First Analysis Results in 0 lines of code scanned

Hello,

I have scanned my .NET project on Azure DevOps and saw that it was successfully scanned along with the “First Analysis” tag showing. The problem is that for the first run I wanted to scan the whole repo and go through all files. As you could see in the screenshot below its all zeros… zero lines of code zero issues… I am mostly interested in security vulnerabilities and hotspots to be detected.

image1386×561 41.7 KB

Please help me I have went through the SonarCloud docs and run a handful of builds with not much luck.

Hey there.

• What do you see in the Code tab of your branch?
• Anything interesting in the logs of the scanner that was executed in Azure DevOps?

Hello Colin,

I appreciate your response and drawing my attention to the codebase. Now in the Azure DevOps service, if I go to:

Organization Home > Project > Repos > Files I do see that I have C sharp files as shown below:

Main-Page1604×853 50.7 KB

Capture1007×423 17.1 KB

If you look at this file your example here are 18 lines of code that I want to scan at least initially then any changes would be analyzed further:

I will study the logs of the scanner… Are you referring to the Azure DevOps or are there logs in the SonarCloud that I should be looking at?

Hey there.

Sorry, I should have been more precise.

• The Code tab of your SonarCloud project (when browsing your main branch)
• The logs from the Run Code Analysis step of your build

Hey Colin,

I see a gray blank page under the code tab of the SonarCloud project:

code-tab-sonarcloud1938×737 31.7 KB

I noticed that there are multiple lines that read:

WARNING: Duplicate ProjectGuid: "". The project will not be analyzed. Project file: "d:\a\1\s***.csproj"*

