We have an issue with the way the projects are scanned using dotnet scanner after upgrading task to v7. I have looked through documentation and see that the new version is ignoring source and scans other folders, which it is not supposed to scan. Thus the LOC for the project where the code was not changed and was canned by v6 task and then v7, the number of lines of code went up almost 5 times
We are running Sonarqube Server developer edition v 9.9.7 deployed from zip
SonarScanner for MSBuild 9.0.1
Azure devops task v 7.1.0
I did read that the new scanner for dotnet ignores the source parameter, it also seems to scan files that are excluded globally like *.sql . It also running the multi language analysis .
In any case I need some guidance on how to configure tasks correctly for version 7 to exclude
certain folders and may be even languages.
Previously the sources for the scan were pointing to the api folder and everything was working.
Now it picks up at least sql folder, which we do not want to scan. The project is structured like this
Project Api
| multiple api project folders with subfolders DB
| DB Scripts folders with subfolders UI
| multiple angular code folders with subfolders
In any case I need some guidance on how to configure tasks correctly for version 7 to exclude
certain folders and may be even languages. Please let me know what other info is going to be helpful
Thank you @denis.troller !
Setting up sonar.projectbasedir and disabling multifile analysis seems to work properly.
However, I would like to confirm about exclusions. I have that set up globally , however the way they should be used is a bit confusing , since the actual sql script could be nested a few levels deep from the root, as I’ve indicated originally. It may be irrelevant with setting up the multi-file analysis to false, but I would like to understand what would be the right syntax. Is it as you indicated or something like “DB/doubelwildcard/doublewildcard/*” .
Also I included /d:sonar.verbose=true as extra property, but not sure where I would find the log. This is temporary, i won’t use that outside the test that I am running right now. Where do I look for the file or do I need to set something else for the file path. Last, I noticed that it is using classic scanner vs dotnet . Not sure how it picks that and if that is correct.
Thank you in advance !
Yes, the exclusions support so-called “globbing” patterns. I’m afraid the markdown formatting ate some of it in my example. It should have been DB/**/*.*
As for the logs, they are generated as an output of the scanner, so this is what you can see in your CI tool when looking at a particular step.
Finally, the type of scanner should not matter. The choice of Scanner for .NET for .NET Framework or Scanner for .NET for .NET Core is only a question of that tools you have available on your machine.