I have followed the process illustrated in the link: https://azuredevopslabs.com/labs/vstsextend/sonarcloud/ to integrate sonarcloud with azure DevOps and successfully analysed the Repo found in: https://github.com/SonarSource/sonar-scanning-examples.git. The reults were mainly C# codes.
Later, I tried to analyse another code with Repo filled with security vulnerabilities in Java and other languages: https://github.com/SonarSource/sonar-training-examples.git but the analyses results only returned C# code smells! Am I missing something? Why only C# being analysed?
How did you configure your Azure Pipelines YML? Feel free to share it here.
Kindly find below. Please note that I tried both Azure agent and a local agent on my laptop but no luck.
- checkout: self
- task: SonarCloudPrepare@1
# Additional properties that will be passed to the scanner,
# Put one key=value per line, example:
- task: Gradle@2
- task: SonarCloudPublish@1
It would be very surprising to see C# files analyzed in that case, as you aren’t using the Scanner for .NET.
Can you share the pipeline logs with
--info appended to the Gradle command? I have a feeling you have a successful analysis already targeted at that project key, but the analysis you think you’re performing is never actually getting to SonarCloud.