2022-04-25T18:26:26.7121412Z ##[section]Starting: Run Code Analysis
2022-04-25T18:26:26.7237642Z ==============================================================================
2022-04-25T18:26:26.7237942Z Task         : Run Code Analysis
2022-04-25T18:26:26.7238232Z Description  : Run scanner and upload the results to the SonarCloud server.
2022-04-25T18:26:26.7238473Z Version      : 1.29.1
2022-04-25T18:26:26.7238663Z Author       : sonarsource
2022-04-25T18:26:26.7239202Z Help         : Version: 1.29.1. This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarscanner-for-azure-devops/)
2022-04-25T18:26:26.7239842Z ==============================================================================
2022-04-25T18:26:26.9523682Z [command]D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.26.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2022-04-25T18:26:27.0194143Z SonarScanner for MSBuild ***
2022-04-25T18:26:27.0195045Z Using the .NET Framework version of the Scanner for MSBuild
2022-04-25T18:26:27.0613422Z Post-processing started.
2022-04-25T18:26:27.6788253Z 18:26:27.677  18:26:27.677  WARNING: Duplicate ProjectGuid: "***". The project will not be analyzed. Project file: "d:\a\1\s\***\***\***.csproj"
2022-04-25T18:26:27.6791343Z 18:26:27.677  18:26:27.677  WARNING: Duplicate ProjectGuid: "***". The project will not be analyzed. Project file: "d:\a\1\s\***\***\***.csproj"
2022-04-25T18:26:27.6792571Z 18:26:27.677  18:26:27.677  WARNING: Duplicate ProjectGuid: "***". The project will not be analyzed. Project file: "d:\a\1\s\***\***\***.csproj"
2022-04-25T18:26:27.6793749Z 18:26:27.678  18:26:27.678  WARNING: Duplicate ProjectGuid: "***". The project will not be analyzed. Project file: "d:\a\1\s\***\******.csproj"
2022-04-25T18:26:27.7569684Z Calling the TFS Processor executable...
2022-04-25T18:26:27.8926876Z Attempting to locate the CodeCoverage.exe tool...
2022-04-25T18:26:27.9406489Z Attempting to locate the CodeCoverage.exe tool using setup configuration...
2022-04-25T18:26:28.0090027Z Code coverage command line tool: C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Team Tools\Dynamic Code Coverage Tools\CodeCoverage.exe
2022-04-25T18:26:28.0621585Z Fetching code coverage report information from TFS...
2022-04-25T18:26:28.0640476Z Attempting to locate a test results (.trx) file...
2022-04-25T18:26:28.2909192Z Looking for TRX files in: D:\a\1\TestResults
2022-04-25T18:26:28.2914320Z No test results files found
2022-04-25T18:26:28.4934316Z Did not find any binary coverage files in the expected location.
2022-04-25T18:26:28.4949155Z Falling back on locating coverage files in the agent temp directory.
2022-04-25T18:26:28.4955019Z Searching for coverage files in D:\a\_temp
2022-04-25T18:26:28.4957131Z No coverage files found in the agent temp directory.
2022-04-25T18:26:28.4958339Z Coverage report conversion completed successfully.
2022-04-25T18:26:28.5060546Z The TFS Processor has finished
2022-04-25T18:26:28.5109745Z Calling the SonarScanner CLI...
2022-04-25T18:26:32.1650530Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.26.1\classic-sonar-scanner-msbuild\sonar-scanner-4.6.2.2472\bin\..\conf\sonar-scanner.properties
2022-04-25T18:26:32.1746266Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2022-04-25T18:26:32.6200084Z INFO: SonarScanner 4.6.2.2472
2022-04-25T18:26:32.6201254Z INFO: Java *** Eclipse Adoptium (***)
2022-04-25T18:26:32.6201930Z INFO: Windows Server *** *** ***
2022-04-25T18:26:35.1778455Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2022-04-25T18:26:39.6039649Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.26.1\classic-sonar-scanner-msbuild\sonar-scanner-4.6.2.2472\bin\..\conf\sonar-scanner.properties
2022-04-25T18:26:39.6049526Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2022-04-25T18:26:39.6053412Z INFO: Analyzing on SonarCloud
2022-04-25T18:26:39.6054135Z INFO: Default locale: "en_US", source code encoding: "windows-***" (analysis is platform dependent)
2022-04-25T18:26:41.1859143Z INFO: Load global settings
2022-04-25T18:26:41.8879527Z INFO: Load global settings (done) | time=702ms
2022-04-25T18:26:41.8923242Z INFO: Server id: ****
2022-04-25T18:26:41.9224436Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2022-04-25T18:26:41.9225784Z INFO: Load/download plugins
2022-04-25T18:26:41.9226263Z INFO: Load plugins index
2022-04-25T18:26:42.1785609Z INFO: Load plugins index (done) | time=255ms
2022-04-25T18:27:10.3886619Z INFO: Load/download plugins (done) | time=28467ms
2022-04-25T18:27:11.0048903Z INFO: Loaded core extensions: developer-scanner
2022-04-25T18:27:11.6152720Z INFO: Found an active CI vendor: 'Azure DevOps'
2022-04-25T18:27:11.6585158Z INFO: Load project settings for component key: '***
2022-04-25T18:27:11.7903157Z INFO: Load project settings for component key: '***' (done) | time=130ms
2022-04-25T18:27:11.8206260Z INFO: Process project properties
2022-04-25T18:27:11.9025470Z INFO: Execute project builders
2022-04-25T18:27:12.1612320Z INFO: Execute project builders (done) | time=148ms
2022-04-25T18:27:12.1614759Z INFO: Project key: ***
2022-04-25T18:27:12.1615367Z INFO: Base dir: D:\a\1\s
2022-04-25T18:27:12.1615877Z INFO: Working dir: D:\a\1\.sonarqube\out\.sonar
2022-04-25T18:27:12.4805878Z INFO: Load project branches
2022-04-25T18:27:12.6187138Z INFO: Load project branches (done) | time=141ms
2022-04-25T18:27:12.6233384Z INFO: Check ALM binding of project '***'
2022-04-25T18:27:12.7491331Z INFO: Detected project binding: BOUND
2022-04-25T18:27:12.7492292Z INFO: Check ALM binding of project '***' (done) | time=123ms
2022-04-25T18:27:12.7492897Z INFO: Load project pull requests
2022-04-25T18:27:12.8716369Z INFO: Load project pull requests (done) | time=125ms
2022-04-25T18:27:12.8720401Z INFO: Load branch configuration
2022-04-25T18:27:12.9064274Z INFO: Load branch configuration (done) | time=2ms
2022-04-25T18:27:12.9086269Z INFO: Load quality profiles
2022-04-25T18:27:13.1218263Z INFO: Load quality profiles (done) | time=211ms
2022-04-25T18:27:13.1253164Z INFO: Load active rules
2022-04-25T18:27:17.9115083Z INFO: Load active rules (done) | time=4754ms
2022-04-25T18:27:17.9841874Z INFO: Organization key: ***
2022-04-25T18:27:18.0060780Z INFO: Load project repositories
2022-04-25T18:27:18.1306115Z INFO: Load project repositories (done) | time=128ms
2022-04-25T18:27:18.1656202Z INFO: Indexing files...
2022-04-25T18:27:18.1657304Z INFO: Project configuration:
2022-04-25T18:27:18.1659547Z INFO:   Excluded sources: **/build-wrapper-dump.json
2022-04-25T18:27:18.9381231Z INFO: Indexing files of module '****'
2022-04-25T18:27:19.0582406Z INFO:   Base dir: D:\a\1\s\***
2022-04-25T18:27:19.0597466Z INFO:   Source paths: Configuration.cs, Properties/AssemblyInfo.cs, Providers/CodeP...
2022-04-25T18:27:19.2437536Z INFO:   Excluded sources: **/build-wrapper-dump.json
2022-04-25T18:27:19.2636889Z INFO: Indexing files of module '****'
2022-04-25T18:27:19.4536983Z INFO:   Base dir: D:\a\1\s\****
2022-04-25T18:27:19.5547889Z INFO:   Source paths: AmcEvent.cs, Compression.cs, DateTimeUtility.cs, DbmlUtility....
2022-04-25T18:27:19.6047497Z INFO:   Excluded sources: **/build-wrapper-dump.json

