Issue
I configured the MSBuild for Sonar Scanner and Sonar Scanner itself on Ubuntu, after banging my head on wall many times in many days yielded some fruitful results so that I am able to scan the .NET project on Ubuntu it did not shows any error begin step is fine, build is also successful and it says it is collecting analysis report and finished … but no report is generated I am sure there are issues because for testing I passed the vulnerable project to scanner. The version information is following
- SonarQube-8.6.1.40680
- Sonar Scanner 4.6.1.2450
- Ubuntu 20.04.2 LTS
- .NET Core 5.0.301
The command that was used to initiate the scanning is following
dotnet sonarscanner begin /k:"'myProjectKey'" /d:sonar.host.url="http://localhost:9000"
dotnet build "myProject.sln"
dotnet sonarscanner end
The output of the sonar scanner is following
SonarScanner for MSBuild 5.2.2
Using the .NET Core version of the Scanner for MSBuild
Post-processing started.
Calling the SonarScanner CLI...
INFO: Scanner configuration file: /home/ubuntu/.dotnet/tools/.store/dotnet-sonarscanner/5.2.2/dotnet-sonarscanner/5.2.2/tools/net5.0/any/sonar-scanner-4.6.1.2450/conf/sonar-scanner.properties
INFO: Project root configuration file: ./.sonarqube/out/sonar-project.properties
INFO: SonarScanner 4.6.1.2450
INFO: Java 11.0.11 Ubuntu (64-bit)
INFO: Linux 5.8.0-1035-aws amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /home/ubuntu/.dotnet/tools/.store/dotnet-sonarscanner/5.2.2/dotnet-sonarscanner/5.2.2/tools/net5.0/any/sonar-scanner-4.6.1.2450/conf/sonar-scanner.properties
INFO: Project root configuration file: ./.sonarqube/out/sonar-project.properties
INFO: Analyzing on SonarQube server 8.6.1
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=80ms
INFO: Server id: BF41A1F2-AXnr4GgQhOwzgJl08ZuM
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=47ms
INFO: Load/download plugins (done) | time=123ms
INFO: Process project properties
INFO: Process project properties (done) | time=13ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=32ms
INFO: Project key: VulnerableCoreApp.sln
INFO: Base dir: ./
INFO: Working dir: ./.sonarqube/out/.sonar
INFO: Load project settings for component key: 'VulnerableCoreApp.sln'
INFO: Load project settings for component key: 'VulnerableCoreApp.sln' (done) | time=13ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=35ms
INFO: Load active rules
INFO: Load active rules (done) | time=1017ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Indexing files of module 'VulnerableCoreApp'
INFO: Base dir: ./
INFO: Source paths: Controllers/CrossSiteScriptingController.cs, Controllers/Home...
INFO: Indexing files of module 'VulnerableCoreApp.sln'
INFO: Base dir: ./
INFO: 0 files indexed
INFO: 72 files ignored because of scm ignore settings
INFO: ------------- Run sensors on module VulnerableCoreApp
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=25ms
INFO: Sensor CSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [cssfamily] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=3ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: ------------- Run sensors on module VulnerableCoreApp.sln
INFO: Sensor CSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [cssfamily] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=0ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=0ms
INFO: CPD Executor Calculating CPD for 0 files
INFO: CPD Executor CPD calculation finished (done) | time=0ms
INFO: Analysis report generated in 116ms, dir size=86 KB
INFO: Analysis report compressed in 9ms, zip size=11 KB
INFO: Analysis report uploaded in 25ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=VulnerableCoreApp.sln
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AXpSC7HGqgJk9aahC7zU
INFO: Analysis total time: 3.296 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 4.402s
INFO: Final Memory: 7M/34M
INFO: ------------------------------------------------------------------------
The SonarScanner CLI has finished
09:55:36.137 Post-processing succeeded.
please suggest a solution by keeping in view that no admin panel is accessible in command line, so prefer a way e.g. sonar.properties file or any other configuration file change would be best.
Solution
Finally i found the solution my self after lot of experiments and search hope it will help others, Basically carefully observing the logs i noticed the following lines
INFO: Indexing files of module 'VulnerableCoreApp.sln'
INFO: Base dir: ./
INFO: 0 files indexed
INFO: 72 files ignored because of scm ignore settings
Which says that SCM (Source Control Management) is excluding all files for scanning, in sonar SCM used to either include or exclude files for scanning based on version control rules defined in the settings, in my case I was not interested to use SCM in the scanning so I disabled it, to include all files for scanning.
The command line switch did it all for me, you can also specify the switch in properties file of sonar project
-Dsonar.scm.disabled=True
The command now becomes
dotnet sonarscanner begin /k:"'myProjectKey'" /d:sonar.host.url="http://localhost:9000" /d:sonar.scm.disabled=True
dotnet build "myProject.sln"
dotnet sonarscanner end
Now all files are indexed for scanning and none of the files are ignored as SCM is now disabled, if you do want to use SCM then you have to change your SCM settings in sonar admin dashboard to address this issue.
Answered By - Zain Ul Abidin