Duplicate Lines (%) on new code

  • SonarCloud
  • Scanning c# code

We are struggling to understand the new way the duplicate code is working.
The latest scan is giving very high results and making the quality gate to fail.
Example: 22,4% - 6,012 duplicates

We don’t think this is correct and would like to know if there are options to fine tune the scan or another way to fix it.

Hey there.

You can always narrow the focus and exclude certain files from duplication detection.

Are you saying the duplication being detected is wrong (i.e. not duplication), or that you don’t agree it’s a problem in this context?

Hi,

I am saying the duplication detected is wrong.

Not sure if something changed recently. We were not getting these type of numbers (6K lines) for duplicate code in the past.

Thanks.

we are seeing similar issue on our repos as well . all those were passing in the past and its failing or detecting recently only .It is showing coverage and coveragetest folder in our repos for duplicate code. do we need to exclude them ?

1 Like

Try excluding multi-language analysis that was introduced in 8.0.0 of the sonar-msbuild scanner if applicable.
/d:sonar.scanner.scanAll=false

Multi-language scan is in a flux and kind of crap right now for us. Rapidly changing detections and disabling/enabing sonar.sources, sonar.tests & sonar.exclusions. It made our c# repos grow past our license limit due to scanning .nuget for xml…

1 Like

We had the same issues. We started getting tons of errors on directories that were explicitly excluded from analysis in the project admin. Looks like the settings are completely ignored.

We added /d:sonar.scanner.scanAll=false after noticing the warning, and stats went back to what they were before.

2 Likes

@fcollins_vacv @Mol_Olsson
Thanks for the suggestion. Will try that.

1 Like

Hi @rvilhena10,

May I ask what version of the scanner you are using that leads to that problem?
Is it v8.0.0, or v8.0.2?

Denis

I am using SonarCloud. How can I check the version of the scanner?

Looking at the logs the version I can see there referenced is
SonarScanner 5.0.1.3006

This was not always like this. It’s a recent behaviour.

Thanks,
Ruben

Hi @rvilhena10

What does your CI pipeline look like?
Especially the part that installs the Sonar Scanner for .NET? If you can copy paste it in here we can figure that out (please remove any tokens, secrets etc before posting, of course).

If you are on AZDO and using the SonarCloud extension then you are still using v6, as the extension has not been updated yet.

Denis.

Yes, we are using Azure DevOps Pipelines.
YAML of the pipeline:

azure-pipelines.yml - Build pipeline for an ASP.NET Core 6.0 web app, with unit tests and both SonarCloud and Snyk analysis.

This build will automatically trigger on pull-requests to both the main and develop branches.

trigger:
branches:
include:
- develop
- main

pool:
vmImage: ‘windows-latest’

variables:
solution: ‘xxxx.sln’
buildConfiguration: ‘Release’
snykOrgID: xxxxx

steps:

  • task: SonarCloudPrepare@2
    displayName: ‘SonarCloud Prepare’
    inputs:
    SonarCloud: ‘$(SonarServiceEndPoint)’
    organization: ‘$(SonarOrganization)’
    projectKey: ‘$(SonarProjectKey)’
    projectName: ‘$(SonarProjectName)’
    scannerMode: ‘MSBuild’
    extraProperties: |
    sonar.exclusions=**/.js, **/.css

  • task: DotNetCoreCLI@2
    displayName: ‘Build Solution’
    inputs:
    command: ‘build’
    projects: ‘$(solution)’
    arguments: ‘–configuration $(buildConfiguration)’

  • task: DotNetCoreCLI@2
    displayName: ‘Test Solution’
    inputs:
    command: ‘test’
    projects: ‘$(solution)’
    arguments: ‘–configuration $(buildConfiguration) --collect “Code Coverage”’

  • task: SnykSecurityScan@1
    displayName: ‘Snyk Analysis’
    inputs:
    serviceConnectionEndpoint: ‘SNYK-DEVELOPMENT’
    testType: ‘app’
    monitorWhen: ‘always’
    failOnIssues: false
    organization: ‘$(snykOrgID)’
    additionalArguments: ‘–file=$(solution)’

  • task: SonarCloudAnalyze@2
    displayName: ‘SonarCloud Analysis’

  • task: SonarCloudPublish@2
    displayName: ‘SonarCloud Publish’

  • task: DotNetCoreCLI@2
    displayName: ‘Publish Solution’
    inputs:
    command: ‘publish’
    publishWebProjects: true
    arguments: ‘–configuration $(buildConfiguration) --output $(Build.ArtifactStagingDirectory)’

  • task: PublishBuildArtifacts@1
    displayName: ‘Publish Build Artifacts’
    inputs:
    PathtoPublish: ‘$(Build.ArtifactStagingDirectory)’
    ArtifactName: ‘SmartBeatWeb’

But something must have changed as we never got these huge number for duplications.

A few more questions:

  1. Is this a public project that we can look at?
  2. If not, would you mind showing us (can be in a private message) on which files the duplication appeared (c#?, others?)
  3. Can you trace back when the metric changed drastically? (the date of the first analysis where it goes up)

This might help us pinpoint the origin of this problem.
It is not related to v8 changes, as the AZDO extension does not use it yet. We just need to figure out what caused it.

Denis.

1 Like

Thanks Denis.

Is it not a public project.
Happy to provide all the information request in a private message - what is the best way to do it?
Will start working on collecting the data you asked.

Ruben