...
...
...

2022-04-25T18:27:20.4372898Z INFO: Indexing files of module '****'
2022-04-25T18:27:20.4373303Z INFO:   Base dir: D:\a\1\s
2022-04-25T18:27:20.4373740Z INFO:   Excluded sources: **/build-wrapper-dump.json
2022-04-25T18:27:20.4374170Z INFO: 0 files indexed
2022-04-25T18:27:20.4374703Z INFO: 0 files ignored because of inclusion/exclusion patterns
2022-04-25T18:27:20.4375213Z INFO: 2000 files ignored because of scm ignore settings
2022-04-25T18:27:22.6062247Z INFO: ------------- Run sensors on module ****.VisitLog
2022-04-25T18:27:22.9440536Z INFO: Load metrics repository
2022-04-25T18:27:23.0806425Z INFO: Load metrics repository (done) | time=185ms
2022-04-25T18:27:26.2816937Z INFO: Sensor C# Project Type Information [csharp]
2022-04-25T18:27:26.2818428Z INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
2022-04-25T18:27:26.2819651Z INFO: Sensor C# Analysis Log [csharp]
2022-04-25T18:27:26.3306530Z INFO: Roslyn version: ***
2022-04-25T18:27:26.3308147Z INFO: Language version: ****
2022-04-25T18:27:26.3308966Z INFO: Concurrent execution: enabled
2022-04-25T18:27:26.3569066Z INFO: Sensor C# Analysis Log [csharp] (done) | time=42ms
2022-04-25T18:27:26.3569979Z INFO: Sensor C# Properties [csharp]
2022-04-25T18:27:26.3570584Z INFO: Sensor C# Properties [csharp] (done) | time=1ms
2022-04-25T18:27:26.3571103Z INFO: Sensor Text Sensor [text]
2022-04-25T18:27:26.3571896Z INFO: 0 source files to be analyzed
2022-04-25T18:27:26.3572415Z INFO: 0/0 source files have been analyzed
2022-04-25T18:27:26.3572946Z INFO: Sensor Text Sensor [text] (done) | time=6ms
2022-04-25T18:27:26.3573609Z INFO: Sensor VB.NET Project Type Information [vbnet]
2022-04-25T18:27:26.3575049Z INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
2022-04-25T18:27:26.3575610Z INFO: Sensor VB.NET Analysis Log [vbnet]
2022-04-25T18:27:26.3576172Z INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=14ms
2022-04-25T18:27:26.3576728Z INFO: Sensor VB.NET Properties [vbnet]
2022-04-25T18:27:26.3577263Z INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms

....
....
....

