SonarCloud Scans Entire Codebase Instead of Only Changes in PR for Angular Project in Azure DevOps

Nevis · November 13, 2023, 8:57pm

ALM used: Azure DevOps
CI system used: Azure DevOps
Languages of the repository: TypeScript, Javascript

Hello,

I am experiencing an issue with my Azure DevOps pipeline integrated with SonarCloud. The pipeline is set to trigger for Pull Requests (PR), and while it executes and scans successfully, it scans the entire codebase instead of just the changes introduced in the PR.

Here is the configuration of my pipeline:

trigger:
- none

pool:
  vmImage: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Build stage
  jobs:
  - job: Build
    pool:
      vmImage: 'ubuntu-latest'
    steps:
      - task: NodeTool@0
        inputs:
          versionSpec: '16.x'
        displayName: 'Install Node.js 16.x'

      - script: |
          npm install -g @angular/cli@16.2.0
          npm install
          ng build 
        displayName: 'npm install and build'
        workingDirectory: '$(Build.SourcesDirectory)'
      - task: SonarCloudPrepare@1
        inputs:
          SonarCloud: 'xxxx'
          organization: 'xxxx'
          scannerMode: 'CLI'
          configMode: 'manual'
          cliProjectKey: 'xxxx'
          cliProjectName: 'xxxxx'
          cliSources: '$(Build.SourcesDirectory)'

      - task: SonarCloudAnalyze@1

I also attempted to configure the Sonar task in the following manner, but it did not resolve the issue:

      - task: SonarCloudPrepare@1
        inputs:
          SonarCloud: 'xxxx'
          organization: 'xxxx'
          scannerMode: 'CLI'
          configMode: 'manual'
          cliProjectKey: 'xxxx'
          cliProjectName: 'xxx'
          cliSources: 'src'
          extraProperties: |
            sonar.pullrequest.provider=AzureDevOps
            sonar.pullrequest.base=$(System.PullRequest.TargetBranch)
            sonar.pullrequest.branch=$(Build.SourceBranchName)
            sonar.pullrequest.key=$(System.PullRequest.PullRequestId)

For comparison, in a .NET project, the pipeline only scans the changes made in the PR, and everything works as expected. Here’s the working Sonar task configuration for the .NET project:

- task: SonarCloudPrepare@1
  inputs:
    SonarCloud: 'xxxx'
    organization: 'xxx'
    scannerMode: 'MSBuild'
    projectKey: 'xxx'
    projectName: 'xxx'

However, for the pipeline scanning an Angular project in Azure DevOps, it scans the entire codebase rather than just the changes. How can this issue be resolved?

Any insights or suggestions would be greatly appreciated.

Colin · November 15, 2023, 8:56pm

Hey there.

What are the symptoms of “scanning entire codebase”? Basically – how do you know it’s scanning the entire codebase (analysis logs? the whole repo is showing up in the PR dashboard?)