SonarCloud posting comments for disabled rules to Azure Pull Requests

  • ALM used (Azure DevOps)
  • CI system used (Azure DevOps)
  • Languages of the repository(C#)

We’ve currently got a project posting comments to our Pull Requests in Azure. The Quality Profile associated with the Project has 0 rules enabled. Despite this, whenever a PR fails the Quality Gate associated with the project(code coverage < 80%), a spam of code smells - that have been disabled on the Quality Profile - are posted to the PR.

Is there some setting I may be missing?
Thanks!

Hey there.

Can you provide a screenshot of some of the code smells that being reported on your pull request?

Sure, here’s an example.

I’m also attached the Project in question’s Quality Profile and Gate:

Hey there.

I think you’re facing the same issue as the user in this thread:

I’ve toggled the Roslyn setting, we’ll see how that works out. In the meantime, however, I noticed in the thread linked that the user’s dashboard was at least reflecting their Quality Profile settings. That doesn’t seem to be the case for ours, however:

If the 3 Roslyn issues being raised are identified as Code Smells (which you’ve just turned off)… what else makes you think that your Quality Profile settings aren’t being used?

Apologies, the implementation of Sonar on our end had been de-prioritized until now. I’ve yet to re-test this, so your point remains and I misunderstood how it should be working. I think I have a better understanding now, though I’ll update once we add this back to our pipeline.

Alright, I’ve finally gotten back around to testing this. Current status is:

  • Two projects in a monorepo, BackEnd and FrontEnd
  • BackEnd is reporting a Status to Azure, FrontEnd is not
  • Neither are posting comments to PRs when Quality Gate has failed

Toggling the Roslyn option has worked in disabling the Roslyn comment spam.

Are your projects explicitly configured as a monorepo? If not – what might be happening is that one status is always overwriting the other (if your frontend build finishes first, and then your backend build runs, the decorations will overwrite each other, if not configured as a monorepo).

No comment should be expected if there are no issues – just the status check on your PR.

Yeah, both set as a monorepo:

Does PR Decoration(this is the term for comments, I believe?) only occur when things like Code Smells/Security Vulns are part of the Quality Gate? Our current Quality Gate is set to ONLY Code Coverage right now, so I wasn’t sure if I should have been expecting a comment in addition to the PR status.

Update:
To clarify, our Quality Gate has always just been Code Coverage thus far and the comments from Roslyn were coming in regardless - I’m not 100% clear on exactly when the PR decoration happens, is it during the Analyze or Publish?