Missing information when building several solutions

SonarQube Server / Community Build
,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube server version: Version 8.5.0.37579
    SonarQube scanner version: SonarScanner for MSBuild 4.10

  • what are you trying to achieve
    We are trying to collect the smells, bugs and vulnerabilities.

  • what have you tried so far to achieve this
    We’re using a script which builds and runs the SonarQube scanner (the build is done with Microsoft ® Build Engine version 16.7.0). As we have several solutions, we are using 3 .proj files which include c# solutions and they have something similar to:
    ExampleA.proj

    <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="4.0">
    <Target Name="BuildAll">
      <Message Text="xxx" />
      <Message Text="xxx" />
      <Message Text="xxx" />

      <MSBuild
        Projects="nuget.proj" />
      <MSBuild
        Projects="..\xxxa.sln"
        Targets="xxx"
        ToolsVersion="$(MSBuildToolsVersion)"
        Properties="Configuration=$(Configuration);Platform=$(Platform)" />   
       <MSBuild
         Projects="..\xxxb.sln"
         Targets="xxx"
         ToolsVersion="$(MSBuildToolsVersion)"
         Properties="Configuration=$(Configuration);Platform=$(Platform)" />
         .
         .
         .
     <MSBuild
         Projects="..\xxxn.sln"
         Targets="xxx"
         ToolsVersion="$(MSBuildToolsVersion)"
         Properties="Configuration=$(Configuration);Platform=$(Platform)" />
  </Target>

So, the steps to build and run SQ are:

  1. run SonarQube begin
    &"$sonnarScannerExe" begin /k:ProjectX /d:sonar.login="xxxxxxxxxxxx" /d:sonar.host.url="xxxxxxxxxxx";
  2. run msbuild for each .proj
    &$msBuildPath ExampleA.proj ...
    &$msBuildPath ExampleB.proj ...
    &$msBuildPath ExampleC.proj ...
  3. Finally we run SonarQube end:
    &"$sonnarScannerExe" end /d:sonar.login="xxxxxxxxxxxx"

Once those steps finish, I’m able to see the projects in the portal but I don’t have accurate measures. If I run those .proj individually, I can see more bugs, smells and vulnerabilities than executing the 3 .proj sequentially.

Due to project restrictions, we cant use a single .proj file with all the solutions in it, and we need to have all the information from all solutions in a single Project in SonarQube.

what options do we have to have information from all those projects in a single point in the portal?

Thank you in advance,

Regards

2

Hi @dasavi, welcome to our community.

I am sorry for the late reply here.

Are the analyses being overwritten one by the other? I mean: are you getting just the results from ExampleC.proj?

You can read here about the integration with MSBuild and our analysis.

I am not accustomed to your setup, so I’d need first to come up with a small reproducer project and see how the product behaves in your case (if you could write such a sample project, I’d highly appreciate it as it would help us speed the investigation).

During the analysis, the analysis config and metadata files are stored in the .sonarqube folder (in the folder where you run the analysis from).

In the .sonarqube\<NUMBER> folders there is metadata about each project (each project gets assigned a number by the Scanner for MSBuild/.NET - you can see the project name inside the ProjectInfo.xml file e.g. .sonarqube\0\ProjectInfo.xml for the first project). So the first question is : does each of your csproj projects have a corresponding folder there?

Then, inside each ProjectInfo.xml you will have under AnalysisSettings the sonar.cs.roslyn.reportFilePath which leads to the Roslyn issue report outputed by our analyzers in json files e.g. C:\PATH_TO_PROJECT\PROJECT\bin\Debug\net45\Project.dll.RoslynCA.json - for each project you’d need to have these files.

If something is missing , then it’s going to miss from SonarQube as well.