Zero bugs in first analysis

santaji-cybage · November 30, 2022, 1:12pm

ALM used : GitHub,repos Azure DevOps Pipelines)
CI system used: Azure DevOps Pipelines
Scanner command used when applicable (private details masked)
Languages of the repository : C#

I am on paid version of SonarCloud and have configured analysis through Azure Pipelines for legacy ASP.NET Monolithic application with 24K LOC. This application has been developed over last few years. So, I expect lots of bugs, Vulnerabilities and code smells, but the analysis shows zero bugs, and Vulnerabilities and very less code smells. Not sure what is wrong.

ganncamp · December 1, 2022, 3:47pm

Hi,

Welcome to the community!

You didn’t include your scanner command. What is it? You must use the Scanner for .NET to get full C# analysis results.

Ann

santaji-cybage · December 1, 2022, 4:42pm

Thanks Ann, for your response.
Not sure what do you mean by “Scanner for .NET”. We have configured the analysis as Azure Pipeline. Plese have look at the attached snaps.

Please suggest if we are doing it the right way or not.
Thanks
Santaji Garwe

ganncamp · December 1, 2022, 4:50pm

Hi,

Yes, per the docs, it looks like you have the right steps in place: prepare, run, publish.

Could you share your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

Ann