Hello,
There is a problem when importing the sarif report for a .net solution. The vulnerability cannot be matched with the right file.
I would also like to point out that all csproj are imported into SonarCloud.
Your complaint is that the issues are raised at the directory/project level instead of on individual files?
Looking at the report you uploaded, it seems that the locations for all the issues in it are (somewhat ironically) on .csproj files. Other than raising the issues on the .csproj files, it’s not clear to me what you were expecting.
Thanks for raising this issue. Can you please share the verbose logs by adding the /d:"sonar.verbose=true" to the "SonarQubePrepare” or “SonarCloudPrepare” task’s extraProperties argument if you are using Azure DevOps
For example: