Scan .NET Core applications on Windows using VSTS

vsts

(Anthony Fiti) #1

I am using the VSTS/Azure DevOps tasks to scan our applications. I am able to successfully scan .NET Framework apps, but am unable to scan .NET Core applications. It looks to me like it is using the .NET framework scanner (not dot net core) and I get an error during the Run Code Analysis step.

Log:
[command]C:\agent_work_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\4.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
SonarScanner for MSBuild 4.5
Using the .NET Framework version of the Scanner for MSBuild
[…]
##[error]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.

Based on the documentation I’ve read so far it should be invoking the dotnet runtime and a DLL, but the logs indicate its running an exe and looking for the non-core version of .NET.

Config:
SQ 6.7.1 server, Scanner MSBuild 4.5.1 (I think?), VSTS build tasks
Running the scan on a Windows PC with .NET Core SDK 2.2 installed
Scanning the .csproj file for the web application


(Anthony Fiti) #2

The resolution was in the SQ documentation. Since we were scanning the .csproj file, we had to add a Project GUID to the .csproj file.