SonarCloud scan does not pickup Angular related files in Angular .NET application

  • ALM used - Azure DevOps
  • CI system used - Azure DevOps
  • Languages of the repository - Angular + .NET

We are trying to scan our Angular + .NET app repository with SonarCloud (running it with Azure DevOps pipeline). It successfully picks up all files and applies all inclusions/exclusions, however it completely ignores AngularApp folder that contains all Angular related files. Logs do not show anything related to skipping/excluding this folder, the only line it is displayed on at all is the duplciation of include/exclude rules.

This is our folder structure in Repo:

This is what SonarCloud displayes as scanned code:

As you can see, AngularApp folder is not included. These are inclusion/exclusion rules that we are using:

sonar.inclusions=MainFolder/**/*, MainFolder/AngularApp/**/*
sonar.exclusions=**/*.aspx, **/*.xml, **/*.aspx.cs, MainFolder/ckeditor/**, MainFolder/Hubs/**, MainFolder/Jdash/**, MainFolder/JsonCompression/**, MainFolder/MasterPages/**, MainFolder/Properties/**, MainFolder/Scripts/**, MainFolder/SqlServerTypes/**, MainFolder/Template/**, MainFolder/UserControls/**,  MainFolder/ClientBin/**, MainFolder/CSS/**, MainFolder/DatabaseChanges/**, MainFolder/Images/**, MainFolder/Admin/ckeditor/**, MainFolder/Admin/Configurator/**, MainFolder/Admin/HtmlHelper/**, MainFolder/Admin/Scripts/**, MainFolder/Admin/UserControls/**, MainFolder/Admin/Views/**

As you can see, nothing related to AngularApp folder is excluded. We explicitly added AngularApp to inclusions for testing, to no avail (the result is the same with or without this rule).

Is there some option/variable that needs to be provided that we are missing? MainFolder/Admin/Scripts folder contains JavaScript files, and they were successfully picked up by scanner before we excluded it, so it’s probably not related to that.

Hi there, @Maksym_Novikov, welcome to the community!

Would you mind sharing the contents of your Azure DevOps pipeline?

Denis

Hi Denis, thanks for the reply. Here is our pipelane details (sensitive information was replaced with placeholders):

pool:
  name: Dev-AgtPool-Linux
  demands:
  - msbuild
  - visualstudio
  - vstest
  - java

#Your build pipeline references the ‘BuildPlatform’ variable, which you’ve selected to be settable at queue time. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab, and then select the option to make it settable at queue time. See https://go.microsoft.com/fwlink/?linkid=865971
#Your build pipeline references the ‘BuildConfiguration’ variable, which you’ve selected to be settable at queue time. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab, and then select the option to make it settable at queue time. See https://go.microsoft.com/fwlink/?linkid=865971
#Your build pipeline references the ‘BuildConfiguration’ variable, which you’ve selected to be settable at queue time. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab, and then select the option to make it settable at queue time. See https://go.microsoft.com/fwlink/?linkid=865971
#Your build pipeline references the ‘BuildPlatform’ variable, which you’ve selected to be settable at queue time. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab, and then select the option to make it settable at queue time. See https://go.microsoft.com/fwlink/?linkid=865971
#Your build pipeline references the ‘BuildConfiguration’ variable, which you’ve selected to be settable at queue time. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab, and then select the option to make it settable at queue time. See https://go.microsoft.com/fwlink/?linkid=865971

steps:
- task: NuGetToolInstaller@1
  displayName: 'Use NuGet 6.6.1'
  inputs:
    versionSpec: 6.6.1

- task: NuGetCommand@2
  displayName: 'NuGet restore'
  inputs:
    restoreSolution: '$(Build.SourcesDirectory)\slnPath\'
    feedsToUse: config
    nugetConfigPath: nugetConfigPath

