We are using the dotnet sonarscanner for our project. Our project is broken up into a C# backend and an Angular frontend. We have included the Angular folder in the csproj file to include the files at build time. The SonarScanner picks up all the files as well as the ESLint output for the scan. However SonarCloud does not show any .js or .ts files shown for our project.
First question: which version of the scanner are you using? It has to be at least 8.0.0 for these files to be analyzed (and ideally it should be the latest, 9.0.2 as we corrected a lot of issues since then).
If you are indeed using a compatible version, could you share a bit more about your issue?
A pointer to your repo if it is public, or a high level overview of your repo hierarchy
the (redacted) content of your pipeline
redacted logs of the begin and end step generated with /d:sonar.verbose=true
Well to address this I do want to start out by saying we were using 6.1.0 (Had not noticed until you asked). This has been fixed and we are now on 9.0.2!
Since running that version some things have picked up but we are still experiencing a lot of files missing but showing up in the scan report in our pipeline.
For our repo hierarchy we have a C# backend and Angular Frontend. the backend picks up correctly but the front end is the issue.
As you can see in this screenshot we have lots of files (src has over 2500 files in it)
Which is no where near what it should be picking up.
for the pipeline commands we are running the following:
jobs:
sonarqube-scan:
runs-on: ubuntu-latest-16-cores
steps:
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '17'
- name: Setup .NET Core SDK
uses: actions/setup-dotnet@v3
- uses: actions/setup-node@v3
with:
node-version: 22.0.0
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install SonarCloud scanner
run: |
dotnet tool update dotnet-sonarscanner --tool-path ./.sonar/scanner
- name: Cache SonarQube cache # Caches various cache locations used by the SonarQube scanner.
id: cache-sonar-cache
uses: actions/cache@v3
with:
path: |
/home/runner/.sonar/cache
key: ${{ runner.os }}-sonar-cache
- name: Cache SonarQube Build node_modules # Caches the node_modules generated by dotnet build performed as part of the SonarQube scan.
id: cache-sonar-node-modules
uses: actions/cache@v3
with:
path: |
Atlas.Angular/node_modules/
key: ${{ runner.os }}-sonar-node-modules
- name: Run ESLint
run: |
cd ./Atlas.Angular
rm -rf node_modules/
yarn cache clean
yarn
yarn add eslint
yarn add eslint-plugin-only-warn
yarn run eslint -f json -o /home/runner/eslint-results.json
cd ../
- name: Sonarqube scan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# cli parameters used when scanning a branch push.
BRANCH_OPTS: /d:sonar.branch.name=${{ github.ref_name }}
run: |
./.sonar/scanner/dotnet-sonarscanner begin /k:"RegScale_regscale" /o:"regscale" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" \
${{ github.event_name != 'pull_request' && env.BRANCH_OPTS || '' }} \
/d:sonar.javascript.node.maxspace=8192 \
/d:sonar.scanner.scanAll=true \
/d:sonar.javascript.detectBundles=false \
/d:sonar.eslint.reportPaths=/home/runner/eslint-results.json \
/d:sonar.typescript.tsconfigPaths=./Atlas.Angular/tsconfig.json \
# Dotnet build
dotnet build ./atlas/Atlas.csproj # path is important
# Sonar end
./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" | tee /home/runner/sonar-scan-output.txt
task_url=$(grep "More about the report processing at" /home/runner/sonar-scan-output.txt | awk '{print $NF}')
# Add the sonar API authentication token to the url.
echo task_url=${task_url/sonarcloud.io/${{ secrets.SONAR_TOKEN }}@sonarcloud.io} >> "$GITHUB_ENV"
- name: Wait for analysis to complete
run: | # This step checks the sonarcloud API to see if the server-side analysis is complete. It retries the request up to 20 times to provide ample time for the analysis to be performed. This guarantees that any steps which depend on this step can safely assume that the server-side analysis is complete.
echo Checking task status at API url: ${{ env.task_url }}
for i in {1..20}; do
curl -m 10 -s "${{ env.task_url }}" | grep '"status":"SUCCESS"' && break || echo "Waiting for analysis to complete..."; sleep 10;
done
during the pipeline run you can see it includes the quality profiles
Would you mind sharing the complete layout of the repo and re-running this with the proper flag: /d:sonar.verbose=true (you forgot the r in verbose it seems).
The Atlas.Entities folder are excluded and the the test folders are not included I believe. The atlas/Atlas.csproj is what is being run in the MSBuild wehich pull sin everythign else.
Here is the correct sonar run with the verbose: sonarscan.zip (3.5 MB)
Looking at the logs I can see a lot of issues being raised in files in the Atlas.Angular/src/services/ directory.
Do you see them in SonarQube Cloud?
What is strange is that we only see 22lines counted in the Atlas.Angular directory in your screenshot, which strikes me as… low, as you yourself put it.
Could you share a screenshot of the list in SonarQube Cloud for the Atlas.Angular/src/services/ directory?