S3992/S3904 - 1 violation reports ALL files in repo for violation

[dmstrat]

Description

For Rule: S3992 - Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' For Rule: S2904 - Provide an 'AssemblyVersion' attribute for assembly 'srcassembly.dll'.

Problem: The violations are reporting against every single file in the repository.

Sonarqube (community edition and msbuild scanner used) reports 1 instance of the rule violation (both rules get one violation) reporting against the project such as ThisProject.dll Codacy.com SonarC# reports over 18k violations which represents every single csharp file in the repository. The violation also reports the assembly as 'srcassembly.dll' which may be a codacy.com implementation of the sonarC# as there are no projects in the repository named 'srcassembly'.

Repro steps

I'll try to take some time to generate a repro repo to share, but wanted to open the issue as I'm having the same problem with both rules.

Known workarounds

• Turn off the rule in Codacy.com | Code Patterns | SonarC# until the rule is fixed
• Figure out which project has the problem, fix it, and the 18k violations go away.

Related information

• C#/VB.NET Plugins version - Codacy.com -> Code Patterns -> SonarC# 9.32 - codacy.com report

[Tim-Pohlmann]

This seems to be a problem with Codacy.com. Please either contact them or clarify what behavior from the Sonar C# analyzer you find unexpected. Thank you!

[dmstrat]

What I would expect of the behavior of the analyzer would be to report only the single violation for the project that needs this attribute, not every single file in the repository. Even though I agree that the srcassembly.dll in the message might be a Codacy issue I do not think the repeated violations are because of Codacy unless there is a configuration that would report this way. Is there such a way to configure the sonar scans to report against all files for these two rules, or these types of rules?

I would like to see something like this (which sonarqube does today):

violation rule: S3992 message: Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' file: myProject.csproj

NOT something like this:

violation rule: S3992 message: Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' file: myProject.csproj

violation rule: S3992 message: Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' file: AssemblyInfo.cs

violation rule: S3992 message: Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' file: Program.cs

violation rule: S3992 message: Provide a 'ComVisible' attribute for assembly 'srcassembly.dll' file: myClass.cs

... and 17,996 copies of this violation for each file in the repository.

[Tim-Pohlmann]

The analyzer reports S3992 and S3904 per assembly, not per file; That is why SonarQube presents it this way. If Codacy.com displays the issue on every file, that likely stems from how they use the rule.