We are activating the SonarQube to analyze our code and we have been updating our SonarQube from version 6.7 to 7.9 and then to version 8.6 of the Community version. We have integrated SonarQube with DevOps and we have a build programmed that executes the compilation and tests on the project with the tasks:
- Visual Studio Test PlatformInstaller
- Prepare analysis on SonarQube
- dotnet build
- dotnet test
- Run Code Analysis
- Publish Quality Gate Result
- Task group: Post-build Git Tasks
We saw the need to update the version of Sonar Scanner to version 4.17.0 to be compatible with the new version of SonarQube and we started receiving data.
As we wanted to have all the files covered even if they were autogenerating and see the code coverage, we update our build with the parameters:
But in the executions, it indicated an error in the java version, so we installed the Java 11.0.9 Oracle Corporation (64 bit) version in the agents and from that moment many lines of code are not counted in the statistics and many issues are not are detected now we have only 35 Code Smells:
Specifically, there is a hardcoded Password that is not detected in files marked with 0 issues with the line Password = “xxxxx”.
The Quality profile that we have active is the default Sonar way.
The changes in the Build have been reverted in case the parameters introduced were responsible but the results are the same.
Do we have any wrong settings?
Thanks for the help.