We have a SonarCloud subscription. We have a .NET standard (not .NET core) project we want to scan. Ideally, we want to do this in our Azure DevOps pipeline. However, our application runs in a docker container and does not really have a build step. In the dockerfile, we just copy our website files into /inetpub/wwwroot/appname, remove the default website (IIS), and make a new website with those copied files. I’ve been trying for over a week now many different ways of getting this working, but I’m basically at a wall.
Some additional info:
I tried to do this in the ADO pipeline, but it wouldn’t work. I also tried copying the website files out of the container onto the build agent and scanning it there but I also couldn’t get that to work. After doing some reading, I found that it may be a better idea to try and run the scan from inside my docker container - whether that be during the docker build or after, I haven’t figured out and am basically open to whatever at this point.
Right now, I’m trying to build my container, then run it, then run the following commands (maybe I’m going about it wrong?):
Begin scan
SonarScanner.MSBuild.exe begin /k:“my-key” /o:“my-org” /d:sonar.token=“my-token” /d:sonar.host.url=“https://sonarcloud.io”
Build the project
MSBuild.exe “path to .sln file” /t:Rebuild
End scan
SonarScanner.MSBuild.exe end /d:sonar.token=“my-token”
I have gotten the begin command to run successfully a few times, but whenever I try the rebuild step, I always get some kind of error, the latest of which is:
ASPNETCOMPILER : error ASPCONFIG: Could not load file or assembly ‘System.ValueTuple, Version=4.0.3.0, Culture=neutra
l, PublicKeyToken=cc7b13ffcd2ddd51’ or one of its dependencies. The located assembly’s manifest definition does not mat
ch the assembly reference. (Exception from HRESULT: 0x80131040) [C:\inetpub\wwwroot\appname\appname.metap
roj]
At this point, I’m wondering if I’m even going about any of this in the right way and would greatly appreciate some guidance so I can find a path forward.
Thanks!