Sonarqube scanner for MSBuild

SonarQube
,
1

I’m trying to setup sonarqube analysis for .Net application which is on .Net Core3.0.

Jenkins 2.176
SonarQube Version: 7.9 LTS
SonarQube Scanner for MSBuild 4.0.2

This Job is not using VS 2015 to build but with some command line batch executions.
I’m currently facing below issue while trying to perform somarqube analysis.

The SonarQube MSBuild integration failed: SonarQube was unable to collect the required information about your projects.
Possible causes:

  1. The project has not been built - the project must be built in between the begin and end steps
  2. An unsupported version of MSBuild has been used to build the project. Currently MSBuild 14.0 upwards are supported
  3. The begin, build or end steps have not all been launched from the same folder
    Generation of the sonar-properties file failed. Unable to complete SonarQube analysis.
    15:53:38.051 Creating a summary markdown file…
    15:53:38.058 Post-processing failed. Exit code: 1
    WARN: Unable to locate ‘report-task.txt’ in the workspace. Did the SonarScanner succeeded?
    ERROR: Execution of SonarScanner for MSBuild failed (exit code 1)
    Previous steps failed the build.
    Result is: FAILURE

Any suggestions are highly appreciated.

2

I tried updating SonarQube scanner for MSBuild to latest 4.8 and it worked fine. But the sonarQube build is unable to find the .sln file and throws a error as shown below.

WARNING: The following projects do not have a valid ProjectGuid and were not built using a valid solution (.sln) thus will be skipped from analysis…

No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.
Generation of the sonar-properties file failed. Unable to complete SonarQube analysis.
13:18:19.73 Post-processing failed. Exit code: 1
WARN: Unable to locate ‘report-task.txt’ in the workspace. Did the SonarScanner succeeded?
New run name is ‘#3 Branch rev. 210’
ERROR: Execution of SonarScanner for MSBuild failed (exit code 1)
Archiving artifacts
[htmlpublisher] Archiving HTML reports…
[htmlpublisher] Archiving at BUILD level D:\location\CoverageReport to D:\location\Cs_20Coverage
Recording NUnit tests results
Previous steps failed the build.
Result is: FAILURE

Can anyone suggest?

3

Hi Vyjayanth,

I suspect this line to be root cause of the project not being analyzed":

WARNING: The following projects do not have a valid ProjectGuid

Can you check your .sln file to verify that all referenced projects have GUID set? There as at least one project reported without GUID. That also means that your SLN file was found and processed.

Scanner for MSBuild requires projects to have GUID.

4

Hi Pavel,

Yea, I just checked the .sln file and all it has about Guid is “SolutionGuid” and its value.
And In jenkins job log it also shows as below:

WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “path.configuration.csproj”

Any thoughts?

5

You’ll need to update your SLN file to set unique GUID for each project.
If I take some random SLN file, it starts like this:

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29424.173
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProjectA", "ProjectA\ProjectA.csproj", "{D6236DCC-106F-4438-BE79-E97132F2876E}"
EndProject
Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "ProjectB", "ProjectB\ProjectB.csproj", "{444B4515-5C70-4B6E-9E1F-73B0C7F67E61}"
EndProject
6

Yes I see that here. The one of the left side of ProjectA in Curly bracket is a Guid of ProjectA?

Is that what it means?

Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") =“ProjectA”, “ProjectA\ProjectA.csproj”

7

Is there a way that I can configure .sln file for sonarqube scanner running in Jenkins Job?

That way I can generate the results well.

Because at this moment, this application is using dotnet command for builds.

Vyjayanth

8

Looks like Project A and Project B has same value on the left. Would that be a cause of duplication?

9

Yes, exactly. According to this source the format is

Project("{Project-Type-GUID}") = "Project-Name", "Project-Path.extension", "{Project-GUID}"

so the vales on the right should be unique. You can use randomly generated value, it’s used within the SLN file and in *.csproj file if there’s project reference configured.

10

If you see below, here are the details in .sln file.

Project("{sameuniquevalue}") = “app.Api”, “location\app.Api.csproj”, “{value1}”
EndProject

Project("{sameuniquevalue}") = “app.Models”, “location\app.Models.csproj”, “{value2}”
EndProject

Will the Project-Type-GUID be same uniquevalue for both projects?

11

SonarScanner for MSBuild does not care about Project-Type-GUID. Use whatever you need here. Project-Type-GUID depends on the project type, so you should keep original values and don’t change them.

Having multiple projects of the same type should have same value.

12

Yes, succeeded. Thanks. I placed the Project GUID by customizing below powershell script and analysis executed successfully.

Powershell Script Solution: https://github.com/ikemtz/NRSRx/blob/master/sonarqube-create-project-guids.ps1

Saw this discussion and helped really.
GUID issue: https://github.com/SonarSource/sonar-scanner-msbuild/issues/659

Thank you Pavel. Cheers, stay safe.

13

Dear @vyjayanth ,
Could you share the file https://github.com/ikemtz/NRSRx/blob/master/sonarqube-create-project-guids.ps1
as this is not available to download .

Does this PrjGUID entry mandatory for sonarscan build ?

Regards,
LnT

14

Yes, what kind of application are you referring to?

15

@vyjayanth - it is C# code.

image
image742×243 60.4 KB

PFA log :
WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “e:\vsts-agent\dcb01_01_sonar_work\r20\a\database-entities-contexts-migrations\businessdbcontext\maintenancedbcontext.csproj”