Using SonarQube zip: 10.4.1.88267
Scanner: 6.2.0.85879-net-framework
Hi everyone!
I’m trying to setup the scan configuration for my unity project and I’m almost there but there are some small details that I can’t understand what I’m doing wrong.
My unity project source code has this structure:
Root
→ Project.sln
→ Assets
→ _Trunk
→ Scripts
→ Firebase
→ NavMeshComponents
→ Plugins
...(etc)
I’ve set the project analysis scope “Source File Inclusions” to be “Assets/_Trunk/Scripts/**/*.cs”
After running the scan I see some issues found outside the scope of the scan, under Firebase, NavMeshComponents and Plugins among others.
Then I went and added those folders explicitly as " Source File Exclusions" like this
Assets/NavMeshComponents/**
Assets/Firebase/**
Assets/Plugins/**
Run the scan again I can see in the log the config is actually there but when looking at the report still showing those issues under the folders that are supposed to be outside of the scope.
For example:
INFO: Indexing files of module 'NavMeshComponentsEditor'
INFO: Base dir: C:\Projects\Triumf-Dev-Android
INFO: Test paths: Assets/NavMeshComponents/Editor/NavMeshLinkEditor.cs, Assets/Na...
INFO: Included sources: Assets/_Trunk/Scripts/**/*.cs
INFO: Excluded sources: Assets/NavMeshComponents/**, Assets/Firebase/**, Assets/Plugins/**
...
INFO: ------------- Run sensors on module NavMeshComponentsEditor
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=0ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=0ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=0ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Roslyn version: 4.8.0.0
INFO: Language version: CSharp9
INFO: Concurrent execution: enabled
INFO: Sensor C# Analysis Log [csharp] (done) | time=1ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: 6 source files to be analyzed
INFO: 6/6 source files have been analyzed
So even after I said exclude the path, then it shows that said path is indeed in the exclusion settings but the scanner proceeds to scan and analyze 6 files in that folder. Why?
I also noticed that those issues were tagged as ROSLYN (Issue detected by an external rule engine: roslyn)
So is this ROSLYN thing ignoring the sonar inclusions and exclusions completely? Is there some other config that I’m missing? Is the scan just ignoring the settings and following the .sln assembly definitions?
I’m lost on what else to try or if my understanding of the settings is already wrong and are not supposed to work as I thought.
Any help would be really appreciated
Thanks in advance!