Is there any way to run a complete analysis of .NET without building the solution? We’re trying to run a security scan and due to client constraints, we are unable to compile the code.
Hi,
Welcome to the community!
Sorry, but there’s really not. SonarCloud just introduced autoscan for Java (i.e., analysis without compile), but there are necessarily tradeoffs, & we can’t run the taint analysis rules without that compile.
On the .NET side (and the C, C++ side as it happens), we eavesdrop on the compile to gather the data we need to run the analysis correctly. So there’s just no analysis without compile for those languages.
Ann
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.