Sonar lint says file analysed but found 0 issues

SonarLint Visual Studio
1

Please provide

  • Operating system: Windows 11
  • SonarLint plugin version: 6.12.0.59751
  • Programming language you’re coding in: c#
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): Yes, * Community Edition
  • Version 9.9 (build 65466)

And a thorough description of the problem / question:

I am just learning about your tools. I have the * Community Edition * Version 9.9 (build 65466) of Sonar Qube running in a docker image.

I installed the VS2022 plugin for SonarLint and it seems to be working. I connected to the SonarQube without error from within Visual Studio. And it reports this

I created a new asp.net MVC Core web application and modified program.cs to include the following problematic code.

public static void Main(string[] args)
        {
            string password = "chris";
            string x = getS(); // returns null
            int yourInt = x.Length;
            string xx = password.Substring(100);

When I save this code I see this in the SonarLint window

[SecretsAnalyzer] Analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs
[SecretsAnalyzer] Finished analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs, analysis time: 0.001s
[SecretsAnalyzer] Found 0 issue(s) for C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs

When I close the solution and re-open it I see this

Loading notifications settings...
Suppressions have been updated. Open documents will be re-analysed.
Connected: checking for notifications
[Taint] Unable to fetch taint vulnerabilities: a connection to the server is not yet established.
Connecting to 'http://192.168.3.2:9000/'.
Starting job: "re-analyzing 0 document(s)...". Time: 5:07:14 am
Finished job "re-analyzing 0 document(s)..." started at 5:07:14 am. Elapsed time: 193ms
[SecretsAnalyzer] Analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs
[SecretsAnalyzer] Finished analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs, analysis time: 0.001s
[SecretsAnalyzer] Found 0 issue(s) for C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs
Connecting to SonarQube server: http://192.168.3.2:9000/
Connecting to SonarQube server: Validating credentials
Connecting to 'http://192.168.3.2:9000/'.
Connected to SonarQube '9.9.0.65466'.
Connected to SonarQube '9.9.0.65466'.
Connecting to SonarQube server: Detecting server plugins
   Discovered a supported plugin: Plugin: 'SonarC#', Language(s): 'C#', Installed version: '8.51.0', Minimum version: '5.0'
   Discovered a supported plugin: Plugin: 'SonarVB', Language(s): 'VB.NET', Installed version: '8.51.0', Minimum version: '3.0'
   Discovered a supported plugin: Plugin: 'SonarJS', Language(s): 'JavaScript, TypeScript', Installed version: '9.13.0', Minimum version: '8.6'
Connecting to SonarQube server: Retrieving projects
Checking for unbound projects.
Suppressions have been updated. Open documents will be re-analysed.
Checking for suppressions...
Starting job: "re-analyzing 1 document(s)...". Time: 5:07:15 am
Finished job "re-analyzing 1 document(s)..." started at 5:07:15 am. Elapsed time: 1ms
Checking for suppressions...
[ConnectedMode/BranchMapping] Matching Sonar server branch: main
[ConnectedMode/BranchMapping] Matching Sonar server branch: main
[ConnectedMode/BranchMapping] Closest Sonar server branch: main
[ConnectedMode/BranchMapping] Matching Sonar server branch: main
Connecting to SonarQube server: Succeeded
[ConnectedMode/BranchMapping] Closest Sonar server branch: main
Connecting to SonarQube server: Downloading server settings.
[SecretsAnalyzer] Analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs
[ConnectedMode/BranchMapping] Closest Sonar server branch: main
[SecretsAnalyzer] Finished analyzing C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs, analysis time: 0.001s
[SecretsAnalyzer] Found 0 issue(s) for C:\Projects\Chris\WebApplication1\WebApplication1\Program.cs
No unbound projects were found.
Number of suppressions found: 0
Number of suppressions found: 0
[Taint] Fetched 0 taint vulnerabilities.
Checking if SonarQube Quality profile has changed.
Quality Profile is up-to-date.

If I run the following commands

dotnet sonarscanner begin /k:"WebApplication1" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="TOKEN"
dotnet build
dotnet sonarscanner end /d:sonar.login="TOKEN"

I see these warnings below when it completes…

I assume I should see something similar in SonarLint?

image
image986×423 24.8 KB

Any ideas - have I missed a step.

2

Hi @ccrowe - welcome to the community.

The [SecretsAnalyzer] prefix in the output window is referring to this set of language-agnostic rules that look for cloud secrets.

The fifth issue in your screenshot is a CSS rule. We don’t currently run CSS analysis in Visual Studio (although it is on the roadmap for this year), so you won’t see that issue in the IDE.

The first three issues are raised by the SonarC# analyzer. The fourth issue in the image has the tag ROSLYN next to the title. That indicates the issue was generated by a non-Sonar analyzer, possibly one of the default Microsoft ones. You should expect to see that issue and the first three in the IDE.

The SonarC# analyzer is Roslyn-based analyzer, so Visual Studio decides when it runs and on whic files. If you don’t see those first four issues reported in VS, check that you have configured VS to run live code analysis as per the MS docs.

3

Hi Duncan

Thanks for your reply.

I will check out the docs a bit more so I understand everything.

I see messages in the ErrorList panel from SonarLint.

Cheers

Chris