SonarScanner for MSBuild 4.9
If I run SonarScanner for MSBuild it’ll report issues to SonarQube. If I mark some issues as ‘Resolved Won’t Fix’ is it expected that SonarScanner will report them again for the next build in its output?
I’ve tried a rebuild. I’ve noticed that SonarLint will not report them again but SonarScanner behaves differently.
Could you detail more what you mean by “SonarScanner behaves differently”?
Thanks for your reply.
My question is if I mark an issue as resolved won’t fix, is it expected that SonarScanner for MSBuild continues to report it in the MSBuild output?
For example, when I build I see the following:
Form1.cs(26,32): warning S1854: Remove this useless assignment to local variable 'target'.
If I then go into SonarQube and mark the line as resolved won’t fix, then rebuild I still see the warning in the MSBuild output. Is that expected? Ideally we’d no longer like to see it in the MSBuild output.
I don’t want to deactive the rule as we want to report new instances of it.
I noticed SonarLint peforms as we’d expect (not reporting a resolved issue), but SonarAnalyzer.CSharp behaves the same as SonarScanner.
@nblackburn Currently there is no direct “link” between the status of SonarQube issues and the result of the MSBuild scanner. So there is no way to prevent the build output to throw this warning.
Could you explain in which situation is it a problem? Which CI does build your project?
Thanks for the confirmation @Christophe_Havard.
We currently have 11,000 issues reported on our project. We are going to deactivate a few rules, but for the majority of rules we’d like to keep them and for SonarQube to only report new instances. I think the only way to do this is to mark all of the current issues as resolved won’t fix? But if we do that then we’ll still see the 11,000 warnings reported by the scanner in the MSBuild output. So it’ll be hard to know if any new warnings have been introduced, and what they are without going to the SonarQube page after every build.
We use Jenkins to run the build, but we don’t use pipelines yet if that makes a difference. Jenkins just runs a batch file that starts the scanner then MSBuild.
Since I believe your Roslyn errors are automatically reflected in SonarQube wouldn’t it be simpler to just ignore the (seriously hard to read) build logs and focus solely on SonarQube’s beautiful interface?