Sonarcloud warnings "component key 'repo-name:directory' not found"

SonarQube Cloud
1

I have a codebase the holds both python and java code under different directories.

We initially configurated sonar scan for java and it was working well. Later we added the configuration for python source code. Now we are able to get all source code metrics. However, on the Sonarcloud inside this project, in the code tab/section, when I get a warning while navigating through the directories.

On each directory, for every immediate childe file or directory under it, Sonarcloud throws a warning sign which says "Component Key β€˜<repo-name<:<directory/file name> not found’

image

Edit: It looks these warnings are about the three parameter

  1. Security
  2. Reliability
  3. Maintainability
    All of them are blank in the project dashboard.

Edit 2: Putting out the detailed structure of project and webpage screenshots

sonar.projectName=xxx-xxxx-xxx-cloud-services
sonar.projectKey=xxx-xxxx-xxx-cloud-services
sonar.projectVersion=1.0

sonar.sources=digital-api/add-module/src/main/java,digital-api/multiply-module/src/main/java,legacy-api/lambdas/add_module,legacy-api/lambdas/multiply_module
sonar.java.binaries=digital-api/add-module/target/classes,digital-api/multiply-module/target/classes
sonar.coverage.exclusion=**/ENV/**/*
sonar.java.libraries=${env.MAVEN_CACHE_FOLDER}/**/*.jar
sonar.java.test.libraries=${env.MAVEN_CACHE_FOLDER}/**/*.jar

sonar.coverage.jacoco.xmlReportPaths=digital-api/add-module/target/site/jacoco/jacoco.xml,digital-api/multiply-module/target/site/jacoco/jacoco.xml
sonar.junit.reportPaths=digital-api/add-module/target/surefire-reports,digital-api/multiply-module/target/surefire-reports
sonar.python.coverage.reportPaths=legacy-api/lambdas/coverage.xml

Project structure

β”œβ”€β”€ digital-api
β”‚   β”œβ”€β”€ add-module
β”‚   β”‚   └── target
β”‚   β”‚       └── site
β”‚   β”‚           └── jacoco
β”‚   β”‚               └── jacoco.xml
β”‚   β”œβ”€β”€ multiply-module
β”‚   β”‚   └── target
β”‚   β”‚       └── site
β”‚   β”‚           └── jacoco
β”‚   β”‚               └── jacoco.xml
β”‚   β”œβ”€β”€ pom.xml
β”œβ”€β”€ legacy-api
β”‚   β”œβ”€β”€ lambdas
β”‚   β”‚   β”œβ”€β”€ add_module
β”‚   β”‚       └── adder.py
β”‚   β”‚   β”œβ”€β”€ multiply_module
β”‚   β”‚       └── multiplier.py
β”‚   β”‚   β”œβ”€β”€ coverage.xml
β”‚   β”œβ”€β”€ requirements.txt
β”œβ”€β”€ tests
β”‚   β”œβ”€β”€ __pycache__
β”‚   β”œβ”€β”€ test_adder.py
β”‚    └── test_multiplier.py
β”œβ”€β”€ sonar-project.properties

image
image1900Γ—911 73.7 KB

image
image1893Γ—904 90.4 KB

image
image1041Γ—509 32.6 KB

Edit 3:
How we are running the sonar scan?

          - task: SonarCloudPrepare@1
            displayName: "Prepare SonarCloud"
            inputs:
              SonarCloud: 'XXX-XXXXXX-SONARCLOUD'
              organization: 'xxx-xxxxxxx'
              scannerMode: 'CLI'
              configMode: 'file'
              extraProperties: |
                # Additional properties that will be passed to the scanner, 
                # Put one key=value per line, example:
                # sonar.exclusions=**/*.bin
                sonar.pullrequest.vsts.instanceUrl=$(System.CollectionUri)
                sonar.pullrequest.vsts.project=$(System.TeamProject)
                sonar.pullrequest.vsts.repository=$(Build.Repository.Name)
                sonar.projectName=$(Build.Repository.Name)
                sonar.projectKey=$(Build.Repository.Name)

          - task: SonarCloudAnalyze@1
            displayName: 'Run Sonar Analysis'
2

Hi,

Could we have a little more context here? I’m not clear on where you’re trying to navigate to produce these errors. Would a wider screenshot - redacted as necessary - be possible?

