• SonarQube Developer Edition Version 7.9.1 LTS , latest Code Scan Plugin , SonarQube extension for Azure DevOps Server

We have AzureDevOps build pipeline which has code analysis step which integrates SonarQube VSTS extension to analyze Salesforce Code base by calling the following tasks–>
1)Prepare Analysis Configuration
2)Run Code Analysis
3)Publish Quality Gate Result

We use Azure git repo with master and feature branches.Now lets say for example our feature branch get committed with two components then the build pipeline gets triggered , run the tasks and once the scan is completed we can see the new SonarQube feature branch under master branch with exactly two files on SQ . The scan results were correct as it showed only new issues of the two files in that feature branch.This was working correctly since beginning of AzDO/SQ integration.

But since last few weeks we have seen the results are not correct. To explain lets say for example our feature branch get committed with two components but now once the scan is completed we can see the new SonarQube feature branch not only includes our two files which were part of the initial feature branch but lots of other files from Azure master branch commit which are actually not part of our initial feature branch. So even developer has one issue in his two files but because of the other files being included it shows lots of errors and quality gate being “Failed”.

Also sometimes some of the files in the feature branch commit are not supported by Codescan plugin so previously if we use to commit such feature branch then SQscan results would say “no issues” with passed status and the SQ feature branch code tab section showed nothing , which was correct as our feature had unsupported files/non code components. But now even if our feature branch had unsupported files , SQ feature branch will show other files from Azure master branch commit which are actually not part of our initial feature branch.

Please suggest how to resolve it or what can be the root cause for it as it was working fine since beginning. Any help here will be highly appreciated.

Hi,

Which option are you using in Prepare Analysis Configuration settings ? Is that “Use standalone scanner”

And if yes, are you using a file as properties, or manual configuration ?

Thanks.

Mickaël

Hi Mickaël Caro

Thank you so much for looking into it. Yes we are using "Use standalone scanner”. We are using manually provided configuration with below details

Project Key-> (Build.DefinitionName) Project Name --> (Build.DefinitionName)
Project Version --> $(Build.BuildNumber)
Sources directory root --> .
Additional Properties -->

Additional properties that will be passed to the scanner,

Put one key=value per line, example:

sonar.exclusions=**/*.bin

sonar.scm.disabled=true
sonar.branch.name=$(Build.SourceBranchName)

Please let me know in case of any additional info required to help troubleshooting this issue.

Thanks,
Rakesh

To, me, as long as you do not explicitly specify the folder or project that contains your only 2 files wanted in your feature branch, this is the expected behavior to have all files that can be analyzed in the SonarQube analysis. So yes, at first glance, only new issues are shown in SonarQube, but as long a if master is merged into your feature branch (with it’s own lifecycle and new issues commited onto it), they will be repercuted in that branch as well.

Thank you Mickaël. This makes perfect sense now. Thank you for your help in resolving this issue.