Scanner finding no MAIN code, despite MSBuild reporting MAIN code found

richard_nagle · November 8, 2022, 2:27pm

ALM used: Azure DevOps
CI system used: Azure DevOps
Scanner command used when applicable:

dotnet SonarScanner.MSBuild.dll begin /k:***** /o:*****
dotnet build ******.sln --configuration Release -p:Version=******* --verbosity=normal
dotnet SonarScanner.MSBuild.dll end

Languages of the repository: C#
Error observed

After running the build, very little analysis is found in sonarcloud and there is no code coverage. The following warning is displayed:

Your project contains only TEST-code for language C# and no MAIN-code for any language, so only TEST-code related results are imported. Many of our rules (e.g. vulnerabilities) are raised only on MAIN-code. Read more about how the SonarScanner for .NET detects test projects: Analysis of product projects vs. test projects · SonarSource/sonar-scanner-msbuild Wiki · GitHub

Digging in a little I can see that during the MS-Build stage the code is being categorised as MAIN correctly:

    18>SonarCategoriseProject:
         Sonar: (ClearCourse.ReportingApi.Common.csproj) Categorizing project as test or product code...
    18>SonarCategoriseProject:
         Sonar: (ClearCourse.ReportingApi.Common.csproj) categorized as MAIN project (production code).

But during the analyze phase it is saying it is neither MAIN or TEST:

Adding file type information (has MAIN 'false', has TEST 'false') for project 'ClearCourse.ReportingApi.Common' (project key 'ClearAccept_dataapi:ClearAccept_dataapi:C6D8B909-259C-4C1D-909E-FCF56B140EDC', base dir '/home/vsts/work/1/s/dataapi/ReportingApi/ClearCourse.ReportingApi.Common'). For debug info, see ProjectInfo.xml in '/home/vsts/work/1/.sonarqube/out/1'.

Steps to reproduce
On every build
Potential workaround
None found

Andrei_Epure · November 9, 2022, 3:42pm

Hello @richard_nagle , welcome to the community!

What version of the Scanner for .NET are you using? What version of MSBuild are you using?

The workaround is in the documentation in the log message:

<PropertyGroup>
  <!-- Project is not a test project -->
  <SonarQubeTestProject>false</SonarQubeTestProject>
</PropertyGroup>

If you add this to the project csproj file, it should take precedence over any other categorization logic the Scanner for .NET (S4NET) might do.

Did you read the Implicit project categorization section in the S4NET wiki page? Would any of those criteria apply?

Is it a Razor project (which might involve two compilation phases)? Can you share with us the verbose logs of MSBuild, or even better the binary logs (see instructions)?

richard_nagle · November 17, 2022, 3:03pm

Hi Andrei, thank-you for your reply and sorry it has taken me so long to get back to you.

I tried the suggested workaround but it made no difference. TBH I wasn’t surpised - the problem does not appear to be with the categorisation during the build. If you re-read my original post you’ll see that in the MSBuild log it is categorising the code successfully - I’ll repost here:

8>SonarCategoriseProject:
         Sonar: (ClearCourse.ReportingApi.Common.csproj) Categorizing project as test or product code...
    18>SonarCategoriseProject:
         Sonar: (ClearCourse.ReportingApi.Common.csproj) categorized as MAIN project (production code).

With the workaround, the categorisation is still (unsurpisingly) correct:

SonarCategoriseProject:
    Sonar: (ClearCourse.ReportingApi.Common.csproj) Categorizing project as test or product code...
    Sonar: (ClearCourse.ReportingApi.Common.csproj) SonarQubeTestProject has been set explicitly to false.
    Sonar: (ClearCourse.ReportingApi.Common.csproj) categorized as MAIN project (production code).

The issue comes when we run SonarScanner end - where it seems to incorrectly read the categorisation from the previous step:

Adding file type information (has MAIN 'false', has TEST 'false') for project 'ClearCourse.ReportingApi.Common' (project key 'ClearAccept_dataapi:ClearAccept_dataapi:C6D8B909-259C-4C1D-909E-FCF56B140EDC', base dir '/home/vsts/work/1/s/dataapi/ReportingApi/ClearCourse.ReportingApi.Common'). For debug info, see ProjectInfo.xml in '/home/vsts/work/1/.sonarqube/out/1'.

In answer to your remaining questions:

MSBuild version: 17.3.2+561848881 for .NET
Sonar scanner version: SonarScanner for MSBuild 5.8
Yes I read the implicit project categorisation, and no I don’t think any of it applies
No not a razor project
Regarding logs - is there some I can send the log privately? I work in a regulated industry and posting the logs on a public forum may be difficult.

Thanks for your continued attention to this
Richard

Andrei_Epure · November 17, 2022, 4:07pm

I sent you a private message.

richard_nagle · November 25, 2022, 4:11pm

Turns out there were analsis scope settings in the sonarcloud project UI which were preventing the projects from being analysed properly.

Many thanks to Andrei for pointing me in the right direction on this.

system · December 8, 2022, 2:33pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.