Python project is not processed in run code analysis step

StephenLarkin · November 11, 2019, 12:04pm

We have a python project included in our sln file that is not being analysed by the scanner.

It is located in the same directory as all of our other code, and is not excluded by any match patterns.

I’m not sure what information we can provide in order to debug this, as the project or any references aren’t showing up in our logs either.

Tooling

Run code analysis task version: 1.9.0
Azure DevOps
SonarCloud

mickaelcaro · November 18, 2019, 7:21am

Hi @StephenLarkin ,

Our MSBuild scanner shall detect only .NET related project and source files, you’d probably analyze your Python code separately with the Scanner CLI directly.

Mickaël

StephenLarkin · November 18, 2019, 5:03pm

How do we enable this when we can’t run multiple sonarcloud scans without the comments being overridden? Is it possible to run another scan task in the same build definition?

mickaelcaro · November 19, 2019, 7:10am

You’ll definitely need two SonarCloud projects for the moment in order to do that. And starting from there, either add Two more Prepare analysis / Run Code analysis enclosing the “compilation” of the Python project, sending the result on the second SC project, or compile / analyze it on a separate pipeline.

Mickaël

duncanp · November 19, 2019, 10:17am

@StephenLarkin, are you using the Microsoft Python tooling that comes with Visual Studio? If so, which version, and are those Python build tools installed on the build agent?

We hadn’t previously tried using the SonarScanner for MSBuild with Python projects, but we’ve done some local tests with a very simple Python .pyproj MSBuild project and the scanner does in fact seem to correctly process the project and pass the files to be analysed to the scanner-cli, with issues appearing in SonarQube.

StephenLarkin · November 19, 2019, 1:02pm

That is correct. We had a .pyproj file that was being run through an msbuild step, separate from the C# msbuild step we were running as well. This wasn’t being picked up in any analysis for the months that it was included. We have recently removed the dependency of msbuild in our python analysis and deployment.

Is there a way that we can configure out current project to include the python files without creating a separate project? It doesn’t make sense to me, as it’s all part of the same code base in the same repo, if we have to create a new project just to add a different set of files in.

duncanp · November 20, 2019, 8:51am

If you are no longer using .pyproj projects, the simplest way to include the files in your current SonarCloud project would be to add the following snippet to one of the C# MSBuild projects in the solution to reference the Python files:

<ItemGroup>
  <SonarQubeAnalysisFiles Include="[Path to python files]\**\*.py">
    <Visible>false</Visible>
  </SonarQubeAnalysisFiles>
</ItemGroup>

StephenLarkin · November 26, 2019, 1:39pm

Thanks, we’ve now implemented that and it is showing as expected in our scans.