Prepare/Analyze@3 task monorepo path behavior change

SonarCloud scanning in Azure DevOps pipelines worked fine for monorepo using tasks V2.
After upgrade to V3 it was noted that each individual project scan result would also contain findings from other monorepo projects.
Is this a bug or am I missing a path filter that’s now required in V3?

  • ALM used (GitHub)
  • CI system used (Azure DevOps)
  • Scanner command
  - task: SonarCloudPrepare@3
    inputs:
      SonarCloud: 'XYZ'
      organization: 'XYZ'
      scannerMode: 'dotnet'
      projectKey: '${{ parameters.projectKey }}'
      projectName: '${{ parameters.projectName }}'
      extraProperties: |
        sonar.projectVersion=$(Build.BuildNumber)
        sonar.cs.vstest.reportsPaths=XYZ
        sonar.coverage.exclusions=XYZ
        sonar.cpd.exclusions=XYZ
        sonar.exclusions=XYZ
        sonar.plsql.file.suffixes=XYZ
        sonar.tsql.file.suffixes=XYZ

  -DotNetCoreCLI@2 (restore, buld publish)
   (...)

  - VSTest@2
   (...)

  - task: SonarCloudAnalyze@3
    displayName: 'Run Code Analysis'
    condition: succeededOrFailed()

  - task: SonarCloudPublish@3
    inputs:
      pollingTimeoutSec: '300'
    condition: succeededOrFailed()

  • Languages of the repository: C#, TSQL

Hi there, @plenartFKH, welcome to the community!

The v3 tasks target the latest version of the scanner for .NET (v9) which includes “multi language analysis”. This automatically discovers files in the repo that are not part of the project but that we can analyze. You can read more about it in the Scanner for .NET v8 announcement.

For monorepo, it is however not suitable and you should disable that behavior using the sonar.scanner.scanAll=false property.

Denis

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.