Scan repository containing .netcore & swift projects

Hello… am maintaining a .netcore command line tool project built with cake (http://Cakebuild.net.) It has been integrated with SonarQube using Cake.Sonar package.

Now I’m needing to add a native library project, that will be used by the .netcore project. The native library is written in ObjectiveC & Swift.

What is the right way to structure my project so that I can scan both c# and the native projects from my build script.

I’ve tried adding sonar-project.properties file in the repo root, with 2 modules - 1 for c# and one for native. But I get this error during build.

sonar-project.properties files are not understood by the SonarScanner for MSBuild. Remove those files from the following folders:

Appreciate any pointers.

Thanks!
Ameen.

Hi @ashah,

Welcome to the SonarSource community!

You should be able to scan all 3 language types in one project: build-wrapper for Objective-C, which runs the sonar-scanner (which can scan Swift) and SonarScanner for MSBuild for C#.

SonarScanner for MSBuild (now called SonarScanner for .NET) does not handle sonar-project.properties files. Regarding combination of Objective-C and C#, please read Solution with a Mix of C# and C++ (it says “C++” in the text but this is applicable to C/C++/Objective-C). Swift analysis can be performed by the SonarScanner for .NET.

For customizing your C# project with sonar-project analysis properties, you can add SonarQubeSetting nodes for each analysis property in the *.csproj file for your C# module:

  <ItemGroup>
    <SonarQubeSetting Include="sonar.exclusions">
      <Value>NotAnalyzedFile.cs,Libraries/**/*.*</Value>
    </SonarQubeSetting>
   </ItemGroup>

and also utilizing the SonarQube.Analysis.xml file that is inside the SonarScanner for MSBuild directory for broader scope. Pay attention to the overriding capabilities as shown in that file:

<?xml version="1.0" encoding="utf-8" ?>
<!--
  This file defines properties which would be understood by the SonarQube Scanner for MSBuild, if not overridden (see below)
  By default the SonarScanner.MSBuild.exe picks-up a file named SonarQube.Analysis.xml in the folder it
  is located (if it exists). It is possible to use another properties file by using the /s:filePath.xml flag

  The overriding strategy of property values is the following:
  - A project-specific property defined in the MSBuild *.*proj file (corresponding to a SonarQube module) can override:
  - A property defined in the command line (/d:propertyName=value) has which can override:
  - A property defined in the SonarQube.Analysis.xml configuration file [this file] which can override:
  - A property defined in the SonarQube User Interface at project level which can override:
  - A property defined in the SonarQube User Interface at global level which can't override anything.

  Note that the following properties cannot be set through an MSBuild project file or an SonarQube.Analysis.xml file:
  sonar.projectName, sonar.projectKey, sonar.projectVersion, sonar.organization
  The following flags need to be used to set their value: /n:[SonarQube Project Name] /k:[SonarQube Project Key] /v:[SonarQube Project Version] /o:[Sonar Project Organization]

-->
<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">

  <!--
  <Property Name="sonar.host.url">http://localhost:9000</Property>

  <Property Name="sonar.login"></Property>
  <Property Name="sonar.password"></Property>
  -->

  <!-- Required only for versions of SonarQube prior to 5.2 -->
  <!--
  <Property Name="sonar.jdbc.url">jdbc:jtds:sqlserver://mySqlServer/sonar;instance=SQLEXPRESS;SelectMethod=Cursor</Property>
  <Property Name="sonar.jdbc.username">sonar</Property>
  <Property Name="sonar.jdbc.password">sonar</Property>
  -->

</SonarQubeAnalysisProperties>

In summary, you have a complicated project and you might have to segregate Objective-C+Swift module from C# module if the Sonar analysis doesn’t work out cleanly (especially if you have to specify sonar-project.properties for Obj-C/Swift compared to the SonarQubeSetting nodes or the like for C#). This is OK, because with SonarQube 8.6, you can use SonarQube’s Application feature to synthetically combine the 2 projects, see our announcement here.

Joe

Thank you for the detailed response Joe, appreciate it.

I’m on SonarQube Enterprise 7.6, so couldn’t use the Application feature. Considering this alternate approach - separate out native libs (ObjC, Swift) into a new git repository, add the new repo as a git submodule reference into the C# netcore project and use Portfolio feature in the server to consolidate the reports in server.

Looks like that might just work. On a different note: any reason why not upgrade to SonarQube 8.6? 7.6 is very old and contains several security vulnerabilities.

Thats above my pay grade :slight_smile: Wishing you a Happy New Year!

1 Like