Questions about language and lines of code

I found the lines of code are so different when using different scanner tools to scan the same code base. please see the picture below. I need the result of C#, but if I choice the results of right side, some C++ and C lines will be missing. Why this is happening, could you please give me some hints?

Hi @Sundy , to analyse C# code you must use SonarScanner for .NET version 4.x or newer, as our documentation page says.

I guess you have a misconfiguration issue. Could you please check the documentation page i refer above (and related pages as well), check your configuration and tell if you can fix it?

If you still have problems, then we need more information about your configuration to try to help you (CI/CD configuration, scripts, any custom property and/or configuration at SonarCloud, etc).

Thanks for your reply! @Alexandre_Holzhey

I went through the document you mentioned, it seems the document is no up-to-date. I found the settings about C# of my sonarcloud project, not sure if this is right.

We’re using AzureDevops pipeline.
For the results which is excluded C#, the pipeline code is:

  • task: SonarCloudPrepare@1
    inputs:
    SonarCloud: ‘xxxxxxxxx’
    organization: ‘xxxxxxxxx’
    scannerMode: ‘CLI’
    configMode: ‘manual’
    cliProjectKey: ‘xxxxxxxxx’
    cliProjectName: ‘xxxxxxxxx’
    cliSources: ‘.’
  • task: CmdLine@2
    displayName: ‘Build and wrapper’
    inputs:
    script: ‘"%SONAR_DIRECTORY%/build-wrapper-win-x86/build-wrapper-win-x86-64.exe" --out-dir bw-output .\buildxxxxxxxxx.cmd’
  • task: SonarCloudAnalyze@1
    displayName: ‘Run Code Analysis on SonarCloud’

The other pipeline which is included C#, the code is here:

  • task: SonarCloudPrepare@1
    inputs:
    SonarCloud: ‘xxxxxxxxx’
    organization: ‘xxxxxxxxx’
    scannerMode: ‘MSBuild’
    ProjectKey: ‘xxxxxxxxx’
    ProjectName: ‘xxxxxxxxx’
    Sources: ‘.’
  • task: CmdLine@2
    displayName: ‘Build and wrapper’
    inputs:
    script: ‘"%SONAR_DIRECTORY%/build-wrapper-win-x86/build-wrapper-win-x86-64.exe" --out-dir bw-output .\buildxxxxxxxxx.cmd’
  • task: SonarCloudAnalyze@1
    displayName: ‘Run Code Analysis on SonarCloud’

To scan code include C#, the scannerMode in stage “SonarCloudPrepare” is changed from CLI to MSBuild. Is there any obvious problem in the pipeline code? Or could you please tell me how to set AzureDevOps pipeline to use SonarScanner for .NET version 4.x or newer?

Hey @Alexandre_Holzhey
Could you please look at this problem for us again? Please let me know if you need more details information.

Hi @Sundy

We have different scanners that serve different purposes.

If you want to analyze C/C++ core, you need to use the build-wrapper (which is not embedded into the Azure DevOps extension we provide, you should configure it manually)
If you want to analyse C# code, you’ll need to use the Scanner for .NET (with the “MSBuild” option on the extension prepare analysis task configuration)

While those 2 can also analyze other languages (HTML, CSS, PHP, 
) they are not inter-operable (or most likely), meaning that if you have a mix of C# and C/C++ in your solution, it’s better to split that into 2 different SonarCloud projects, and thus 2 different analyses.

HTH,
Mickaël

1 Like

Thank you for your reply!

So we’ve already tried 2 different SonarCloud projects and had 2 different analyses as following picture shows:
Still have 2 questions here, just wanted to make sure there was any room for improvement
Question 1: Since we need to set up 2 different SonarCloud projects, it takes us twice as long to build&scan the same code repo, is it possible to “merge” the 2 SonarCloud projects (or scan jobs) to save time?
Question 2: How to understand the code lines in two reports, for example, C++ 850K in report 1 and C++ 723K in report 2, it seems they have many overlapping parts. Is there any ways to merge the two reports? Or do we have to focus on both reports?

Unfortunately no, this is not currently possible.

I would think that maybe using the diverse exclusions settings we provide, it should be possible (and if it is possible on your side too, indeed), to have only C++ files analyzed in one project, so that everything goes to the same SonarCloud project, and the rest analyzed in the other projects/analysis. Would it make sense for you ?

1 Like