Hi
I’m running a bitbucket pipeline that is working as expected e.g. building the dotnet code and the sonarcloud project is showing that the code was scanned after the pipeline ran.
Below is the pipeline code:
image: mcr.microsoft.com/dotnet/sdk:7.0
pipelines:
pull-requests:
'**':
- step:
name: Build and analyze pull request with SonarQube
caches:
- dotnetcore
script:
- apt-get update
- apt-get install --yes openjdk-11-jre
- dotnet tool install --global dotnet-sonarscanner
- export PATH="$PATH:/root/.dotnet/tools"
- dotnet sonarscanner begin /k:"*******" /o:"*********"
/d:"sonar.login=**************" /d:"sonar.host.url=https://sonarcloud.io"
- dotnet restore Microservice.sln
- dotnet build Microservice.sln
- dotnet sonarscanner end
/d:"sonar.login=***************"
However Sonarcloud is not reporting the issues found by the sonarscan, which are reported in the Pipeline log.
Below is a copy of the sonarscan issues reported in the bitbucket pipeline log/output. None of these are reported in my Sonarcloud project
/opt/atlassian/pipelines/agent/build/Microservice/Helper.cs(13,22): warning S1144: Remove the unused private method 'DuplicatedCode'. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Helper.cs(34,22): warning S1144: Remove the unused private method 'DuplicatedCode2'. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Helper.cs(34,22): warning S4144: Update this method so that its implementation is not identical to 'DuplicatedCode'. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Controllers/SampleController.cs(13,48): warning S4487: Remove this unread private field '_logger' or refactor the code to use its value. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Program.cs(1,1): warning S4823: Make sure that command line arguments are used safely here. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Program.cs(51,9): warning S3984: Throw this exception or remove this useless statement. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Program.cs(56,9): warning S3984: Throw this exception or remove this useless statement. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Program.cs(51,9): warning S1848: Either remove this useless object instantiation of class 'ArgumentException' or use it. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
/opt/atlassian/pipelines/agent/build/Microservice/Program.cs(56,9): warning S1848: Either remove this useless object instantiation of class 'ArgumentException' or use it. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
The following C# warnings (also from the bitbucket pipeline log/output) do get reported for the project in Sonarcloud as code smells
CSC : warning S3990: Provide a 'CLSCompliant' attribute for assembly 'Microservice'. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
CSC : warning S3992: Provide a 'ComVisible' attribute for assembly 'Microservice'. [/opt/atlassian/pipelines/agent/build/Microservice/Microservice.csproj]
So what is missing from the pipeline/configuration, why are the Sonarscan issues not making it into my Sonarcloud project but C# issues are? I have tried the default quality gate and a C# quality gate. I see the same result with both