Not able to exclude sonar-project.properties files from VSTS pipeline

My build in VSTS pipeline is failing due to sonar-project.properties file. It says sonar-project.properties files are not understood by the SonarScanner for MSBuild. Remove those files from the following folders: D:\a\1\s<project folder>.

I tried excluding this file in prepare by providing sonar.exclusion=# sonar.exclusions=/*.bin,/*.properties in Advanced configuration but there is not option available to set for Run code analysis task. So I have added **/sonar-project.properties inside Sonar dashboard : Administration/Configuration/Analysis Phase/Source file exclusion. But still I’m getting same error.

Why even use a sonar-project.properties-file if I may ask?

You can specify project key, exclusions etc. in the pipeline task.

We already have repository created which has sonar-project.properties. I tried excluding it on sonar dashboard (Administration->Configuration->Analysis Scope) by putting **/sonar-project.properties or **/*.properties but it is still failing giving same error.

Also I’m getting below error:
##[error]The only way to get an accurate analysis of C/C++/Objective-C files is by using the SonarSource build-wrapper
##[error]and setting the property “sonar.cfamily.build-wrapper-output”, but it was not specified.

##[error]If you don’t want to analyze C/C++/Objective-C files, then prevent them from being analyzed by setting the following properties:

##[error]sonar.c.file.suffixes=-
sonar.c.file.suffixes=-
##[error]sonar.cpp.file.suffixes=-
sonar.cpp.file.suffixes=-
##[error]sonar.objc.file.suffixes=-
sonar.objc.file.suffixes=-

Where do I specify above lines. Can I specify in sonar.properties file (available inside sonarqube\Conf directory)

Hi,

sonar-project.properties file already in the source code is not compatible with the Scanner for MSBuild. The reason is that the scanner generates itself a file, with all sources reference, to be able to be analyzed by the underlying base scanner.

What i suggest is to either gitignore this file (so it won’t be checked out and then not taken by the Scanner), or delete it, and configure everything you want in the “additional properties” field on the Prepare analysis Configuration task on Azure DevOps.

Thank you.

Mickaël

How do I ignore it within VSTS prepare/code analysis task.

Did you try by adding it in the .gitignore ? Do you need this file for other kind of analysis in the repository ?

Could you please share sample code for .gitignore. Is this created automatically?

Man, it’s really not that hard to google this stuff:

In your case just add sonar-project.properties to the .gitignore.

PS: Do you even use Git or TFVS?

I’m using VSTS. Do I need to add .gitignore file in my project file. Is it fine to avoid adding it. Can’t I ignore everything specifying in my VSTS tasks.

I’m not talking about your buildserver (VSTS), I’m talking about your version control system (= Git/TFVS).

Just commit a .gitignore (or .tfignore in the case of TFVS) file to your repository. The content of this file should be:

${path to sonar-project.properties}/sonar-project.properties

${other files or folders you want to ignore}

Or you just delete the sonar-project.properties file as @mickaelcaro already mentioned…

Can’t we exclude it at SonarQube UI or Prepare Analysis on SonarQube task on VSTS pipeline?

The problem is, for this particular file, if we just exclude it, then we won’t be able to overwrite it (or at least we could face some permissions issue), that’s the reason why we fail fast in the Scanner if any file with that name was found on the file system.

I have removed this file. Now issue I’m getting is below(screenshot1). I tried ignoring it using .gitignore by mentioning /.sonarqube//* but still I don’t able to see result(zero results for bugs, code smells) on dashboard(screenshot2)

image.png1387×770 53.2 KB

image.png1810×794 89.6 KB

Hi,

Do you clean the whole build folder after each build ? Or is that a Microsoft-hosted agent ?

The .sonarqube folder is generated (or filled) upon analyses, so adding it to gitignore or exclude it from the analysis won’t have any effect.

Hi Mickael,

One thing is sure that sonar.exclusions is not working at all be it at UI level or at CI/CD pipeline. Do you know any other alternatives to exclude.