2022-04-25T18:27:32.1549667Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
2022-04-25T18:27:32.1550324Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=0ms
2022-04-25T18:27:32.1550891Z INFO: Sensor Serverless configuration file sensor [security]
2022-04-25T18:27:32.1551408Z INFO: 0 Serverless function entries were found in the project
2022-04-25T18:27:32.1551902Z INFO: 0 Serverless function handlers were kept as entrypoints
2022-04-25T18:27:32.1552447Z INFO: Sensor Serverless configuration file sensor [security] (done) | time=1ms
2022-04-25T18:27:32.1552976Z INFO: Sensor AWS SAM template file sensor [security]
2022-04-25T18:27:32.1553489Z INFO: Sensor AWS SAM template file sensor [security] (done) | time=0ms
2022-04-25T18:27:32.1554114Z INFO: Sensor JavaSecuritySensor [security]
2022-04-25T18:27:32.1555495Z INFO: Reading type hierarchy from: D:\a\1\.sonarqube\out\.sonar\ucfg2\java
2022-04-25T18:27:32.1555995Z INFO: Read 0 type definitions
2022-04-25T18:27:32.1556451Z INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\.sonar\ucfg2\java
2022-04-25T18:27:32.1556956Z INFO: No UCFGs have been included for analysis.
2022-04-25T18:27:32.1557459Z INFO: Sensor JavaSecuritySensor [security] (done) | time=6ms
2022-04-25T18:27:32.1557928Z INFO: Sensor CSharpSecuritySensor [security]
2022-04-25T18:27:32.1558427Z INFO: Reading type hierarchy from: D:\a\1\.sonarqube\out\ucfg_cs2
2022-04-25T18:27:32.8550772Z INFO: Read *** type definitions
2022-04-25T18:27:32.9449105Z INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\ucfg_cs2
2022-04-25T18:27:37.4412997Z INFO: 18:27:37.2981992 Building Runtime Type propagation graph
2022-04-25T18:27:37.6840767Z INFO: 18:27:37.532201 Running Tarjan on *** nodes
2022-04-25T18:27:37.7003098Z INFO: 18:27:37.5931994 Tarjan found *** components
2022-04-25T18:27:37.8902389Z INFO: 18:27:37.6962042 Variable type analysis: done
2022-04-25T18:27:37.9334456Z INFO: 18:27:37.7002051 Building Runtime Type propagation graph
2022-04-25T18:27:37.9337927Z INFO: 18:27:37.809205 Running Tarjan on *** nodes
2022-04-25T18:27:37.9338685Z INFO: 18:27:37.852206 Tarjan found *** components
2022-04-25T18:27:37.9339599Z INFO: 18:27:37.9092049 Variable type analysis: done
2022-04-25T18:27:37.9340274Z INFO: Analyzing 7403 ucfgs to detect vulnerabilities.
2022-04-25T18:27:40.1883668Z INFO: All rules entrypoints : 219
2022-04-25T18:27:40.1885490Z INFO: Retained UCFGs : 1102
2022-04-25T18:27:40.5968705Z INFO: Taint analysis starting. Entrypoints: 219
2022-04-25T18:27:40.6236205Z INFO: Running symbolic analysis for 'CSHARP'
2022-04-25T18:27:41.7041582Z INFO: Taint analysis: done.
2022-04-25T18:27:41.7049775Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=9708ms
2022-04-25T18:27:41.7055356Z INFO: Sensor PhpSecuritySensor [security]
2022-04-25T18:27:41.7330322Z INFO: Reading type hierarchy from: D:\a\1\.sonarqube\out\.sonar\ucfg2\php
2022-04-25T18:27:41.7332549Z INFO: Read 0 type definitions
2022-04-25T18:27:41.7333164Z INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\.sonar\ucfg2\php
2022-04-25T18:27:41.7333807Z INFO: No UCFGs have been included for analysis.
2022-04-25T18:27:41.7334432Z INFO: Sensor PhpSecuritySensor [security] (done) | time=2ms
2022-04-25T18:27:41.7335043Z INFO: Sensor PythonSecuritySensor [security]
2022-04-25T18:27:41.7335681Z INFO: Reading type hierarchy from: D:\a\1\.sonarqube\out\.sonar\ucfg2\python
2022-04-25T18:27:41.7336283Z INFO: Read 0 type definitions
2022-04-25T18:27:41.7336850Z INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\.sonar\ucfg2\python
2022-04-25T18:27:41.7337470Z INFO: No UCFGs have been included for analysis.
2022-04-25T18:27:41.7338079Z INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
2022-04-25T18:27:41.7338657Z INFO: Sensor JsSecuritySensor [security]
2022-04-25T18:27:41.7339367Z INFO: Reading type hierarchy from: D:\a\1\.sonarqube\out\.sonar\ucfg2\js
2022-04-25T18:27:41.7339965Z INFO: Read 0 type definitions
2022-04-25T18:27:41.7340531Z INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\.sonar\ucfg2\js
2022-04-25T18:27:41.7341145Z INFO: No UCFGs have been included for analysis.
2022-04-25T18:27:41.7341752Z INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
2022-04-25T18:27:41.7342363Z INFO: ------------- Run sensors on project
2022-04-25T18:27:41.7342890Z INFO: Sensor Zero Coverage Sensor
2022-04-25T18:27:41.7343466Z INFO: Sensor Zero Coverage Sensor (done) | time=0ms
2022-04-25T18:27:41.7344058Z INFO: CPD Executor Calculating CPD for 0 files
2022-04-25T18:27:41.7344805Z INFO: CPD Executor CPD calculation finished (done) | time=0ms
2022-04-25T18:27:44.7728244Z INFO: Analysis report generated in 3045ms, dir size=294 KB
2022-04-25T18:27:44.7736613Z INFO: Analysis report compressed in 15ms, zip size=46 KB
2022-04-25T18:27:45.1171517Z INFO: Analysis report uploaded in 346ms
2022-04-25T18:27:45.1843696Z INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=#*&$*&*&$
2022-04-25T18:27:45.1845001Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2022-04-25T18:27:45.1845832Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=&*%*($*(
2022-04-25T18:27:45.1846556Z INFO: Analysis total time: 34.130 s
2022-04-25T18:27:45.1847291Z INFO: ------------------------------------------------------------------------
2022-04-25T18:27:45.1847897Z INFO: EXECUTION SUCCESS
2022-04-25T18:27:45.1848482Z INFO: ------------------------------------------------------------------------
2022-04-25T18:27:45.1849105Z INFO: Total time: 1:13.020s
2022-04-25T18:27:45.3561343Z INFO: Final Memory: 52M/174M
2022-04-25T18:27:45.3562368Z INFO: ------------------------------------------------------------------------
2022-04-25T18:27:45.6636070Z The SonarScanner CLI has finished
2022-04-25T18:27:45.6638274Z 18:27:45.661  Post-processing succeeded.
2022-04-25T18:27:45.6802798Z ##[section]Finishing: Run Code Analysis

