ERROR: Validation of project failed:

We have multiple projects with separate repositories. I have created a separate project for deployment to run the pipeline, which integrates with all projects. We’ve added triggers, and after triggering, the pipeline runs successfully. Additionally, we’ve created a release pipeline that successfully deploys to Azure.

However, I’m encountering an issue with this structure related to SonarQube. I’ve set up a SonarQube VM and its Docker container, running the Community Edition. When I configure SonarQube analysis in the relevant project’s pipeline, it runs successfully and provides results. However, when I add this configuration to the deployment project, an issue arises: the code analyzer generates errors, causing our pipeline to fail.

This problem is likely due to the separation of projects and repositories, combined with our pipeline security measures. We’ve granted developers access to their assigned project repositories but have secured the pipeline in a separate deployment project. While this structure was initially successful, implementing SonarQube has disrupted its functionality.

To resolve this issue, we may need to reconsider our pipeline and security setup. One potential solution could involve integrating SonarQube directly into each project’s pipeline rather than having it separate in the deployment project. This way, the code analysis occurs within the context of each project, potentially avoiding conflicts and errors. Alternatively, we may need to adjust permissions or configurations within SonarQube or our pipeline to ensure compatibility across projects.

    • Community Edition
  • Version 9.9.4 (build 87374)
  • SonarQube deployed: Docker
    Community Gosu Plugin
  • 1.2.1installed
    SonarQube CNES Report
  • 4.2.0installed

Hi,

Welcome to the community!

It’s not clear to me what the question is.

And I need to point out that the CNES Report plugin isn’t compatible with SonarQube 9.9.* and above.

 
HTH,
Ann

Hi Ann
Thank you for your response my question is about sonar integration with Azure DevOps and we have a project setup with multiple repositories, a deployment project for pipeline integration, and successful deployment to Azure. However, they encountered an issue with SonarQube integration, where adding SonarQube analysis to the deployment project caused errors due to the separation of projects and repositories, combined with pipeline security measures. To resolve this, they suggest reconsidering the pipeline and security setup. One solution could involve integrating SonarQube directly into each project’s pipeline to avoid conflicts. Alternatively, they may need to adjust permissions or configurations within SonarQube or the pipeline for compatibility.

Hi,

Without fully understanding your structure…

For full/correct functionality, it should be one SonarQube project per repository. That’s because the detection of new code relies on the repo’s blame data.

 
HTH,
Ann

To ensure pipeline security, we specify the pipeline separately. Therefore, we must configure Sonar in separate projects accordingly. While it currently operates smoothly with projects in the same repository, this approach enhances clarity and security measures.

Do we have any solution for this issue regarding this

Hi,

I’m not sure what you’re asking. I’ve said

You responded

What issue is left?

 
Ann