0

We have setup pull request analysis for C# .Net code. It is observed old code(unmodified) is being considered for analysis which is not expected, this is blocking us from using quality gates.

The new code condition is set based on the “number of days” condition which is set to 1.

Even then the PR/short branch analysis reports issues that are present in old code (which are not updated\edited as part of the pull request), because of this issue we are unable to enable quality gates.

Following tasks are used in the azure devops pipeline:

  • Prepare analysis for sonar cloud
  • Run code analysis
  • Publish quality gate result
  • ALM used: Git in Azure DevOps CI system used Azure DevOps
  • Languages of the repository: C# .Net
Santhosh
  • 671
  • 12
  • 36

1 Answers1

0

This is an example SonarQube pipeline configuration which is executed on every merge to the master branch.

Example pipeline steps

Steps:

  1. Node is installed for building purposes
  2. Prepare analysis is initiated which downloads necessary for scanning, configurations and rulesets
  3. Nugget package manager is installed
  4. Nugget restore is initiated
  5. Solution is built (important step)
  6. Code analysis is checking every .cs file contained in the solution previously built
  7. Strict quality gate are the scan results
  8. Custom build step which breaks the pipeline if quality gate has failed

This might be obvious but make sure you are building the C# solution in between the Prepare analysis on SonarQube and Run Code Analysis in order to provide updated code that SonarQube will analyze.

The "Get results from SonarQube" step is a powershell script that calls the SonarQube API to get the quality gate results of the scan initiated in order to fail if issues have been found.

greycr0w
  • 13
  • 5