How to integrate pull request decoration with .net repository having multiple project (csproj) folders to be built and scanned independently rather than building entire solution as part of pull request validation build?
Since .net build step is mandatory before running sonarqube analysis in build pipeline, added and ran analysis but its not scanning new lines of code rather its scanning entire solution. If committer has made changes to 2 different project folders, PR build which is building entire solution file and running analysis is throwing vulnerabilities of other project folders too. Please provide any documentation or support on handling such cases. Below is folder structure provided for your reference, each project has to be considered as standalone project. Thanks in advance.
How to analyze projects in a solution independently
Detection of new code
its not scanning new lines of code rather its scanning entire solution.
We try to keep it to one topic per thread. Otherwise it gets messy, fast. I’ll touch on both questions, but reserve the right to ask you to create a new thread if you have followup questions on both.
For the first, as you note, the entire project will need to be built, but you can narrow your analysis to one project at a time. The result would be a lot more CI cycles, though.
For the second, it’s quite likely you have some warnings in your analysis log about detection of SCM data. Can you check? Share your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
Added sonar basedirectory and sonar sources to prepare analysis
Defined New Code to compare against target branch i.e main branch which gets scanned after every merge.
Still the issue persists…please provide help here.
