Issue with CFamily Analysis in Azure DevOps Server (2022) Pipeline Using Docker for Build Wrapper

Hello SonarSource Community,

I’m encountering an issue with SonarQube analysis for C/C++ code in our Azure DevOps Server (2022) pipeline. We’re using Docker to manage the build wrapper output, as our CI/CD agents aren’t configured to build projects independently on the command line. Despite successfully wrapping the build and producing the build-wrapper-dump.json file, the analysis step reports that no files are being scanned. Here is the error we’re seeing:

java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
  * you are using the latest version of the build-wrapper and the CFamily analyzer
  * you are correctly invoking the scanner with correct configuration
  * your compiler is supported
  * you are wrapping your build correctly
  * you are wrapping a full/clean build
  * you are providing the path to the correct build-wrapper output directory
  * you are building and analyzing the same source checkout, absolute paths must be identical in build and analysis steps

Pipeline Setup Overview

Our pipeline follows these steps:

  1. Prepare SonarQube configuration using the SonarQubePrepare@7 task.
  2. Checkout the main repository alongside supporting repositories.
  3. Build the project inside a Docker container using a custom image, wrapping the build with the SonarQube build-wrapper.
  4. Mount the build-wrapper output directory to a Docker volume and link it to the agent’s temp directory.
  5. Run the analysis using the SonarQubeAnalyze@7 task, pointing to the Docker volume’s output.

The analysis is expected to scan files from the main repository, which is correctly checked out during the pipeline execution. However, no files are being analyzed, even though the build-wrapper-dump.json file is present and accessible.

What We’ve Checked So Far

  • The build-wrapper output directory (sonar.cfamily.build-wrapper-output) is correctly set.
  • The build-wrapper-dump.json file contains data.
  • The source code paths during the analysis step match those during the build (checked for absolute path consistency).

Questions and Help Needed

  1. Are there specific configurations or common pitfalls when using Docker with the build wrapper for CFamily analysis, especially when analyzing files from a specific repository?
  2. Could this issue be related to path handling or differences between how Docker manages volumes and how the Azure DevOps Server (2022) agent accesses files?
  3. What additional steps can we take to debug why the files in the main repository are not being scanned?

Thank you in advance for your support!

Hey @gabe.imlay

As noted in the docs:

  • The Build Wrapper collects information about the build, including absolute file paths (source files, standard headers, libraries, etc.). Later, SonarScanner CLI uses this information and needs to access those paths. While this is straightforward when running these two steps on the same host, it is worth considering when using any containerization. A consequence of this is that Compilation-Database based C/C++/Objective-C analysis is NOT supported by the SonarScanner CLI Docker image.

Long story short: building your project in a docker container and then running the analysis outside that container is almost never going to work. Even if all your file paths are the same but the compiler does not exist in the environment you’re running analysis, analysis will fail (because we specifically probe the compiler executable)

What version of SonarQube are you using? If it’s v10.6+, you might be very interested in the AutoConfig feature – no build or build wrapper required [blog / docs]

1 Like