This is definitely something.

Can you set sonar.scm.exclusions.disabled=true as an analysis parameter and see if files start appearing?

Hey Colin,

I appreciate your help on this. I set the analysis parameter using the properties file in the root dir of my project:

set-scm-exclusion-property681×522 34.1 KB

I still see that I get the “2000 ignored files line” + the code tab is still empty:

files-ignored-lines-in-run-code-analysis914×256 16.1 KB

Did I set it correctly?

Hey there.

A sonar-project.properties file actually has no effect when you are using the Scanner for .Net. You should add this parameter to the SonarCloud “Prepare Analysis” step in your build pipeline. For example:

- task: SonarCloudPrepare@1
  inputs:
    SonarCloud: 'SonarCloud'
    organization: 'colin-sonarsource'
    scannerMode: 'MSBuild'
    projectKey: 'my-projectkey'
    extraProperties: 'sonar.scm.exclusions.disabled=true'

Hey Colin, Thanks a bunch!

That was it! After adding the property to the “Prepare Analysis” I was able to analyze all the files and populate reports and findings.

solution-with-yaml-view1799×796 83.1 KB

Happy to help. Something is fishy with sonar.scm.exclusions.disabled There have been a few similar reports overtime – I’ll try to collect them and communicate this internally. We might follow up with you!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.