Ignore false Major bugs for C# code that is written the newer way to what's scanned in Sonarqube

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

  • SonarQube

• how is SonarQube deployed: zip, Docker, Helm

  • not sure

• what are you trying to achieve

  • we are being presented with “Major” bugs in SonarQube for one of our services, and we’d like to know how we ignore these false bugs. We currently use the newer way of doing namespace in C# so ‘Group’ is in namespace Promapp.Search.Domain.V2; instead of the older way - see below example

• what have you tried so far to achieve this?

  • we are not clear on what to do

Newer way:

namespace Promapp.Search.Domain.V2

Public class Group

{
    public string UniqueId { get ; set; }
    
    public IEnumerable<string> BreadCrumb { get ; set; }

    public string GroupURL { get ; set; }

    public string GroupType { get ; set; }

Instead of the older way:

using System.Collections.Generic;

namespace Promapp.Search.Domain.V2
{
    public class Group
    {
        public string UniqueId { get; set; }
        public IEnumerable<string> BreadCrumb { get; set; }
        public string GroupUrl { get; set; }
        public string GroupType { get; set; }
        public IEnumerable<string> ViewerUserIds { get; set; } = new string[] { };
        public IEnumerable<string> ViewerRoleIds { get; set; } = new string[] { };
    }
}

Hi,

Welcome to the community!

What version of SonarQube are you using? Also, what’s the rule ID raising the issues you disagree with?

 
Thx,
Ann

It looks to be LTS version is 9.9.3? and if i’m looking in the correct place the ruleid looks to be csharpsquid?

Hi,

Thanks for the version number. For the rule ID, I should have been more specific. You’re looking for something like S123. This screenshot is from the current version of the UI, which has been updated a bit, but:

 
Ann

This one: csharpsquid:S3903

Hi,

Thanks very much for this! I’m going to flag the thread for the language experts.

 
Ann

Hello @TaniaJhn

The issue was reported before Rule S3903: False Positive when using File Scoped namespaces. · Issue #4731 · SonarSource/sonar-dotnet · GitHub for rule S3903. The issue was fixed and released in 2021 in version 8.32 of our analyzer. SonarQube 9.9 should include the later version 8.51 of our analyzer.

Please make sure that the analyzer used is at least version 8.32. You can see the analyzer version in the begin step logs:

> dotnet sonarscanner begin /k:"project-key" /d:sonar.login="<token>"
SonarScanner for MSBuild 5.13
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
15:24:07.938  Updating build integration targets...
15:24:08.054  Fetching analysis configuration settings...
15:24:09.067  Provisioning analyzer assemblies for cs...
15:24:09.068  Installing required Roslyn analyzers...
15:24:09.068  Processing plugin: csharp version 8.55.0.65544
...

You should upgrade to a newer version of SonarQube if the analyzer version is outdated.

Best regards, Martin

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.