MsbuildSonar Runner +Fxcop - No fxcop issues are posted to server.SonarDashBoard shows 0 technical debt

Question

I am using Sonarqube 5.1 with MsBuildSonarRunner for my c#.net project analysis. Sonarqube 5.1 has come with C# 4.1 plugin, Recently I upgraded to 4.2. I have created a quality profile with ONLY Fxcop rules. I have followed the steps mentioned in Sonar site for analysis.

In analysis, I see that FXcop rule violations are captured. But when I browse to SonarDash board, It shows technical debt as 0 and issues as 0. I have reviewed my steps many times and I don't see any mistakes from my side. What could be the reason why Issues are not posted to server.

Here is my Build command log. I see clearly FXCOP rules are applied and violations are printed on console during build phase.

===========================================================

 Microsoft (R) Build Engine version 12.0.21005.1
[Microsoft .NET Framework, version 4.0.30319.34209]
Copyright (C) Microsoft Corporation. All rights reserved.

Build started 10/19/2015 12:20:14 PM.
Project "D:\Sqp\Polindrome\Polindrome\Polindrome.csproj" on node 1 (default targets).

GenerateTargetFrameworkMonikerAttribute:
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.

CoreCompile:
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.

_CopyAppConfigFile:
Skipping target "_CopyAppConfigFile" because all output files are up-to-date with respect to the input files.

CopyFilesToOutputDirectory:
  Polindrome -> D:\Sqp\Polindrome\Polindrome\bin\Debug\Polindrome.exe

OverrideCodeAnalysisProperties:
  Running FxCop analysis using the SonarQube ruleset. Ruleset: D:\Sqp\Polindrome\Polindrome\.sonarqube\conf\\SonarQubeFxCop-cs.ruleset

RunCodeAnalysis:
  Running Code Analysis...
  C:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Static Analysis Tools\FxCop\FxCopCmd.exe  /outputCulture:1033 /out:"bin\Debug\Polindrome.exe.CodeAnalysisLog.xml" /file:"bin\Debug\Polindrome.exe" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\mscorlib.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.Xml.Linq.dll" /directory:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1" /ruleSet:"=D:\Sqp\Polindrome\Polindrome\.sonarqube\conf\\SonarQubeFxCop-cs.ruleset" /rulesetdirectory:"C:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Static Analysis Tools\\Rule Sets" /rule:"-C:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Static Analysis Tools\FxCop\\Rules" /searchgac /ignoreinvalidtargets /forceoutput /successfile /ignoregeneratedcode /saveMessagesToReport:Active /timeout:120 


MSBUILD : **warning CA1823: Microsoft.Performance : It appears that field 'Program.AccountList' is never used or is only ever assigned to. Use this field or remove it.** [D:\Sqp\Polindrome\Polindrome\Polindrome.csproj]

Code Analysis Complete -- 0 error(s), 1 warning(s)
SetStyleCopAnalysisSettings:
Setting 'sonar.stylecop.projectFilePath' to 'D:\Sqp\Polindrome\Polindrome\Polindrome.csproj'

WriteSonarQubeProjectData:
  Directory "D:\Sqp\Polindrome\Polindrome\.sonarqube\out\\Polindrome__AnyCPU_Debug_635803356164104589" doesn't exist. Skipping.
  Creating directory "D:\Sqp\Polindrome\Polindrome\.sonarqube\out\\Polindrome__AnyCPU_Debug_635803356164104589".
Done Building Project "D:\Sqp\Polindrome\Polindrome\Polindrome.csproj" (default targets).

Build succeeded.

"D:\Sqp\Polindrome\Polindrome\Polindrome.csproj" (default target) (1) ->
(RunCodeAnalysis target) -> 
  MSBUILD : warning CA1823: Microsoft.Performance : It appears that field 'Program.AccountList' is never used or is only ever assigned to. Use this field or remove it. [D:\Sqp\Polindrome\Polindrome\Polindrome.csproj]

    1 Warning(s)
    0 Error(s)

Time Elapsed 00:00:01.82

Dinesh Bolkensteyn · Accepted Answer · 2015-11-18T17:33:44.077

0

FxCop analyzes assemblies, and relies on *.pdb files to map issues back to locations within the source code (i.e. to specific *.cs files at specific lines).

The issue reported by CA1823 seems to be on a field, which due to limitations of the *.pdb format are not being mapped back to source code. These issues are ignored during the import of FxCop results into SonarQube. You can verify that by manually opening the FxCop report (whose path you'll find in .sonarqube\out*\ProjectInfo.xml).

There is already a ticket to improve this in a future version of the C# plugin: https://jira.sonarsource.com/browse/SONARFXCOP-32

Update November 18th 2015

After many comments on this answer (see below), the root cause of the issue was finally found: The SQL Server collation must be case-sensitive (CS) and accent-sensitive (AS).

SonarQube 5.3 is expected to fail faster when this is not the case, to avoid these kind of strange problems: https://jira.sonarsource.com/browse/SONAR-6884

edited Nov 18 '15 at 17:33

answered Oct 21 '15 at 09:10

Dinesh Bolkensteyn

2,971
1
17
20

Thank you for reply. I have gone through Jira. Is it applicable to only some of the fxcop rules or all fxcop rules ? My code base size is 50,000 lines & MsBuild analysis shows around 2000 errors belongs to many fxcop rules ( 131 fxcop rules I have enabled). but None of the errors are posted to sonarqube. Please let me know what could have been the reason? – Learner Oct 22 '15 at 02:01
ok so then you're most likely facing a different issue than SONARFXCOP-32. Can you check manually the FxCop report as explained above, to verify that it contains some absolute paths to `*.cs` files? – Dinesh Bolkensteyn Oct 23 '15 at 08:38
I checked projectinfo.xml file for the path of fxcop report. I found below lines. /n – Learner Oct 25 '15 at 15:13
I checked "ABC.dll.CodeAnalysisLog.xml" & found all issues are listed in that file with absolute paths. Snippet of file is given below. – Learner Oct 25 '15 at 15:17
Change 'List(Of String)' in 'diff_match_patch.diff_charsToLines(ICollection(Of Diff), List(Of String))' to use Collection<T>, ReadOnlyCollection<T> or KeyedCollection<K,V> – Learner Oct 25 '15 at 15:17
could you upgrade to the latest C# plugin version 4.2? It fixes a bug in which projects whose path where containing "test" where considered as tests projects, and no issues where being imported on these. This might be the issue you're facing. – Dinesh Bolkensteyn Oct 26 '15 at 09:40
I upgraded to 4.2 as soon as it was released. I see some additional rules as well with 4.2 upgrade ( around 15 new rules). I was aware of "test" issue from one of your answers to some posts here. Hence I took care not to have folder names with *test*. Any where can we see ( server log or runner log ) why is it ignoring? – Learner Oct 26 '15 at 09:51
yes you can have a look at the logs produced during the `MSBuild.SonarQube.Runner end` command invocation. FYI, there are 3 different cases in which an FxCop issue will not get imported, see https://github.com/SonarCommunity/sonar-fxcop-library/blob/master/src/main/java/org/sonar/plugins/fxcop/FxCopSensor.java#L110 to know what to look for – Dinesh Bolkensteyn Oct 26 '15 at 10:39
I have checked "End" command output. No line seems to be culprit. Mainly log file contains loading rules, indexing files, analyzing files, lastly storing results in DB. Some of code files names ends with Test. Hope it does not cause issue as test patterns are at project level, not on files of project. – Learner Nov 02 '15 at 03:47
Thanks for Src link. I have gone through source code. I am not falling any of the "Skipping" conditions written in source code. To double check, I don't see any Log statements for skipping conditions ( Lines starting with/ containg "Skipping the FxCop issue at line" etc ). – Learner Nov 02 '15 at 03:54
Dinesh, Would you mind to receive my .sonarqube folder on your mail ID for analysis. I strongly believe that I am making a funny mistake in best case or my Code has some unusual stuff in medium case, or C#4.2 plugin may have a little glitch in last case :) – Learner Nov 02 '15 at 06:58
I'm sorry but I won't be able to look at your whole `.sonarqube` folder: You'll have to find what is going on by yourself unfortuntately :) If you do have commercial support on the C# plugin by SonarSource, feel free to open a case. If you don't see any `Skipping ...` message in the logs, then double-check that the FxCop report is actually available in the generated `sonar-project.properties` in the `.sonarqube` folder (if that's not even the case, then the report isn't being read altogether). – Dinesh Bolkensteyn Nov 02 '15 at 10:57
I have checked sonar-project.properties of .sonarqube folder. I see fxcop report - 1A2E71A5-5701-47B5-B7CA-3C3AD23D0A06.sonar.cs.fxcop.reportPath=D:\\SQATemp\\SQCA\\MKS\\bin\\Debug\\MKS.dll.CodeAnalysisLog.xml. When I open it, it shows ... – Learner Nov 03 '15 at 06:47
I checked for .pdb files in above location and they are available. I checked for post sharp issues with sonarqube. I see one jira which talks on false positive issues with post sharp and it is already resolved by using Before-PostSharp folder. My problem is not false positives though. https://jira.sonarsource.com/browse/SONARCS-337 – Learner Nov 03 '15 at 06:52
