How to scan individual .net projects code with Pull request decoration in a single repository

  • Sonarqube developer edition 9.8
  • How to integrate pull request decoration with .net repository having multiple project (csproj) folders to be built and scanned independently rather than building entire solution as part of pull request validation build?
  • Since .net build step is mandatory before running sonarqube analysis in build pipeline, added and ran analysis but its not scanning new lines of code rather its scanning entire solution. If committer has made changes to 2 different project folders, PR build which is building entire solution file and running analysis is throwing vulnerabilities of other project folders too. Please provide any documentation or support on handling such cases. Below is folder structure provided for your reference, each project has to be considered as standalone project. Thanks in advance.



Welcome to the community!

This seems to be two different questions:

  • How to analyze projects in a solution independently
  • Detection of new code

    its not scanning new lines of code rather its scanning entire solution.

We try to keep it to one topic per thread. Otherwise it gets messy, fast. I’ll touch on both questions, but reserve the right to ask you to create a new thread if you have followup questions on both.

For the first, as you note, the entire project will need to be built, but you can narrow your analysis to one project at a time. The result would be a lot more CI cycles, though.

For the second, it’s quite likely you have some warnings in your analysis log about detection of SCM data. Can you check? Share your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.


Hi Ann,

Sure, keeping this thread for one issue i.e scanning other files aswell which are not part of PR and adding comments with below warning message.

I’ve tried community solutions

  1. Added sonar basedirectory and sonar sources to prepare analysis
  2. Defined New Code to compare against target branch i.e main branch which gets scanned after every merge.
    Still the issue persists…please provide help here.


Hi Swetha,

As requested previously, please share your analysis logs.


Hi Ann,
Attaching screenshots of analysis warnings and sharing analysis logs for your reference.


above PR analysis doesn’t have below file changes but it still gave this warning saying codesmell.


Neither of those things is an analysis log. Please see the post above where I initially requested the log.