SonarAnalysis not failing in the task level (ADO), but failed in the projects (Sonar UI)

Akshay_Kumar · May 29, 2024, 7:40am

Language used - C# , Typescript, html

Details about sonar server we are using,

Developer Edition, Version 9.2.4 (build 50792)
SonarQube is deployed in a azure VM (IIS server)

We have recently our SonarQube task version to 5 in our Azure DevOps, since then most of our API’s aren’t failing in the sonar analysis task, but show ‘failed’ state in the project level, if that is a real issue it should get in the sonar task only.

Issue 1: why aren’t the issues reported in the sonar analysis task itself?
showing incorrect results in the task or in the project I guess. This is quite interesting, I haven’t faced this anywhere before. what might be the cause?

Issue 2: Also, we are getting code smell in the test files as “Add at least one assertion to this test case”

I had a chance to look similar topics on this, which is FP or FN. I don’t really understand why this started occurring all of a sudden (I’m from DevOps background)

Drop a comment, if anyone had faced this before or any ideas.

Thanks in advance.

Colin · May 29, 2024, 7:47am

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:

9.2.4 → 9.9.4 → 10.5.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.

Akshay_Kumar · May 29, 2024, 8:48am

Sorry about that, I have mentioned the wrong version.
We are using the LTA version, 9.9.1 (upgraded a year back)

Could you please help out on this issues mentioned

Hereby attached the images FYR.
Sonaranalysis have passed in the pipeline, but the quality gate show failed state (in Sonar UI as well)

Colin · May 29, 2024, 12:37pm

If you want the pipeline to fail based on the quality gate, you’ll need to add sonar.qualitygate.wait=true to your pipeline.

Akshay_Kumar · May 29, 2024, 3:15pm

Thanks much for the reply. let me try that.
But, in our case the issue it little bit different as I mentioned in the topic description

sonaranalysis task doesn’t report any error during analysis, it is succeeded (with warnings). we use sonarqubeanalyse@5
reference: attached image

But when I check the same project in the sonar UI, it shows as failed state (with major issues where it is reported as warning in the pipeline task)
reference: attached image

Here I get stuck, where will be the actual problem (is it in the pipeline task or project config)

[QUICK NOTE: recently, we have migrated to the new Azure DevOps organization. expect project name, everything stays the same]

Colin · June 3, 2024, 11:48am

Hey there.

I think there’s just a little misunderstanding here of how the analysis works.

The SonarScanner for .NET attaches Sonar roslyn analyzers to the build, which will raise warnings during the build because that’s… how they work. They are the issues that are ultimately put into a report and sent off to SonarQube. You shouldn’t expect them to fail your build.

SonarQube will then report on those issues (and assign a severity based on your Quality Profile) that and compute a Quality Gate. You can choose to have this fail your build by using the sonar.qualitygate.wait analysis parameter, but it’s not required.