With this, I see that fxcop resport is present and post sharp is also not a culprit. – Learner Nov 03 '15 at 06:59
that ticket about postsharp is a really an old one and is no longer relevant to the C# plugin 4.x. another way forward would be to try to reproduce the issue on a smaller project, that you would be able to send here, or to investigate more easily. – Dinesh Bolkensteyn Nov 03 '15 at 15:31
I tested with many small projects and got no luck. Finally I took csharp project from Github which is mentioned in point #6 of http://docs.sonarqube.org/display/SONAR/Analyzing+with+SonarQube+Scanner+for+MSBuild. I see fxcop report with 4 warnings but dashboard with zero technical debt. I double checked my environment. I have VisualStudio 2013 , framework 4.5.2. – Learner Nov 12 '15 at 10:52
Do I need to upgrade server as well ? Right now it is 5.1. It is not required If I am not wrong. – Learner Nov 13 '15 at 09:15
Yes I think the issue is on your side - I've just tried the perform an analysis with the C# plugin 4.3, SonarQube Scanner for MSBuild 1.0.2 and SonarQube server 5.2, and on the sonar-example C# project I'm getting 1 FxCop issue (using VS 2015) "ReviewUnusedParameters" with 45 minutes of technical debt. – Dinesh Bolkensteyn Nov 13 '15 at 14:29
I Upgraded C# plugin to 4.3. It worked for sonar-example project (VS 2013, Sonarqube server 5.1 [did not upgrade server] and all fxcop rules enabled). It posted 4 issues to dashboard. Happy to see it in action – Learner Nov 13 '15 at 17:54
But It did not post any issues of my code base. Again all are in place ( fxcop report and properties file ..etc) . I will compare with example project and try to findout the issue – Learner Nov 13 '15 at 17:55
Dinesh, I upgraded server to 5.2 and VS 2013 ( v don't have 2015). All projects analysis are successful except my code. I again went for logging of "End" command. I found ANALYSIS SUCCESSFUL statement followed by other statement. " More about the report processing at http://{Server address}:9000/api/ce/task?id=AVEa3VT2N2lifQ4QFjP6" – Learner Nov 18 '15 at 14:20
When I copy and paste it in browser, I see response as " {"task":{"id":"AVEa3VT2N2lifQ4QFjP6","type":"REPORT","componentId":"AVERtAmRN2lifQ4QFito","componentKey":"Example","componentName":"Example","componentQualifier":"TRK","status":"FAILED","submittedAt":"2015-11-18T08:51:31-0500","startedAt":"2015-11-18T08:51:32-0500","executedAt":"2015-11-18T08:52:09-0500","executionTimeMs":37175,"logs":true}} " – Learner Nov 18 '15 at 14:22
Here if you see "status:FAILED". When I compared this key value with successful projects, they have " status: SUCCESSFUL". I will see server logs why server is throwing this exception. After all, it is the response given by server for my request. So Server logs should have information. Please correct me If I am wrong with my assumption. – Learner Nov 18 '15 at 14:28
@Learner - This issue seems quite strange... are you perhaps using a SQL Server whose collation is not case sensitive? It is a requirement to have it case and accent sensitive. – Dinesh Bolkensteyn Nov 18 '15 at 14:31
@Learner Yes your assumption is correct, check the server logs, and you might also be able to see more information via the SonarQube UI through Administration -> Project -> Background task – Dinesh Bolkensteyn Nov 18 '15 at 14:35
I see logs through Administration -> Project -> Background task. For failed project, error message is shown as " Cause: java.sql.BatchUpdateException: Cannot insert duplicate key row in object 'dbo.issues' with unique index 'issues_kee'. The duplicate key value is (AVERsFWuN2lifQ4QFioc)" – Learner Nov 18 '15 at 16:45
You are correct, current collation is not case sensitive. I dropped DB and created a fresh one with CS_AS and ran analysis. IT WORKED !!!!.. Thanks a lot for your support and really appreciate. One last question is , is that the reason for duplicate issue mentioned above ? – Learner Nov 18 '15 at 16:48
Woohoo, I'm glad it's fixed. The duplicate ID is just bad luck: 2 randomly generated IDs collide when the comparison is not case sensitive. FYI, SonarQube 5.3 will fail fast when the database is not correctly setup: https://jira.sonarsource.com/browse/SONAR-6884 – Dinesh Bolkensteyn Nov 18 '15 at 17:27
That one is very useful Jira - setting up required collation automatically. Thanks for sharing it. – Learner Nov 19 '15 at 07:01

MsbuildSonar Runner +Fxcop - No fxcop issues are posted to server.SonarDashBoard shows 0 technical debt

1 Answers1

Linked