 
Thx,
Ann

3

Thanks for quick response. I have added a full size screenshot with more details. Let me know if that helps.

(PS: Later, if your team needs I can scrub off the proprietary info and upload the project too.)

4

Hi,

Thanks for the screenshots. They’re very helpful!

Could you also post your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Thx,
Ann

6

scan-sonar-log.txt (33.9 KB)

Please review. Thank you!

7

H @codelogn,

Welcome to the community!

I guess you work with the OP?

Anyway, thanks for the log. I see this in it:

2024-08-06T17:25:54.1337359Z WARN: Could not find ref: master in refs/heads, refs/remotes/upstream or refs/remotes/origin

And this:

2024-08-06T17:26:03.5969423Z INFO: SCM Publisher SCM provider for this project is: git
2024-08-06T17:26:03.5999520Z INFO: SCM Publisher 4 source files to be analyzed
2024-08-06T17:26:03.6042108Z WARN: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
2024-08-06T17:26:03.6064336Z INFO: SCM Publisher 0/4 source files have been analyzed (done) | time=8ms
2024-08-06T17:26:03.6064827Z WARN: Missing blame information for the following files:
2024-08-06T17:26:03.6068857Z WARN:   * legacy-api/lambdas/multiply_module/multiplier.py
2024-08-06T17:26:03.6069396Z WARN:   * legacy-api/lambdas/add_module/adder.py
2024-08-06T17:26:03.6070328Z WARN:   * digital-api/multiply-module/src/main/java/com/example/multiply/Multiplier.java
2024-08-06T17:26:03.6070851Z WARN:   * digital-api/add-module/src/main/java/com/example/add/Adder.java
2024-08-06T17:26:03.6071630Z WARN: This may lead to missing/broken features in SonarCloud

Even with missing blame data, you shouldn’t be getting these errors, so I’ve flagged this for more expert eyes.

 
Thx,
Ann

8

Update: I have posted this on the original post too. We are running scan through Azure pipeline where we are using the following script (in case it makes any difference):

How we are running the sonar scan?

          - task: SonarCloudPrepare@1
            displayName: "Prepare SonarCloud"
            inputs:
              SonarCloud: 'XXX-XXXXXX-SONARCLOUD'
              organization: 'xxx-xxxxxxx'
              scannerMode: 'CLI'
              configMode: 'file'
              extraProperties: |
                # Additional properties that will be passed to the scanner, 
                # Put one key=value per line, example:
                # sonar.exclusions=**/*.bin
                sonar.pullrequest.vsts.instanceUrl=$(System.CollectionUri)
                sonar.pullrequest.vsts.project=$(System.TeamProject)
                sonar.pullrequest.vsts.repository=$(Build.Repository.Name)
                sonar.projectName=$(Build.Repository.Name)
                sonar.projectKey=$(Build.Repository.Name)

          - task: SonarCloudAnalyze@1
            displayName: 'Run Sonar Analysis'
9

Hi @ganncamp,

Do you think this is a mono repo situation ?

image
image1134Γ—144 11.4 KB

10

Hi @Bachri_Abdel,

I don’t think so. Even if there’s a problem with analysis (and I basically asked for the log as an i-dotting exercise) it shouldn’t cause errors and missing data in the UI.

 
Ann

16

Hi there,

Sorry for not giving any update sooner.

We are trying to set up a Reproducer to investigate this issue, and it’s not trivial.

Please bear with us.

3 Likes
18

Hi there,

Thank you all for your patience!

After some investigation, it turns out that the call to the API/measures/component is missing some parameters when we are on a branch or a pull request. It looks like it happens for every new file and folder of the branch or pull request.

We need to figure out why the requests are made without these parameters, and hopefully, we will be able to provide a fix soon.

We will keep you posted!

1 Like
19

Hi,

A fix has been deployed a few days ago.

Please let us know if you still have issues.

Cheers

2 Likes
23

Thanks! PRs that had these exceptions at our side, now are shown without errors.

2 Likes