SonarCloud with Azure DevOps - Scan Fails

I am trying to get SonarCloud scans working in our Azure DevOps build pipeline. The extension is installed, and the Prepare Task completes successfully, but the Analyze/Scan fails with the following error no matter what I do:

“Caused by: Could not find a default branch to fall back on.”

I’ve verified that my project key and organization settings are valid, and have tried both manual and automatic configMode settings, but the error is always the same.

  • ALM used: Azure DevOps
  • CI system used: Azure DevOps
  • Error observed:
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Unable to load component interface org.sonar.scanner.scan.branch.BranchConfiguration
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:51)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
##[error]at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:49)
	... 34 more
Caused by: Could not find a default branch to fall back on.
##[debug]Processed: ##vso[task.logissue type=error;]at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)%0D%0A	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)%0D%0A	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)%0D%0A	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)%0D%0A	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)%0D%0A	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)%0D%0A	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)%0D%0A	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)%0D%0A	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)%0D%0A	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)%0D%0A	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)%0D%0A	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)%0D%0A	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:49)%0D%0A	... 34 more%0D%0ACaused by: Could not find a default branch to fall back on.
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:49)
	... 34 more
##[debug]Processed: Caused by: Could not find a default branch to fall back on.##vso[task.logissue type=error;]

##[error]Picked up _JAVA_OPTIONS: -Xms128m -Xmx4096m
##[debug]Processed: ##vso[task.logissue type=error;]Picked up _JAVA_OPTIONS: -Xms128m -Xmx4096m
Picked up _JAVA_OPTIONS: -Xms128m -Xmx4096m
##[debug]Exit code 1 received from tool 'C:\x-agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.15.0\sonar-scanner\bin\sonar-scanner.bat'
##[debug]STDIO streams have closed for tool 'C:\x-agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.15.0\sonar-scanner\bin\sonar-scanner.bat'
##[debug]task result: Failed
##[error]The process 'C:\x-agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.15.0\sonar-scanner\bin\sonar-scanner.bat' failed with exit code 1
##[debug]Processed: ##vso[task.issue type=error;]The process 'C:\x-agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.15.0\sonar-scanner\bin\sonar-scanner.bat' failed with exit code 1
##[debug]Processed: ##vso[task.complete result=Failed;]The process 'C:\x-agent\_work\_tasks\SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1\1.15.0\sonar-scanner\bin\sonar-scanner.bat' failed with exit code 1
Finishing: SonarCloudAnalyze

I’ve been unable to find any documentation that helps me past this point - any tips?

Hi @p4th0g3n and welcome to the community !

This error has few meanings :

  • Either you try to auto-provision a project (meaning that it’s not created on SonarCloud, but will be created automatically upon the first analysis
  • Either you are not analyzing the default branch of the repository for the first analysis, or you might analyze a branch that has no target, at least recognized and analyzed by SonarCloud.

Is that your case ? If no, what is you exact configuration ?

Thank you.

Thanks for the quick reply, Mickaël!

I did initially try to use auto provisioning but got the error provided. I have since manually created the project in SonarCloud and have tried to use the manual option, but I get the same result.

Yes, I am working on a branch of master so that I can test the configuration and impact to the pipeline without impacting our developers.

Do I have to put this directly into our master branch for the initial analysis? Any workaround? If not, how can I make sure a failure of the scan does not cause the whole pipeline to fail?

Can you provide some more detail on what you mean by a branch with no target?

Hi @p4th0g3n

Ok, i understand.

Yes, the main branch of your repo needs to be analyzed first, so that we have a base on our side to further calculate new code stuff for branches and pull requests.

What you can do maybe is to analyze ‘locally’ the main branch by executing the scanner on your local machine so that it doesn’t break your build, and then after try to execute your CI on your branch to see what is happening ?

Let’s say you have 2 branches : develop and a feature branch, if you analyze your feature branch withouth having analyzed develop before, you might have this error message appearing as well.

HTH,
Mickaël

Thanks, Mickael. I was able to run the following command on a local copy of the master branch on one of my agents based on the instructions from the “Configure Analysis” wizard on SonarCloud.io:

dotnet sonarscanner begin /o:“org” /k:“project” /d:sonar.host.url=“https://sonarcloud.io” /d:sonar.login="token"

However, we do not have a simple command for triggering the build manually - we have multiple Stages/Jobs/Tasks and Scripts that run in our Build Pipeline and I am not aware of any way to reproduce this outside of the pipline to complete a manual scan. We actually have 17 separate .sln files in our agent working directory when a Pipeline-based build runs - am I expected to run ‘dotnet build (path)’ for each sln to populate the project? Then close the scanner? Does each .sln need a separete scan job?

I tried running ‘dotnet build’ against one of the .sln files during scanner analysis (and then closed the scanner) but our project on SonarCloud.io is still empty. Based on the scan output, the Project was processed successfully (at least for this one .sln):

RamSoft.DocumentConversion -> C:\Users\test\Desktop\masterscan\RapidResults-Mono\RamSoft.Common\src\RamSoft.DocumentConversion\bin\Debug\netcoreapp3.1\RamSoft.DocumentConversion.dll
Sonar: (RamSoft.DocumentConversion.csproj) Project processed successfully

Any ideas?

Hi Mikael - I ended up running the build command against each of the .sln files in our master branch. Most of them failed, but it looks like supported code was properly scanned, and I can see the results in our Project on SonarCloud.io for the 4 successfully processed modules. Will review this in more detail tomorrow.