- task: SonarSource.sonarcloud.14d9cde6-c1da-4d55-aa01-2965cd301255.SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  inputs:
    SonarCloud: 'SonarQube naming'
    organization: orgName
    projectKey: 'projectKey'
    projectName: projectName
    extraProperties: |
     sonar.inclusions=MainFolder/**/*, MainFolder/AngularApp/**/*
     sonar.exclusions=**/*.aspx, **/*.xml, **/*.aspx.cs, MainFolder/ckeditor/**, MainFolder/Hubs/**, 
     MainFolder/Jdash/**, MainFolder/JsonCompression/**, MainFolder/MasterPages/**, 
     MainFolder/Properties/**, MainFolder/Scripts/**, MainFolder/SqlServerTypes/**, 
     MainFolder/Template/**, MainFolder/UserControls/**,  MainFolder/ClientBin/**, 
     MainFolder/CSS/**, MainFolder/DatabaseChanges/**, MainFolder/Images/**, 
     MainFolder/Admin/ckeditor/**, MainFolder/Admin/Configurator/**, 
     MainFolder/Admin/HtmlHelper/**, MainFolder/Admin/Scripts/**, 
     MainFolder/Admin/UserControls/**, MainFolder/Admin/Views/**

- task: VSBuild@1
  displayName: 'Build solution slnName'
  inputs:
    solution: slnName
    platform: '$(BuildPlatform)'
    configuration: '$(BuildConfiguration)'

- task: VSTest@2
  displayName: 'VsTest - testAssemblies'
  inputs:
    testAssemblyVer2: |
     **\$(BuildConfiguration)\*test*.dll
     !**\obj\**
    codeCoverageEnabled: true
    platform: '$(BuildPlatform)'
    configuration: '$(BuildConfiguration)'

- task: SonarSource.sonarcloud.ce096e50-6155-4de8-8800-4221aaeed4a1.SonarCloudAnalyze@1
  displayName: 'Run Code Analysis'

- task: SonarSource.sonarcloud.38b27399-a642-40af-bb7d-9971f69712e8.SonarCloudPublish@1
  displayName: 'Publish Quality Gate Result'

Hi,

As I suspected, you are using version 1 of the SonarSource tasks, which means you are using an older version of the scanner.

If you change this to use the @3 flavor of the tasks, you will automatically move to a more recent (v9) version that automatically detects files from other languages not referenced in the .NET projects. Your Angular app should be detected and analyzed then.

Denis

Thanks for the reply, that would make sense. I will try changing this and update you on result in next few days!

Hi Dennis,
Sorry for the wait. I updated SonarCloud tasks to version 3 in Azure, but I’m getting another problem - SonarCloud Analysis task fails. Those are end file logs:


	at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
	at org.sonar.plugins.javascript.bridge.Http$JdkHttp.post(Http.java:59)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.request(BridgeServerImpl.java:428)
	... 40 more
Caused by: java.io.IOException: HTTP/1.1 header parser received no bytes
	at java.net.http/jdk.internal.net.http.common.Utils.wrapWithExtraDetail(Unknown Source)
	at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.onReadError(Unknown Source)
	at java.net.http/jdk.internal.net.http.Http1AsyncReceiver.checkForErrors(Unknown Source)
	at java.net.http/jdk.internal.net.http.Http1AsyncReceiver.flush(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: EOF reached while reading
	at java.net.http/jdk.internal.net.http.Http1AsyncReceiver$Http1TubeSubscriber.onComplete(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$InternalReadPublisher$ReadSubscription.signalCompletion(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$InternalReadPublisher$InternalReadSubscription.read(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$SocketFlowTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(Unknown Source)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$InternalReadPublisher$InternalReadSubscription.signalReadable(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$InternalReadPublisher$ReadEvent.signalEvent(Unknown Source)
	at java.net.http/jdk.internal.net.http.SocketTube$SocketFlowEvent.handle(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl$SelectorManager.handleEvent(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl$SelectorManager.lambda$run$3(Unknown Source)
	at java.base/java.util.ArrayList.forEach(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl$SelectorManager.run(Unknown Source)
12:33:47.976 ERROR: 
##[error]The SonarScanner did not complete successfully
12:33:48.664  Post-processing failed. Exit code: 1
The SonarScanner did not complete successfully
12:33:48.664  Post-processing failed. Exit code: 1
##[error][ERROR] SonarQube Cloud: Error while executing task Analyze: The process 'D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\3.1.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe' failed with exit code 1
##[error]The process 'D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\3.1.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe' failed with exit code 1
Finishing: Run Code Analysis

Hi @Maksym_Novikov

I’m afraid this is not enough to understand what is going on. Could you post the complete log? (Feel free to redact sensitive information of course).

Denis