SonarQube scanning of Bicep files fails with parse errors when typed variables (introduced in Bicep version 0.36) are used. It appears that the SonarQube server currently supports Bicep versions up to 0.32.4 and does not recognize typed variable syntax.
When will the supported Bicep version be upgraded?
Hi,
Welcome to the community!
Can you provide your SonarQube version and a reproducer snippet?
Thx,
Ann
We run the Enterprise Edition v2025.1 (102418)
Hi,
Thanks for confirming that you’re on a current version. Can you provide a reproducer snippet?
Thx,
Ann
Azure devops task log:
C:\a_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\7.4.2\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
SonarScanner for MSBuild 10.3
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
Calling the TFS Processor executable…
Property ‘sonar.cs.vstest.reportsPaths’ provided, skipping the search for TRX files in default folders…
Did not find any binary coverage files in the expected location.
Falling back on locating coverage files in the agent temp directory.
Searching for coverage files in C:\a_temp
No coverage files found in the agent temp directory.
Coverage report conversion completed successfully.
The TFS Processor has finished
Calling the SonarScanner CLI…
INFO: Scanner configuration file: C:\a_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\7.4.2\classic-sonar-scanner-msbuild\sonar-scanner-5.0.2.4997\bin..\conf\sonar-scanner.properties
INFO: Project root configuration file: C:\a\1.sonarqube\out\sonar-project.properties
INFO: SonarScanner 5.0.2.4997
INFO: Java 17.0.17 Eclipse Adoptium (64-bit)
INFO: Windows Server 2019 10.0 amd64
INFO: SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStoreType=Windows-ROOT -D
##[debug]Agent environment resources - Disk: C:\ Available 54286.04 MB out of 129547.00 MB, Memory: Used 2812.00 MB out of 8191.00 MB, CPU: Usage 11.00%
INFO: User cache: C:\Users\AzDevOps.sonar\cache
##[debug]Agent environment resources - Disk: C:\ Available 54286.79 MB out of 129547.00 MB, Memory: Used 2865.00 MB out of 8191.00 MB, CPU: Usage 12.00%
INFO: Analyzing on SonarQube server 2025.1.0.102418…
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=148ms
INFO: Sensor IaC AzureResourceManager Sensor [iac]
INFO: 4 source files to be analyzed
##[error]ERROR: Cannot parse ‘deployment/azure_templates/main.bicep:87:1’
##[debug]Processed: ##vso[task.logissue type=error;]ERROR: Cannot parse ‘deployment/azure_templates/main.bicep:87:1’
ERROR: Cannot parse ‘deployment/azure_templates/main.bicep:87:1’
INFO: 4/4 source files have been analyzed
INFO: Sensor IaC AzureResourceManager Sensor [iac] (done) | time=348ms…
main.bicep (Bicep line that makes it fail):
…
var myName string = ‘Bla’…
If the typing is removed parsing error is not present
MS docs:
Starting with Bicep CLI version 0.36.X, Bicep supports typed variables, where you explicitly declare the data type of a variable to ensure type safety and improve code clarity.
Sonarqube still uses version 0.32.4 of bicep to parse the files. So the question is when a current bicep will be supported.
Hi,
Thanks for the detail. I’ve flagged this for the language experts.
Ann