Fellow .NET developers,
I would like to announce that the SonarScanner for .NET now supports multi-language analysis, starting with version 8.0!
This is one of the features you have been requesting to allow you to easily scan a whole repository containing both .NET and JS/TS projects, as well as IAC files, loose SQL etc.
What this means is that you only need a single scan to analyze your entire repository, including files from all of the following languages not referenced in the solution:
- T-SQL
- PL/SQL
- JavaScript
- TypeScript
- YAML
- XML
- JSON
- CSS
- HTML
Furthermore, for JavaScript and TypeScript files, the scanner automatically detects test files based on the following patterns:
- *.test.(sonar.javascript.file.suffixes + sonar.typescript.file.suffixes)
- *.spec.(sonar.javascript.file.suffixes + sonar.typescript.file.suffixes)
This means you can now analyze a typical .NET backend+JS/TS frontend application with a single scan!
What happened before
Before version 8.0, the SonarScanner for .NET would analyze only the files that were part of the project. This meant that multi-language analysis was partially supported, and only for specific files explicitly included in the csproj, for example:
<ItemGroup>
<Content Include=“Included.js” />
</ItemGroup>
What happens now
Starting from SonarScanner for .NET v8.0, the files do not need to be part of the compilation. The only requirement for automatic multi-language analysis is that the begin, build, tests, and end scanner commands are run from the root directory of your solution.
For example, for a project that looks like this, the scanner should be run from the directory called “src”.
Some things to note
- Since the Scanner is now auto-including all the files, the “Remove” node from .csproj files is no longer respected and files should be manually excluded via the sonar.exclusions parameter.
- Since this feature is turned on by default, there is also the option to opt-out manually, should you already have another analysis set up for the rest of the code using other means.To do this, you can specify “/d:sonar.scanner.scanAll=false” at the begin step. This will allow you to restore the previous behavior if you run hit your maximum LOC count.
Tricks
- Some of you had attempted to use custom XML rules to detect their own issues in csproj files. This should now work if you map the csproj (or vbproj) extension to the XML language.
- If you need to run tests on your JS/TS project you might run into problems since you are not in the proper directory for that. Please see Run npm script from another directory | Zander's Code Notes to run an NPM or Yarn script from a different directory.
As always, we welcome your feedback on this feature so we can make it as perfect as possible!
Now go write some clean code!
Denis