SonarCloud Analysis skips React.js project in AzureDevOps-Pipeline (.NET/ React.js)

sonarcloud
(Wittmann J) #1

Dear SonarSource-community,

I have included SonarCloud-Analysis as Part of my Build-Pipeline in AzureDevOps.
Since my project consists mostly of .NET and Javascript (React.js) code I use the “Integrate with MSBuild” - option instead of the “standalone scanner” option.

However for some reasen the code analysis only scans the .NET, Javascript, etc. code which sits inside my .NET-Projectfolders (e.g. myWebApi) while my Front-End project folder (e.g. myWebApp) gets completely ignored.

By “ignored” I mean that the folder containing my “front-end code” (here; React.js with .js - extension) does not even show up in the “folder-view” of the “code” - explorer inside the sonarCloud Project-dashboard. This is a very likely indicator that the analysis skips my the Folder containing my “front-end” code and does not even upload it to sonarqube.

On a similar note:
However if i choose the option “standalone” - scanner than sonarCloud ONLY analyses my front-end code… which is intended since specifying more then the folder containing my front-end code results in a “failed analysis” due to the Build-agent of azuredevops (hosted vs2017) runs out of memory. To compromise for that I tried to ignore all my external dependencies and generated code (.node_modules, dist) but still does not work.

My question is now if it is possible to use the “integrate with MSBuild” in the “Prepare SonarCloud Analysis” - Task and still be able to scan the folder containing my front-end code e.g. by specifying the folders’s path with the advanced options of the “Prepare SonarCloud Analysis” - Scanner?

(by the way is it possible that I need to specify the correct location of my front-end code inside the .sln / solution file of my Project so that MSBuild “picks up” on that?)

So far I have no clue how to fix that and I would very much appreciate your help.

Thank you very much and have a nice day!

WittmannJ

Problem visualization:

Sonarcloud scanning for a nextjs react app
(Wittmann J) #2

Hello SonarSource-Community,

I guess my problem was a pretty basic one which I managed to figure out myself.
However to be of use for people who have a similiar problem I’ll post the solution here as well:

What did I do in order to include my “front-End”-project in the analysis-step:

I added following line into the “Prepare analyis on SonarCloud” - Task under the “Advanced” - Tab and inside the “Additional Properties” - input field (Note: the “<” and “>” are meant to signal placeholders, an example for a valid path would look like this: source/projectName/WebApp_Frontend):

sonar.sources = <root-folder-of-project>/<folder-containing-source-code>/Javascript_Reactjs-FrontEnd

Unfortunately, that meant that now my front-end folder gets analyzed but due to the size of “node_modules” and the transpiled-code inside the “dist” - folder I ran out of memory. Therefore I added the following lines to the “Additional Properties” as well:

sonar.javascript.exclusions = **/node_modules/**, **/bower_components/**, **/dist/**
sonar.javascript.file.suffixes=.js,.jsx

The first line is the important line which makes the analyzer ignore all the “unimportant” code like node_modules or the code inside the “dist”-folder

The second line is optional and here just to make sure it analyzes my react.js code even if I use the “.jxs” - extension (we use .js but maybe you use .jsx)

After that the Analysis run just fine (except some minor warnings) and most of my code got uploaded to and analyzed on SonarCloud.

If someone else runs into the same problem as me and my “troubleshooting” is not clear enough then feel free to “PM” me anytime!

Have a great day

WittmannJ

1 Like
(Niraj Cricket) #3

Hi Wittman, i ran into same issue, using sonar for my nextjs code scan in sonarcloud.
in the source root repo, if i direct this ./**, an put rest for exclusion it didn’t work

even i tried ur sol it didn’t scan the code, hence no coverage