Lines of code in PR

We have an existing repository which has been scanned by SonarCloud repeatedly for more than 12 months. It isn’t contributed to frequently at the moment, but the last successful scan was on 1st August 2024. This shows the number of lines of code in the solution as 24k.

We have a new pull request in the GitHub repo. SonarCloud is scanning the code, but then rejecting the processing because it would take us over our allocated lines of code. The error report shows that this PR has 833k lines of code.

The only conclusion we can draw is that SonarCloud is now considering code that we have excluded from the scan - primarily the database migrations folder. This is the only part of the code that would take us to 833k lines of code. The folder for this is configured as a source file exclusion in the project administration section.

I don’t want to increase our allowable lines of code to more than the 833k required for this to pass as is. Has something changed in the way the scan is done and we need to adjust our GitHub actions to correct it?

Hey there.

  • What language(s) are you analyzing?
  • What version of what scanners are you using?
  • Do the analysis logs show your exclusions, and file paths that match the exclusions (you can set sonar.verbose=true as an analysis parameter to see lots of info about what files are being indexed, and what files are being excluded)

We are analysing C#.

The GitHub action pulls the latest version of the dotnet-sonarscanner.exe and executes that.

I can’t see information about exclusions, I will change the GitHub Action to set the verbose parameter, but this doesn’t change that it was working and now it isn’t. We haven’t made any significant changes to the project since it last worked correctly.

Even with verbose on, I can’t see a specific documenting of excluded files.

Looking at the file that is downloaded with settings, it is including the exclusions correctly:

{
      "key": "sonar.exclusions",
      "values": [
        "###.Data/Migrations/**",
        "###.ConsoleApp/**"
      ],
      "parentOrigin": "INSTANCE"
    }

### is just to obscure the value included. It has the right value.

The logs do show that the exclusions are listed at the start of the analysis job and there is a log entry saying the 446+ files are ignored because of exclusion rules. However, it is still getting the line count wrong.

I’ve tried running this from Powershell on my local computer where I could guarantee I had the latest version of the Sonarscanner. Exactly the same problem occurred.

So, I’ve pushed an exact copy of the repo into Azure DevOps and created a build pipeline with the SonarScanner task. This worked correctly, generating a report in SonarCloud and it shows 24k lines of code.

There must be a problem with the current version of the Sonar Scanner for .Net

Hey @reallyandrew

What’s the version of the Scanner for .NET in your build, and the “latest” version that you have locally?

SonarScanner for MSBuild 8.0.3

And the other, where it’s behaving differently?