0

I have a repo in azure DevOps with only folder as test. Now, I have given the task structure in this way in azure DevOps. But I cannot see the code getting analyzed in sonarqube. The code tab shows blank. Could someone help me with where I am going wrong?? I do not want to give folder name in sources..I want whatever code I add in the branch to be analyzed.

edit: Just realized this is happening only for feature short lived branch..My sonarqube version is 8.0

steps:

  • task: SonarQubePrepare@4 inputs: SonarQube: 'connection name' scannerMode: 'CLI' configMode: 'manual' cliProjectKey: 'pipeline-sonar-demo' cliProjectName: 'pipeline-sonar-demo' cliSources: "." extraProperties: | # Additional properties that will be passed to the scanner, # Put one key=value per line, example: sonar.exclusions=**/*.xml
priya
  • 391
  • 1
  • 5
  • 24
  • Can you check your Azure pipeline, if the feature branch is being checked out or not. If feature branch is not checked out, then SonarQube will not analyze the code. – Sourav Nov 27 '20 at 12:34

1 Answers1

-1

SonarQube extension provides three tasks you will use in your build definitions to analyze your projects:

  • Prepare Analysis Configuration task, to configure all the required settings before executing the build.

    • This task is mandatory.
    • In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.

  • Run Code Analysis task, to actually execute the analysis of the source code.

    • This task is not required for Maven or Gradle projects, because
      scanner will be run as part of the Maven/Gradle build.

  • Publish Quality Gate Result task, to display the Quality Gate status in the build summary and give you a sense of whether the application is ready for production "quality-wise".

    • This task is optional.
    • It can significantly increase the overall build time because it will poll SonarQube until the analysis is complete. Omitting this task will not affect the analysis results on SonarQube - it simply means the Azure DevOps Build Summary page will not show the status of the analysis or a link to the project dashboard on SonarQube.

It seems you still need add Run Code Analysis task. Regarding how to use SonarScanner for Azure DevOps, please refer to the following documentation:

https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/

Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • those are there..I jst added prepare task here..but other two tasks are also added in the pipeline.. – priya Nov 27 '20 at 09:18
  • Check what type of your project and refer to the documentation https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/ to set up the SonarQube tasks. – Cece Dong - MSFT Nov 27 '20 at 09:23
  • Check section `Analysing other project types` in the documentation. Select Use standalone scanner, then either the SonarQube properties are stored in the (standard) sonar-project.properties file in your SCM, and you just have to make sure that "Settings File" correctly points at it. This is the recommended way. Or you don't have such a file in your SCM, and you can click on Manually provide configuration to specify it within your build definition. This is not recommended because it's less portable. – Cece Dong - MSFT Nov 27 '20 at 09:37
  • Just realized this is not happening only for feature branch...for remaining other branches its working fine..my sonarqube version is 8.0..is this existing functionality? – priya Nov 27 '20 at 10:59
  • Have you checked out your feature branch? Is this branch different from others? You may share your entire pipeline so that we can check whether there is something wrong in the pipeline. – Cece Dong - MSFT Nov 30 '20 at 08:31