Scanner ignores Javascript files in C# project

Hi, I’m using dotnet sonarscanner to analyse a repository which contains multiple projects.
At least one project has both C# and Javascript code. Only the C# code is being picked up by sonarscanner.
This is despite all of the code being referenced in the .csproj.

Could you please help me get the javascript code analysed on top of the C# code?

  • ALM used: GitHub

  • CI system used : GitHub Actions

  • Scanner command used when applicable:
    dotnet sonarscanner begin /k:"REDACTED" /d:sonar.host.url=https://sonarcloud.io /d:sonar.login="REDACTED" /o:"REDACTED"
    .\Build.cmd
    dotnet sonarscanner end /d:sonar.login="REDACTED"

  • Languages of the repository: C# and Javascript

  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)

.csproj of project includes javascript files:
<Content Include="Scripts\dist\app.all.js" />

Output of dotnet sonarscanner end:
2020-05-12T10:29:46.8178016Z INFO: ------------- Run sensors on module REDACTED
2020-05-12T10:29:46.8654530Z INFO: Sensor SonarCSS Metrics [cssfamily]
2020-05-12T10:29:46.9409173Z INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=63ms
2020-05-12T10:29:46.9410745Z INFO: Sensor SonarCSS Rules [cssfamily]
2020-05-12T10:29:46.9411390Z INFO: 134 source files to be analyzed
2020-05-12T10:29:49.2650205Z INFO: 134/134 source files have been analyzed
2020-05-12T10:29:49.2651380Z INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=2301ms
2020-05-12T10:29:49.2652401Z INFO: Sensor C# Properties [csharp]
2020-05-12T10:29:49.2652807Z INFO: Sensor C# Properties [csharp] (done) | time=0ms
2020-05-12T10:29:49.2653153Z INFO: Sensor JavaXmlSensor [java]
2020-05-12T10:29:49.2653511Z INFO: Sensor JavaXmlSensor [java] (done) | time=0ms
2020-05-12T10:29:49.2653839Z INFO: Sensor HTML [web]
2020-05-12T10:29:50.1518613Z INFO: Sensor HTML [web] (done) | time=728ms
2020-05-12T10:29:50.2193670Z INFO: Sensor JaCoCo XML Report Importer [jacoco]
2020-05-12T10:29:50.4090359Z INFO: ‘sonar.coverage.jacoco.xmlReportPaths’ is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2020-05-12T10:29:50.4211679Z INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2020-05-12T10:29:50.8326993Z INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=0ms
2020-05-12T10:29:50.8463280Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
2020-05-12T10:29:50.8468551Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=16ms

The code page on SonarCloud shows the Scripts folder is missing
image

Hi @Vincent-FundApps

Yes this is a know aspect of the Scanner for MSBuild : it can only analyse the dotnet code.

On way to achieve what to want is to do a second analysis for your JS code only. Be careful though : you will have to create another SonarCloud project for that, otherwise the latter analysis will overwrite everything.

HTH,
Mickaël

2 Likes

Thanks @mickaelcaro. I wish I had come to you earlier.

It’s probably worth mentioning this in the sonarscanner MSBuild documentation: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/

Hi @Vincent-FundApps. We’ve had a discussion internally about the expected behaviour and we’d like to revise our previous answer.

The SonarScanner for MSBuild can analyse non-C#/VB files if those files are referenced in the MSBuild project. More specifically, any files using one of the ItemTypes in this list should be analysed automatically. If the ItemType you are using isn’t in the list, you can add it as described here.

Now, as to why your .js files are not being analysed:

Content is included in the list of ItemTypes that should be analysed. However, Scripts\dist\app.all.js doesn’t include any of the wildcards that are used by MSBuild, so it refers to a single file.
As an example, an expression like Scripts\dist\*.js would include all .js files in the dist folder.
An expression like Scripts\**\*.js would include all .js files in all folders under Scripts.

You can check which files the scanner thinks should be analysed by looking in the file .sonarqube\out\sonar-project.properties after MSBuild has finished.

FYI we’ve created a ticket to update the scanner documentation: Log in with Atlassian account.

Apologies for any inconvenience caused.

1 Like