SonarCloud in GitLab not detecting code smells, bugs and security issues

Hi all,

Bellow you may find my gitlab-ci.yaml manifest, but the problem is when I run SonarCloud scan using sonarsource/sonar-scanner-cli:latest docker image (I’ve also tried with 4.5 image tag) nothing is basically detected (bug, code smells, security issues - none). One important thing to point out is once the analysis is over and the report is submitted from sonar-scanner to SonarCloud on the screen of Project Name/Branches/featureBranch/code I realise that there are missing .py files compared to what I have in the VCS.

Just for the testing purposes, I installed sonar-scanner on my local machine and executed scans and that worked as expected with detected bugs, code smells and security issues. sonar-scanner versions in Docker image and the one I installed on my machine was exactly the same.

Yet another issue is the coverage. I am aware that I must execute tests and then generate the xml report (locally I am using coverage run -m pytest && coverage xml -i to generate coverage.xml file). The issue is that it is required to have python installed in order to install requirements and to run pytest, but it simply won’t work.

GitLab manifest:

  image: sonarsource/sonar-scanner-cli:latest
    GIT_DEPTH: "0"
    key: "${CI_JOB_NAME}"
      - .sonar/cache
  stage: sonarscan
    - dev
    - staging
    - master
    - sonar-scanner -Dsonar.projectKey=my-organization_my-service -Dsonar.organization=my-organization -Dsonar.python.version=3

Logs itself don’t show anything interesting nor suggesting any issues.

I would really appreciate for your help and suggestions.

Hey there.

Let’s work through one issue at a time.

Can you share a screenshot of what you do see in SonarCloud? It sounds like you might be initiating a short-lived branch analysis in SonarCloud (which would only show the difference between that branch and your target branch, by default master).

Hello and thanks for your reply :slight_smile:
Looks like you’re right, the analysis report is from the short-lived branch:

Regarding the analysis dashboard, here’s the screenshot: