Generic issue imported in SonarQube doesn't appear in Sonarqube dashboard

SonarQube Server / Community Build
, , ,
1

I am using SonarQube (Community Edition, Version 9.6.1 build 59531) in Jenkins on my .NET project

I start and stop the scanner with dotnet sonarscanner begin … and dotnet sonarscanner end before and after the build.
The reports are correctly uploaded to the Sonarqube server, and I can see all the issues and code smells.

I want to add some custom issues, and I create a json file as shown on this page : https://docs.sonarqube.org/9.6/analyzing-source-code/importing-external-issues/generic-issue-import-format/

But I can’t make it appear in the Sonarqube server.

Here is what I tried :

First, I created a single json file with the issues for all the projects, and reference it with an absolute path :

$fileLocation = Join-Path $PSScriptRoot "sonar-custom-issues.json"

dotnet sonarscanner begin /d:sonar.host.url="$sonar_host" /k:"$sonar_project_name" /d:sonar.login="xxx" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.sourceEncoding=UTF-8 /d:sonar.externalIssuesReportPaths="$fileLocation"

When I do this, nothing appear.

I also tried to make a json file by csproj project, so I just changed /d:sonar.externalIssuesReportPaths=sonar-custom-issues.json

And I save a sonar-custom-issues.json file on each project, in the same folder as the csproj.

Now, the dotnet sonarscanner end fails - with no error in the logs :just lot of “INFO” and these lines :

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------

Here is the content of the json file :

{
    "issues": [{
		"primaryLocation": {
		    "message": "Custom Issue Message",
	    	"filePath": "MyProject.csproj",
    		"textRange": {
				"startLine": 1
	    	}
    	},
		"type": "VULNERABILITY",
	    "ruleId": "my-rule",
    	"engineId": "my-engine",
		"severity": "CRITICAL"
    }]
}

I’m not sure what is wrong, and I can’t find an answer in the documentation.

So what should I do to have the issues appear in SonarQube ?

What I’m still not sure :

  • Should I create a single json file or a file per project ?
  • Where are the json files supposed to be placed ?
  • Is the filePath property supposed to be absolute or relative ? And if relative, relative to what ? (the execution folder / the project root / something else ?)

(Note : I have already asked the question on StackOverflow : .net - Generic issue imported in SonarQube doesn't appear in Sonarqube dashboard - Stack Overflow )

2

I may have found why it doesn’t appear :
The issues points to .csproj files, but when I search in the logs, it seems only .cs files are scanned and sent to SonarQube.

Could this be the cause ?
How can I ask the sonar scanner to add the .csproj files to be sent to sonarqube ?

1 Like
3

Hi,

Let’s start with your full analysis logs.

Share the Scanner for .NET verbose logs

  • Add /d:"sonar.verbose=true" to the…
    • SonarScanner.MSBuild.exe or dotnet sonarscanner begin command to get more detailed logs
      • For example: SonarScanner.MSBuild.exe begin /k:"MyProject" /d:"sonar.verbose=true"
    • “SonarQubePrepare” or “SonarCloudPrepare” task’s extraProperties argument if you are using Azure DevOps
      • For example:
        - task: SonarCloudPrepare@1
    inputs:
      SonarCloud: 'sonarcloud'
      organization: 'foo'
      scannerMode: 'MSBuild'
      projectKey: 'foo_sonar-scanning-someconsoleapp'
      projectName: 'sonar-scanning-someconsoleapp'
      extraProperties: |
        sonar.verbose=true
  • The important logs are in the END step (i.e. SonarQubeAnalyze / SonarCloudAnalyze / “Run Code Analysis”)

Share the msbuild detailed logs

MsBuild.exe /t:Rebuild /v:d

or

dotnet build -v:d

 
Ann