MS DevOps selecting just 1 project

SonarQube for IDE Visual Studio
1

Please provide

  • Operating system: Windows 11
  • Visual Studio version: 17.14.12
  • SonarQube for Visual Studio plugin version:
  • Programming language you’re coding in: c#
  • Is connected mode used: SonarQube Cloud
    • SonarQube Cloud, SonarQube Server, or SonarQube Community Build? (if one of the latter two, which version?):

And a thorough description of the problem / question: As instructions given by sonar, I have connected the DevOps branch to Sonar, I am giving the commands to build a single project, I have 20 projects, but i am inside the API project and giving the BUILD command, its builds the project without any problem. At the last Sonar END command, it starts collecting data, and it scans all my other projects also, Is there a way to just do 1 project? API project only?

2

Hi,

Welcome to the community!

I’m a bit confused. SonarQube for Visual Studio is intended to analyze the files you’re working on as you work on them. It’s not intended to analyze whole projects (or solutions).

On the other side, if you want full-project analysis, well, you’re still out of luck. You can use the SonarScanner for .NET in your CI/CD pipeline to analyze your solution against/into SonarQube Cloud or SonarQube on-prem. But you’re not going to be able to analyze a single C# project in isolation because C# analysis runs as part of the build.

Does that help?

 
Ann

3

I am using SonarCloud, doing the local command line build with sonara gent running. I am only building 1 project with its dependencies, but at the end of it, its analyzing data for other projects also.

4

Hi,

You need to integrate this into your CI rather than running it locally.

And again, you’re not going to be able to analyze just one project out of a solution.

 
HTH,
Ann

5

I have a different perspective than @ganncamp on this topic. When working with a .NET solution containing multiple projects, such as:

MySolution/
├── MySolution.sln
├── Project1/
│   ├── Program.cs
│   └── Project1.csproj
└── Project2/
   ├── Class1.cs
   └── Project2.csproj

If you only run:

dotnet sonarscanner begin /k:"dotnet" /d:sonar.host.url="http://localhost:9000"  /d:sonar.token="TOKEN"
dotnet build Project1/Project1.csproj
dotnet sonarscanner end /d:sonar.token="TOKEN"

This setup will analyze only Project1 because you’re building just its project file. Even though both projects are part of a single solution, Project2 won’t be included in the analysis unless you explicitly build it or have Project1 reference Project2.

Once you add a reference from Project1 to Project2 using:

dotnet add Project1/Project1.csproj reference Project2/Project2.csproj

Project2 will be built as a dependency, and its code will be included in the build and thus in the analysis. This is why you only get Project1 analyzed until you create the dependency.

@Dileepa_Wijay, are you perhaps using a different approach or build command that leads to both projects being analyzed without the added reference?

In any case, you can narrow the focus later after everything has been built, if you want to tidy up what goes in the SQ dashboard.

1 Like
6

thanks for the response. This is exactly what i was doing, I was building only Project1, and Project1 has no reference to Project2.

But after issuing the command dotnet sonarscanner end /d:sonar.token=“TOKEN” I see its processing files from the Projecr2 also.

7

It should only do that if the other project is being built during dotnet build. Read the logs and see if that’s happening.

8

nope only the Project1 project and couple of its references are built. Project2 is not built