Hi,
We have a large .NET Core 8 solution that contains different projects:
- User Frontend built as MVC .NET Core Web Application
- Backend WebApi
- Several partially shared components
At the moment our pipelines has several steps:
- building & testing the entire solution (*.sln) and analyzing the code as one project with SonarQube
- build the Backend project
- build the Frontend project
if the first step fails (i.e. failing unit tests or failing the SonarQube quality gate), the second and the third will not run.
But as the solution is growing and more output projects are being generated, we want to create the projects in a parallel process.
I found out that, that there is the possibility of a “meta project” with SonarQube:
But somehow this doesn’t really help or maybe I didn’t understand it.
Because if I build just a part of the Solution with (i.e. Backend.csproj), it won’t run all unit tests so the code coverage will drop to a low number.
As soon as I build the second part, let’s say Frontend.csproj the projects we will have the same issue with the coverage file. I guess it cannot “merge” the “.coverage”? With the solution file, we currently have 100% Code Coverage, but not anymore with project outputs.
What about an issue in a shared component? I guess it will shown in project “Frontend” and project “Backend” - how will the Application meta project containing Frontend and Backend? Will it “know” that it is the same issue or will it simple show it twice?
How about the License? Will the code of the shared component will count twice or even more, when it is scanned by different projects although they are combined with an “Application”?
I could also use exclusions for the LoC license problem, but then the security scan might not work properly (Example: There is a security issue in the shared component that is referenced by Frontend and Backend. I could scan the shared component with the Backend part, where it is not an issue. When scanning the Frontend project, I’d exclude the shared component as it has already been scanned. But the issue is a combination of Frontend and the shared component)
What would you recommend doing?
Version Information
- SonarQube 10.7 Enterprise (zib deployment, on Premise)
- Scanner 5.20.1
- AzureDevOps 2022