY ./Frontend /app/
—> Using cache
—> c467bec46b57
Step 4/9 : RUN dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin /k:Batcat-frontend /d:sonar.login="" /d:sonar.host.url="" && dotnet build && dotnet test && dotnet /sonar-scanner/SonarScanner.MSBuild.dll end /d:sonar.login=""
—> Running in 29926b3b152b
SonarScanner for MSBuild 4.7.1
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories…
09:25:55.773 Updating build integration targets…
09:25:55.79 Fetching analysis configuration settings…
09:25:57.33 Provisioning analyzer assemblies for cs…
09:25:57.331 Installing required Roslyn analyzers…
09:25:59.06 Provisioning analyzer assemblies for vbnet…
09:25:59.06 Installing required Roslyn analyzers…
09:25:59.101 Pre-processing succeeded.
Microsoft ® Build Engine version 16.3.0+0f4c62fea for .NET Core
Copyright © Microsoft Corporation. All rights reserved.

Restore completed in 19.18 sec for /app/Case1.MVC/Case1.MVC.csproj.
Restore completed in 1.19 min for /app/Case1.MVC.Test/Case1.MVC.Test.csproj.
CSC : error CS0006: Metadata file ‘/tmp/.sonarqube/resources/2/analyzers/dotnet/YamlDotNet.dll’ could not be found [/app/Case1.MVC/Case1.MVC.csproj]
CSC : error CS0006: Metadata file ‘/tmp/.sonarqube/resources/2/analyzers/dotnet/SecurityCodeScan.dll’ could not be found [/app/Case1.MVC/Case1.MVC.csproj]

Build FAILED.

CSC : error CS0006: Metadata file ‘/tmp/.sonarqube/resources/2/analyzers/dotnet/YamlDotNet.dll’ could not be found [/app/Case1.MVC/Case1.MVC.csproj]
CSC : error CS0006: Metadata file ‘/tmp/.sonarqube/resources/2/analyzers/dotnet/SecurityCodeScan.dll’ could not be found [/app/Case1.MVC/Case1.MVC.csproj]
0 Warning(s)
2 Error(s)

Time Elapsed 00:01:13.49

My question

I’m posting this topic because I’m a bit at a loss and would like to use sonarscanner in my docker build. I hope someone here knows what’s going on with my docker build and can provide me with advice on how to fix my build.

Update

I figured out what the problem was, the folder /tmp/.sonarqube/resources/2/ contained files with Windows backslashes, so the folder it was looking for did not exist and neither did the files.

The topic can be closed now, I added a manual mkdir and mv command.

1 Like

Update

My apologies for this topic bump, but I’ve reconsidered the previous solution and I don’t find it relevant anymore.

It is possible to manually fix these Windows slashes using mv and mkdir as the previous answer stated, however this is simply not a proper solution and as I’ve been told there is a genuine bug in the dotnet-scanner that causes these issues.

The ‘working’ solution I found is to run the sonar scan in a Windows environment, since that seems to not trigger this error and actually give proper code-coverage results.