Sonar-scanner does not find bugs in C code

  • ALM used : GitHub
  • CI system used: github actions
  • Scanner command used when applicable (private details masked):
    sonar-scanner --define sonar.projectKey=balaji-nordic_unit-test-experiments
    –define sonar.organization=balaji-nordic
    –define“${{ env.SONAR_SERVER_URL }}”
    –define sonar.exclusions=“CMakeFiles
    –define“${{ env.BUILD_WRAPPER_OUT_DIR }}”
    –define sonar.cfamily.gcov.reportsPath=“gcov_reports_dir”
    –define sonar.cfamily.cache.enabled=false
    –define sonar.verbose=true
  • Languages of the repository: C
  • Project URL : GitHub - balaji-nordic/unit-test-experiments: Experiments with unit testing and mocking frameworks


I am testing out sonarcloud through github action. I introduced some errors in my implementation and expected sonarcloud to find those bugs (like dereferencing null pointers, unused return values etc). But sonarcloud still says ‘0 Bugs’. On deeper analysis using verbose logging, I notice that the .c files that I am concerned about are treated as txt files and the sensor for Text files scans them. The cFamily sensor just skips those. Perhaps I am misunderstanding the logs, But the end result is that none of my c code is analysed.
Here is the snapshot of the overview page of the PR.

And here is the PR where I am adding some bugs in the file named led.cTest code sonar code analysis feature by balaji-nordic · Pull Request #6 · balaji-nordic/unit-test-experiments · GitHub
The verbose log (including the dump of build_wrapper-dump.json file) is available here → Test code sonar code analysis feature · balaji-nordic/unit-test-experiments@90da0d8 · GitHub

Any pointers?

Hello @forkbeard :slight_smile:

Thank you for this detailed report! When looking inside the build-wrapper-dump.json, I cannot find any mention of the led.c file, which explains that it is skipped during analysis.

To understand why I would need access to another file generated by the build wrapper: build-wrapper.log. Could you please provide it too?

Thank you!

Hi Loic,

Thanks for the quick reply. Here is the build-wrapper.log

build-wrapper.log (4.0 KB)

Best Regards,

Hi @forkbeard

I think I may have an idea of your issue… In your script, you have the following line:

build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake . && cmake --build .

Which you intended to be interpreted that way:

build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} (cmake . && cmake --build .)

But which is in fact interpreted that way (according to the log you sent me):

(build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake .) && cmake --build .

So the build wrapper only monitors the cmake . command, not the real build… Since I don’t think anything interesting will come out of generating the project, I suggest you use the following instead:

cmake .
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }}  cmake --build .

Excellent. That was it. Thanks for the help. :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.