This is great progress. However, I triggered a new build in my branch (not Master) which contains the SonarCloud tasks, but the SonarCloud scan fails with the exact same error message. It seems manually scanning still does not allow our Pipeline-based scan to run in my branch.

I have the following Stage in my Pipeline configuration - do you see any problems with this?

  • stage: ‘SonarCloudScan’
    dependsOn: ‘BuildOtherComponents’
    jobs:
    • job: SonarCloudScan
      steps:
      • task: SonarCloudPrepare@1
        inputs:
        SonarCloud: ‘SonarCloud Connection’
        organization: ‘organization’
        scannerMode: ‘CLI’
        configMode: ‘automatic’
        cliProjectKey: ‘projectkey’
        cliProjectName: ‘projectname’
        cliSources: $(Build.SourcesDirectory)

      • task: SonarCloudAnalyze@1

      • task: SonarCloudPublish@1
        inputs:
        pollingTimeoutSec: ‘300’

Do I need to do anything custom to be able to run the scan in branches other than Master?

Hi @p4th0g3n

First thing first, the snippet of pipeline is not correct for a dotnet project, you’ll need to configure it with “Integrate with MSBuild” setting, which will have another set of properties (projectKey and projectName)

Normally you don’t need to do anything since this is taken care by both the SonarCloud extension and the underlying Scanner for MSBuild.

Can you test with first that setting and let me know ?

If this is not working, i’ll need the log of the run code analysis task, in debug mode please (let me know, i can send you a PM for that so you can share it privately).

Thank you.
Mickaël

Hi Mickael,

This morning, I switched from the CLI scannerMode to the MSBuild scannerMode within the dedicated Stage I had previously created, but fouind that the integration fails when the scan runs:

##[error]The SonarQube MSBuild integration failed: SonarQube was unable to collect the required information about your projects.

The MSBuild option seems to expect the build to be occurring between the Prepare and Analyze Tasks, similar to what I had to do when I ran the manual scan and built each of the .sln files one by one. However, we have multiple build Jobs and you cannot have the Prepare/Analyze sections span between Jobs; it does not detect that the analysis has been run if it is not within the same job. It seems like I have to place a separate Build/Analyze sets of tasks for each in-scope build in our Pipeline.

I set up a set of Prepare/Analyze/Publish tasks around the existing build operations in our first build to test this theory and get around the previous error where the builds were not detected. This time, the Projects were detected, but the scanner skipped all projects due to duplicate GUID’s:

WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.recurrence\ramsoft.recurrence.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.documentconversion\ramsoft.documentconversion.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\ramsoft.common\src\ramsoft.common\ramsoft.common.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\fhir-api-services\r4\src\ramsoft.fhir.r4.api\ramsoft.fhir.r4.api.csproj”
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “c:\agent_work\1\s\fhir-api-services\r4\src\ramsoft.fhir.r4.unittests\ramsoft.fhir.r4.unittests.csproj”

##[error]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.

##[debug]Processed: ##vso[task.logissue type=error;]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.

Based on the following, it looks like we have two options (for this particular build) - change our existing build to build off the .sln, or add a GUID to the .csproj file: WARNING: Duplicate ProjectGuid: "00000000-0000-0000-0000-000000000000". The project will not be analyzed by SonarQube

Single .NET Core project files (csproj or vbproj) could be built and successfully analyzed only if a <ProjectGuid>unique guid</ProjectGuid> element is added in the csproj or vbproj XML. The <ProjectGuid> element is not required if you build a solution (sln) containing that project.

Any input on this? Am I on the right track in terms of running a scan per build (is it even supported)?

Mickael,

I am going to proceed with injecting a Project Guid into our .csproj files to make sure this works as expected.

However, while thinking about this, I think I realized that we will need to create separate projects in SonarCloud - one for each project/build in our repository. Since I was able to build all .sln files manually for the initial onboarding scan, everything is in one project, but I think think this will work for usage within the Pipeline. Can you please confirm if I am correct?

Hi @p4th0g3n

Usually yes it’s a good practice (since we do not support it yet) to have one SonarCloud project per pipeline. The thing is that if you have multiple analyses for one SonarCloud project, targeting the same commit, the very last analysis will overwrite everything.

Mickaël

Hello,
I’m having a similar problem, And I noticed you helped with this issue on a couple of threads. However it seems that the solutions are not quite working for me. a couple questions:

  • How do enable to the debug mode ?
    I’m setting the sonar.verbose=true in the SonarPrepare step and that is not working
  • Should I be able to run the Azure pipleline on the master branch for the first time run to get things going?
  • I got this error both on a separate branch and on master:
    ##[error]ERROR: Could not find a default branch to fall back on.

Any assistance appreciated.
Thanks,
Tyrone

Hi @trexx00,

You can also add the pipeline variable system.debug=true, that works.

The way we fully support an analysis is : Create your project on SonarCloud, and analyze master (or any other default branch of your repo).

Have you created your project before doing an analysis ? if yes, can you double check that the project key is the right one ?

Mickaël

Hi Mickaël,
Yes, project has been created. On the project page it is prompting to create the first analysis. The options include Azure pipelines, which is what I was trying.
Update:
The root cause of the noted issue was simple: project key is case sensitive. A capital letter had snuck in.
That solved a first level error but was getting errors on CI builds (the main intent) although PR builds/scans succeeded. Lesson learned: ALL PR (pull-request) parameters have to be filled in order for sonar to tell the difference between a PR/branch build and a CI/master build.
Oddly with only some PR parameters, PR builds succeed, but CI builds fail.

So thank you issue is resolved with your advice.

-Tyrone

1 Like