.NET Core: Forcing a Project to be Scanning

I’m working through an issue regarding SonarCloud automatically skipping .NET 5 projects that it interprets as “Test” projects.

In my case the following are true of the project:

• It does not contain “Test” in the title
• It does not directly contain any testing Nuget Packages
• The project does not meet any of the criteria listed within the Implicit Project Categorization documentation

We have tried:

1. Adding <SonarQubeTestProject>false</SonarQubeTestProject> to the project file that we wish to include in the scan.
2. Setting /d:sonar.dotnet.excludeTestProjects=false when performing the scan.

Neither of the attempts worked, unfortunately. Is there any other way to force SonarCloud to scan a project?

Edit: updated to show the XML.

hello

To explicitly mark a project as not being test for the S4NET you need to use the SonarQubeTestProject MSBuild property:

<PropertyGroup>
  <SonarQubeTestProject>false</SonarQubeTestProject>
</PropertyGroup>

What version of the Sonar Scanner for .NET are you using? Please update to the latest.

Could you please share the verbose logs with us, both for analysis commands (instructions) and for msbuild (/v:d)?

Since 5.2.0 it doesn’t look at the project name anymore.

Hi Andrei,

I corrected my original post to include the <SonarQubeTestProject>true</SonarQubeTestProject> xml.

Unfortunately, that method didn’t work either.

Here’s the information you requested:

• SonarScanner for MSBuild 5.4
• Logs attached

Thanks for your help,
Max

You haven’t attached the logs…

Do you happen to have a minimal reproducer project?

Hi @Andrei_Epure,

My apologies, not sure why it didn’t go through the first time. You can find the logs attached now.

I do not have a minimal reproducer project at the moment. I can put one together if needed.

6_Run Code Analysis.txt (105.2 KB)

Thanks. The project is marked as MAIN

2022-01-21T15:12:32.4386976Z 15:12:30.696 DEBUG: Adding file type information (has MAIN ‘true’, has TEST ‘false’) for project ‘REDACTED.REDACTED.Api’ (project key ‘REDACTED:REDACTED:’, base dir ‘D:\a\1\s\Api’). For debug info, see ProjectInfo.xml in ‘D:\a\1.sonarqube\out\0’.

Line 811: 2022-01-21T15:12:32.5792947Z 15:12:32.576 INFO: Found 1 MSBuild C# project: 1 MAIN project.

Could you please share the verbose msbuild logs?

Hi Andrei,

Sure thing, here are the build logs:
5_dotnet build.txt (6.8 KB)

I see the warnings raised by our analyzer (S1135, S125, S1939, S4487, S4586). I don’t understand what is not working.

Could you please share the logs of the END step?

Step 6 is the last step, aside from the default agent cleanup tasks.

To help elaborate. What we’re seeing is:

On the “My Projects” page, the summary says the main branch is empty:

image1097×170 4.33 KB

However, we know this to be false. Because when we navigate into the project it shows the scan results and we can view the code in the “Code” tab.

Sorry, I forgot you previously shared it here:

I see the log:

2022-01-21T15:12:34.8228489Z 15:12:34.728 INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=REDACTED&branch=devops%2Fsonar&resolved=false

Did you analyze the main branch at all? Because this analysis is for the devops branch (see URL param).

Maybe this answer can help:

Thanks for following up.

I have scanned the main branch (master in our case as well), here are the logs:
24.txt (74.1 KB)

Based on the link you posted, it seems like it may be the order of operations we took. Here’s a summary:

1. We scanned devops/sonar first.
2. We then switched the main branch to master
3. We reran the scan against master

I do see that master has results when I navigate into the project, but not on the projects list:

Within Project (Correct)

image1909×499 30.2 KB

image1897×740 45.3 KB

On Projects List (Incorrect)

image1099×174 4.49 KB

Hello @Max_Kroll ,

I was able to reproduce the issue you were having regarding main branch summary not showing on the overall project dashboard. I’ve referred your issue to our SonarCloud dev team and I hope we provide you a reply soon.

Hi @Joe,

We’re running into this issue more and more frequently.

I wanted to see if there is any movement on this defect?

Thanks,
Max

Hi @Max_Kroll ,

Thanks for the ping. Let me check and I’ll update you with the status.

Hi @Joe

Any word from the team?

Hey @Max_Kroll

The projects overview is displaying “The main branch of this project is empty.” because there are 0 Lines of Code being reported for your product. This is evident from the screenshot you shared earlier.

(Note that in SonarQube with SONAR-12678 with chose to use lines instead of ncloc as the determining factor for whether a project is empty or not, but let’s leave that to the side for now as it is not the root cause of your issue).

0 Lines of Code are being reported on your project because all the lines in your project are considered Test Code (which don’t count towards the Lines of Code metric, which only considers source/product code).

2022-01-27T16:15:41.3491943Z WARN: SonarScanner for .NET detected only TEST files and no MAIN files for C# in the current solution. Only TEST-code related results will be imported to your SonarQube/SonarCloud project. Many of our rules (e.g. vulnerabilities) are raised only on MAIN-code. Read more about how the SonarScanner for .NET detects test projects: Analysis of product projects vs. test projects · SonarSource/sonar-scanner-msbuild Wiki · GitHub

So we’re right back to the initial problem from your first post. What’s old is new.

Something I do not think we have looked at yet is the logging that’s available to describe why a project has been categorized a certain way.

I would suggest focusing on these logs (dotnet build -v:n) as described in the documentation)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.