Description:
My company uses the maven sonar plugin in coordination with a ci/cd process of adjusting the code repository that is being scanned by creating a pom file for each module of each language that compromises the repository and then doing a sonar scan as a java project.
This allowed us to do scans for projects that combined java, typescript, python and go and we used this technique as a template upon the majority of our pipelines are being dependent.
We would like to include c# as a scanned language in the same scanner, but no actual line of c# code appears in the scan results, even though the scan sensors do get activated:
[INFO] Sensor C# [csharp]
[WARNING] Your project contains C# files which cannot be analyzed with the scanner you are using. To analyze C# or VB.NET, you must use the SonarScanner for .NET 5.x or higher, see https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html
[INFO] Sensor C# [csharp] (done) | time=0ms
[INFO] Sensor Analysis Warnings import [csharp]
[INFO] Sensor Analysis Warnings import [csharp] (done) | time=1ms
[INFO] Sensor C# File Caching Sensor [csharp]
How to achieve a multi-language scan to include c# files using the maven plugin?
The one repository I am using for testing of my changes doesn’t use java. As mentioned the sonnar task needs to be extensible to a greater amount of code repositories from our company as it is used in common pipeline templates.
To confirm, is there no sonar solution that is able to scan and analyze a code repository that contains a multitude of languages, one of them being c#?
Could you give an explanation as to why for projects containing java, typescript, python and go the above solution explained worked.
I’m afraid you’re going to find yourself ill-served by one, single analysis pipeline for every single project.
While all of the scanners cover multiple languages, if you’re analyzing C#, you must use the Scanner for .NET. Why? Because SonarScanner for .NET integrates into the build. For C#, the rules run during the compile. None of the other scanners are equipped to do that.
Just like if you’re analyzing Java, you would naturally use the Scanner for Maven or the Scanner for Gradle. And if you’re analyzing a predominantly JS/TS project, you probably want SonarScanner for NPM. Although, to be clear, for these languages using the dedicated scanner is a convenience rather than a requirement.
This one I think I’ve covered. For the other languages, as I said, all the scanners are multi-language, and using the dedicated scanners provide convenience in a lower configuration requirement, but their use is not required. So even if you don’t use the SonarScanner for Python (Beta) you can still analyze Python.