Environment Details:
-
Operating System: Windows 11
-
Visual Studio Version: 17.14.20 (2022)
-
SonarQube for Visual Studio Plugin Version: 8.30
-
Programming Language: C++
-
Connected Mode: Yes (SonarQube Server)
Description of the Issue:
I have configured SonarQube scanning for an enterprise project using a GitHub workflow with SonarSource/sonarqube-scan-action@v6. The workflow executes successfully and detects issues as expected, even without any actual compilation of the code.
However, when performing a local analysis on a development machine using the SonarQube Visual Studio Extension, the process completes without errors but fails to identify any issues—even in code that clearly contains problems.
Project Setup:
-
The project is a C++ application built locally using CMake and Dev Containers.
-
SonarQube is running in connected mode during local analysis.
Steps Taken to Narrow Down the Issue:
To reproduce the problem in a simpler environment, I cloned the GitHub - robotdad/visualstudio-devcontainer-cpp: Example project for devcontainer usage in Visual Studio with C++ repository and introduced the following intentionally problematic code in MyCppApp.cpp:
// TODO: insert code here…
char carr[100];
carr[200] = ‘a’; // Intentional out-of-bounds access for testing
In this case, SonarQube was executed without connected mode, but I expected it to still detect and highlight these problematic lines. Unfortunately, no issues were reported.
I hope you can help me understand if more setup is needed for this to work or there is an issue with the VS extension.
SonarQube-Debug.log (37.2 KB)
