SonarQube Visual Studio Extension Does Not Detect Issues in Local Analysis

SonarQube for IDE Visual Studio
, ,
1

Environment Details:

  • Operating System: Windows 11

  • Visual Studio Version: 17.14.20 (2022)

  • SonarQube for Visual Studio Plugin Version: 8.30

  • Programming Language: C++

  • Connected Mode: Yes (SonarQube Server)

Description of the Issue:
I have configured SonarQube scanning for an enterprise project using a GitHub workflow with SonarSource/sonarqube-scan-action@v6. The workflow executes successfully and detects issues as expected, even without any actual compilation of the code.

However, when performing a local analysis on a development machine using the SonarQube Visual Studio Extension, the process completes without errors but fails to identify any issues—even in code that clearly contains problems.

Project Setup:

  • The project is a C++ application built locally using CMake and Dev Containers.

  • SonarQube is running in connected mode during local analysis.

Steps Taken to Narrow Down the Issue:
To reproduce the problem in a simpler environment, I cloned the GitHub - robotdad/visualstudio-devcontainer-cpp: Example project for devcontainer usage in Visual Studio with C++ repository and introduced the following intentionally problematic code in MyCppApp.cpp:

// TODO: insert code here…

char carr[100];

carr[200] = ‘a’; // Intentional out-of-bounds access for testing

In this case, SonarQube was executed without connected mode, but I expected it to still detect and highlight these problematic lines. Unfortunately, no issues were reported.

I hope you can help me understand if more setup is needed for this to work or there is an issue with the VS extension.

SonarQube-Debug.log (37.2 KB)

2

Hi,

Welcome to the community!

How does your project compile? Does it use a Makefile (not supported)? A .vcxproj (supported)? CMake (supported)?

For C and C++ supported analysis is triggered when a file is opened or saved. Do you still see nothing when you save change?

 
Ann

3

Hi Ann

As I have already written in the project setup section the project compiles using CMake. If you look in the attached log you can see that analysis do run (both when opening the file and when saving it) but it does not detect any issues:

[ThreadId 34] [Analysis] Analysis de682400-a31d-4e22-a5d5-d7bcd378f35b found 0 issue(s) in MyCppApp.cpp [final: True]

4

Hi,

I’ve flagged this for the experts.

 
Ann

7

Thank you @KarstenMS for the detailed post, including the verbose logs! I am actively looking into this and trying to reproduce the issue on my side. I’ll come back as soon as possible with an update. :folded_hands:

Kind regards,
Vasilis

1 Like
9

Hi there @KarstenMS !

Apologies for the delay :see_no_evil_monkey: Thanks a lot for sharing the logs! They suggest that the compile_commands.json might not be properly configured :thinking:

Could you please double-check if this is the case? Detailed instructions on analyzing CMake projects with SonarQube for Visual Studio is here. When trying, please also make sure that you will be using the latest version of the plugin (v9.2.0 at the time of writing).

I hope this helps,
Sophio

10

Hi Sophio

It is a problem with the compile commands. Thanks for helping with this. It was because of a mismatch between the location of the compile commands between the devcontainer and the local environment. The local project folder was mounted into the devcontainer on a different location.

I would think it is fair to close this issue now.

Again thanks for the help.

2 Likes
11

That’s great to hear @KarstenMS ! :star:

Thanks for the post again, and please keep sharing feedback with us about your experience using SonarQube for IDE. We are constantly trying to improve UX, docs, and stability of our product, and direct user feedback is greatly appreciated :slight_smile: In short, don’t be shy to create posts for general feedback, without waiting for an issue/bug to pop up :smiley:

All the best,
Sophio :woman_bowing: