From b29dc24600883dcc80bdd262b4200dee2634c99b Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 00:49:14 +0100 Subject: [PATCH 01/19] Update quality.yml --- .github/workflows/quality.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 27d076d..19f0e67 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -15,24 +15,24 @@ jobs: uses: actions/setup-java@v4 with: java-version: 17 - distribution: 'zulu' # Alternative distribution options are available. + distribution: 'zulu' # Alternative distribution options are available - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Cache SonarCloud packages + - name: Cache SonarQube Cloud packages uses: actions/cache@v4 with: path: ~\sonar\cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - - name: Cache SonarCloud scanner + - name: Cache SonarQube Cloud scanner id: cache-sonar-scanner uses: actions/cache@v4 with: path: ${{ runner.temp }}\scanner key: ${{ runner.os }}-sonar-scanner restore-keys: ${{ runner.os }}-sonar-scanner - - name: Install SonarCloud scanner + - name: Install SonarQube Cloud scanner if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' shell: pwsh run: | @@ -44,7 +44,7 @@ jobs: dotnet tool install --global dotnet-coverage - name: Build and analyze env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} shell: pwsh run: | @@ -52,5 +52,5 @@ jobs: $PSNativeCommandUseErrorActionPreference = $true ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release - dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' + dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From aa070defe6f242f6a0bc5118d27464e9a0c0cfee Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 08:25:26 +0100 Subject: [PATCH 02/19] Update quality.yml --- .github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 19f0e67..21a0e6c 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.verbose=true dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 49e30fb9898bc41d81ad0f0fe12c69d37d4e41e0 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 08:56:22 +0100 Subject: [PATCH 03/19] Add FluentAssertions to ArbitraryProject.Tests --- src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj b/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj index e14706f..e47d2c8 100644 --- a/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj +++ b/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj @@ -11,6 +11,7 @@ + From 1d84b567297f1c0fab41a3b535d695c2f6ca0346 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 08:56:46 +0100 Subject: [PATCH 04/19] Remove FluentAssertions form ArbitraryProject --- src/ArbitraryProject/ArbitraryProject.csproj | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ArbitraryProject/ArbitraryProject.csproj b/src/ArbitraryProject/ArbitraryProject.csproj index cf2ac82..2748991 100644 --- a/src/ArbitraryProject/ArbitraryProject.csproj +++ b/src/ArbitraryProject/ArbitraryProject.csproj @@ -8,7 +8,6 @@ - From 0c3366a49d61a935e297a34a04151f93d14012aa Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 09:02:50 +0100 Subject: [PATCH 05/19] Fix SonarQube Cloud finding --- src/ArbitraryProject/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ArbitraryProject/Program.cs b/src/ArbitraryProject/Program.cs index e1f5e3d..4179287 100644 --- a/src/ArbitraryProject/Program.cs +++ b/src/ArbitraryProject/Program.cs @@ -25,4 +25,4 @@ app.MapControllers(); -app.Run(); +await app.RunAsync(); From 9cce29566fe633da4447fdffa0a9d10c3bd4eb5d Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 10:18:01 +0100 Subject: [PATCH 06/19] Update .gitignore --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 16e8e0f..2ea8146 100644 --- a/.gitignore +++ b/.gitignore @@ -398,5 +398,5 @@ FodyWeavers.xsd *.sln.iml # Sonar -# Uncomment the following line to avoid error message "There were errors in the dependency analysis" on the "Dependencies" tab in SoanrQube Cloud due to inclusion of scanner directory -# .sonar/* +# Avoid error message "There were errors in the dependency analysis" on the "Dependencies" tab in SoanrQube Cloud +!*/project.assets.json From 82bd5ce15047dc91005a1552718571047d94d6f7 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 10:47:06 +0100 Subject: [PATCH 07/19] Remove unnecessary entry from .gitignore --- .gitignore | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2ea8146..8a30d25 100644 --- a/.gitignore +++ b/.gitignore @@ -396,7 +396,3 @@ FodyWeavers.xsd # JetBrains Rider *.sln.iml - -# Sonar -# Avoid error message "There were errors in the dependency analysis" on the "Dependencies" tab in SoanrQube Cloud -!*/project.assets.json From 9d9f7fbcf954c4758d6cee539318d0cd2baa0232 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 10:47:26 +0100 Subject: [PATCH 08/19] Disable verbose logging --- .github/workflows/quality.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 21a0e6c..8037ad5 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -15,10 +15,10 @@ jobs: uses: actions/setup-java@v4 with: java-version: 17 - distribution: 'zulu' # Alternative distribution options are available + distribution: "zulu" # Alternative distribution options are available - uses: actions/checkout@v4 with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Cache SonarQube Cloud packages uses: actions/cache@v4 with: @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.verbose=true + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 98601142ff53793d285b7b197adb11d52794ac34 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 10:49:04 +0100 Subject: [PATCH 09/19] Update README --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 23f49f4..f64844f 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Scan and analyze GitHub repository with SonarQube Cloud ### Automatic Analysis > [!IMPORTANT] -> With Automatic Analysis for .Net, certain rules for .Net source code are automatically deactivated. This includes security rules, all rules that come from outside the Sonar Way quality profile, as well as certain rules from within it. +> With Automatic Analysis for .NET, certain rules for .NET source code are automatically deactivated. This includes security rules, all rules that come from outside the Sonar Way quality profile, as well as certain rules from within it. > [!NOTE] > Automatic analysis is only supported for GitHub repositories. If you are using a different version control system, you will need to use a different method to analyze your code. @@ -69,7 +69,7 @@ To include i.e. terraform files in the analysis of SonarScanner for .NET, the fo #### Include test coverage -To include test coverage in the analysis of SonarScanner for .NET, the following adjustments are required in the GitHub actions workflow (`.github/workflows/quality.yml`). +To include test coverage in the analysis of SonarScanner for .NET, the following adjustments are required in the GitHub actions workflow (see `.github\workflows\quality.yml`). ```yaml # Install dotnet-coverage @@ -79,18 +79,18 @@ To include test coverage in the analysis of SonarScanner for .NET, the following dotnet tool install --global dotnet-coverage - name: Build and analyze env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} shell: pwsh run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true # Add /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml - .\.sonar\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 dotnet build .\src\ArbitrarySolution.sln --configuration Release # Execute tests and collect coverage - dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' - .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' + ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" ``` ## Scan Results @@ -122,5 +122,6 @@ For an example, see [here](https://github.com/rufer7/github-sonarcloud-integrati - [SonarQube Cloud - Getting Started with GitHub](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/) - [Pull request analysis](https://docs.sonarsource.com/sonarqube-cloud/improving/pull-request-analysis/#existing-pull-requests-on-first-automatic-analysis) -- [.NET test coverage](https://docs.sonarsource.com/sonarqube/9.8/analyzing-source-code/test-coverage/dotnet-test-coverage/) -- [Github action should fail on authentication error](https://community.sonarsource.com/t/github-action-should-fail-on-authn-error/147720) +- [.NET test coverage](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/test-coverage/dotnet-test-coverage) +- [Github action should fail on authentication error](https://community.sonarsource.com/t/github-action-should-fail-on-authentication-error/147720) +- [Analysis of product projects vs. test projects](https://github.com/SonarSource/sonar-scanner-msbuild/wiki/Analysis-of-product-projects-vs.-test-projects) From 6c2052ed96e1cec349527fb728678f14e170bc66 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 22:21:38 +0100 Subject: [PATCH 10/19] Try to fix "There were errors in the dependency analysis" error --- .github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 8037ad5..a6b4bb1 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -50,7 +50,7 @@ jobs: run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.sca.resolveAsRoot=true dotnet build .\src\ArbitrarySolution.sln --configuration Release dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 7a167af4934cf1fe9a45458e2b8242c5a7b001b3 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:27:00 +0100 Subject: [PATCH 11/19] Update dependencies --- .../ArbitraryProject.Tests.csproj | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj b/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj index e47d2c8..2dd0331 100644 --- a/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj +++ b/src/ArbitraryProject.Tests/ArbitraryProject.Tests.csproj @@ -10,11 +10,17 @@ - - - - - + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + + + + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + From 7bfcecae63675c469144f7df55efb6fc8a3fb948 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:27:18 +0100 Subject: [PATCH 12/19] Use logger + use collection initializer --- .../Controllers/WeatherForecastController.cs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ArbitraryProject/Controllers/WeatherForecastController.cs b/src/ArbitraryProject/Controllers/WeatherForecastController.cs index eb0cf90..976d3e1 100644 --- a/src/ArbitraryProject/Controllers/WeatherForecastController.cs +++ b/src/ArbitraryProject/Controllers/WeatherForecastController.cs @@ -21,13 +21,14 @@ public WeatherForecastController(ILogger logger) [HttpGet(Name = "GetWeatherForecast")] public IEnumerable Get() { - return Enumerable.Range(1, 5).Select(index => new WeatherForecast + logger.logInformation("Generating weather forecast data."); + + return [.. Enumerable.Range(1, 5).Select(index => new WeatherForecast { Date = DateOnly.FromDateTime(DateTime.Now.AddDays(index)), TemperatureC = Random.Shared.Next(-20, 55), Summary = Summaries[Random.Shared.Next(Summaries.Length)] - }) - .ToArray(); + })]; } } } From dfe0ca5d7cbd3d209d66cf77297fe0292368de36 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:35:38 +0100 Subject: [PATCH 13/19] Add link --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f64844f..1bf467b 100644 --- a/README.md +++ b/README.md @@ -125,3 +125,4 @@ For an example, see [here](https://github.com/rufer7/github-sonarcloud-integrati - [.NET test coverage](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/test-coverage/dotnet-test-coverage) - [Github action should fail on authentication error](https://community.sonarsource.com/t/github-action-should-fail-on-authentication-error/147720) - [Analysis of product projects vs. test projects](https://github.com/SonarSource/sonar-scanner-msbuild/wiki/Analysis-of-product-projects-vs.-test-projects) +- [Parameters not settable in the UI](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-parameters/parameters-not-settable-in-ui) From 3aacc31b232778acb39c556248e9ff571587dd44 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:36:16 +0100 Subject: [PATCH 14/19] Update yaml in readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1bf467b..3d1339d 100644 --- a/README.md +++ b/README.md @@ -85,10 +85,10 @@ To include test coverage in the analysis of SonarScanner for .NET, the following run: | $ErrorActionPreference = "Stop" $PSNativeCommandUseErrorActionPreference = $true - # Add /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml - ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 + # Add /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml + ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"rufer7_github-sonarcloud-integration" /o:"rufer7" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.projectBaseDir="D:\a\github-sonarcloud-integration\github-sonarcloud-integration" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0 /d:sonar.sca.resolveAsRoot=true dotnet build .\src\ArbitrarySolution.sln --configuration Release - # Execute tests and collect coverage + # Execute tests and collect coverage dotnet-coverage collect 'dotnet test .\src\ArbitraryProject.Tests\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml' ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" ``` From 8a4be947001eb1d0e966770d7371d27a06c13b7b Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:36:57 +0100 Subject: [PATCH 15/19] minor --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3d1339d..0b40e8d 100644 --- a/README.md +++ b/README.md @@ -67,9 +67,9 @@ To include i.e. terraform files in the analysis of SonarScanner for .NET, the fo For more details see [here](https://docs.sonarsource.com/sonarqube/9.8/analyzing-source-code/scanners/sonarscanner-for-dotnet/#advanced-topics) -#### Include test coverage +#### Include .NET test coverage -To include test coverage in the analysis of SonarScanner for .NET, the following adjustments are required in the GitHub actions workflow (see `.github\workflows\quality.yml`). +To include .NET test coverage in the analysis of SonarScanner for .NET, the following adjustments are required in the GitHub actions workflow (see `.github\workflows\quality.yml`). ```yaml # Install dotnet-coverage From bd32bfbf4a63009b8056247b6d619017c414490a Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:43:45 +0100 Subject: [PATCH 16/19] Add hint regarding SCA error/warning --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 0b40e8d..d2045cb 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,11 @@ To include .NET test coverage in the analysis of SonarScanner for .NET, the foll ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" ``` +#### Software Composition Analysis (SCA) + +> [!IMPORTANT] +> Currently, it's required to set `sonar.sca.resolveAsRoot=true` in the `dotnet-sonarscanner` begin step to avoid `No lockfile was found for 'PATH_TO_PROJECT_FILE' (nuget)` warning on `Dependency Risks` and `Inventory` > `Dependencies` tabs + ## Scan Results ### SonarQube Cloud From 1c6b88687868dc2ece0557c2d29843ad4b46bd3b Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:45:52 +0100 Subject: [PATCH 17/19] minor --- deploy/iac/main.tf | 2 +- src/ArbitraryProject/ArbitraryProject.csproj | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/iac/main.tf b/deploy/iac/main.tf index 44ac46c..f0a631a 100644 --- a/deploy/iac/main.tf +++ b/deploy/iac/main.tf @@ -16,7 +16,7 @@ resource "azurerm_storage_account" "sa" { account_replication_type = "GRS" shared_access_key_enabled = false default_to_oauth_authentication = true - min_tls_version = "TLS1_0" # Security issue to be detected by SonarCloud + min_tls_version = "TLS1_0" # Security issue to be detected by SonarQube Cloud } resource "azurerm_role_assignment" "blob-data-owner" { diff --git a/src/ArbitraryProject/ArbitraryProject.csproj b/src/ArbitraryProject/ArbitraryProject.csproj index 2748991..604d102 100644 --- a/src/ArbitraryProject/ArbitraryProject.csproj +++ b/src/ArbitraryProject/ArbitraryProject.csproj @@ -11,7 +11,7 @@ - + Never From 89207292fc15c66eb32f1d83ac0da3d7d7a4a2e2 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:47:15 +0100 Subject: [PATCH 18/19] Fix build error and use collection initializer --- .../Controllers/WeatherForecastController.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ArbitraryProject/Controllers/WeatherForecastController.cs b/src/ArbitraryProject/Controllers/WeatherForecastController.cs index 976d3e1..29c2716 100644 --- a/src/ArbitraryProject/Controllers/WeatherForecastController.cs +++ b/src/ArbitraryProject/Controllers/WeatherForecastController.cs @@ -6,10 +6,10 @@ namespace ArbitraryProject.Controllers [Route("[controller]")] public class WeatherForecastController : ControllerBase { - private static readonly string[] Summaries = new[] - { + private static readonly string[] Summaries = + [ "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" - }; + ]; private readonly ILogger _logger; @@ -21,7 +21,7 @@ public WeatherForecastController(ILogger logger) [HttpGet(Name = "GetWeatherForecast")] public IEnumerable Get() { - logger.logInformation("Generating weather forecast data."); + _logger.LogInformation("Generating weather forecast data."); return [.. Enumerable.Range(1, 5).Select(index => new WeatherForecast { From 6f5778df2d19a6bc56a6f28d3bbdff6aef78d440 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Wed, 29 Oct 2025 23:52:53 +0100 Subject: [PATCH 19/19] Add AutoMapper --- src/ArbitraryProject/ArbitraryProject.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArbitraryProject/ArbitraryProject.csproj b/src/ArbitraryProject/ArbitraryProject.csproj index 604d102..08f6841 100644 --- a/src/ArbitraryProject/ArbitraryProject.csproj +++ b/src/ArbitraryProject/ArbitraryProject.csproj @@ -7,6 +7,7 @@ +