0

I am currently looking to add code analysis to a C# project. I'm running the analysis through Jenkins/C#/Visual Studio plugins and am not getting any issues reported on the dashboard. My issue JSON report has lots of the following issues:

{
   "ruleId":"CS7035",
   "level":"warning",
   "message":"The specified version string does not conform to the recommended format - major.minor.build.revision",
   "locations":[
      {
         "resultFile":{
            "uri":"my file",
            "region":{
               "startLine":123,
               "startColumn":22,
               "endLine":123,
               "endColumn":33
            }
         }
      }
   ],
   "properties":{
      "warningLevel":4
   }
},
...

Clearly the analysis is working and generating the issues. However when I view the project on the dashboard, it shows no bugs/vulnerabilities/etc. Interestingly, it does show the lines of code and duplication statistics.

The analysis does work for our JS code, so it seems to just be a C# thing.

showdev
  • 28,454
  • 37
  • 55
  • 73
Corey Mead
  • 223
  • 3
  • 7
  • Can you please post the whole analysis log? (maybe on pastebin.org to make it more convenient) It's impossible to answer w/o it. – Fabrice - SonarSource Team Jul 07 '16 at 07:19
  • Where can I find the analysis log? Would it be in .sonarqube folder in the generated workspace or would it be in my sonarqube instance itself? – Corey Mead Jul 07 '16 at 12:17
  • Not sure if this is the right log or not but this is the full json I got the message above from: http://pastebin.com/AFyef0C0. Let me know if there's another log you're looking for. Thanks for the help. – Corey Mead Jul 07 '16 at 12:47
  • I'm taking about the console output when you invoke "MSBuild.SonarQube.Runner.exe begin" and then "MSBuild.SonarQube.Runner.exe end" – Fabrice - SonarSource Team Jul 07 '16 at 13:18
  • Ah, yes that makes sense. Here is my console log from Jenkins. http://pastebin.com/vBGnCN1G. Let me know if I can send anything else. I had to remove a few of the same messages from the log to reduce file size at the end. – Corey Mead Jul 07 '16 at 13:28

1 Answers1

0

You are using version 5.3 of the C# plugin that does not support the new version of the SARIF JSON format.

This was fixed in version 5.3.1 - see SONARCS-602.

Updating to this last version of the plugin should fix your issue.

Fabrice - SonarSource Team
  • 26,535
  • 3
  • 62
  • 58
  • Very interesting. I know for a fact I checked for updates in the update center yesterday and didn't see any. Perhaps I'm crazy because it was there today. I can confirm that this resolved the issue for me and I am now seeing the bugs/code smells on the sonarqube dashboard. – Corey Mead Jul 07 '16 at 15:37