Analyzer report is not updated in sonar dashboard.

[vnekatesharao]

I am trying to analyze powershell scripts using the sonar-ps-plugin. When i run the analysis, the results are not updated in sonar server. Upon debug log i get the log like

File 'c:\xxx\xxx.ps1' not found in system to add issue ps-psanalyzer:PSAvoidUsingPlainTextForPassword

Any suggestion or is this an issue?

[gretard]

Hi, could you provide sonar.properties which you are using for running? It seems that plugin is scanning base dir of the project and maybe that file is not in the sources directory.

[vnekatesharao]

"sonar.branch.name":"sonar",
"sonar.scanner.metadataFilePath":"C:\\W\\1\\_temp\\sonar\\20200315.1\\60511fe9-1fb1-d160-5032-a4707c79115a\\report-task.txt"}

##[debug]extraProperties=# Additional properties that will be passed to the scanner, 
# Put one key=value per line, example:
# sonar.exclusions=**/*.bin
sonar.ps.tokenizer.skip=true
sonar.verbose=true
sonar.inclusions=**/*.ps1,**/*.psm1,**/*.psm
sonar.sources=./Scripts
sonar.log.level=TRACE
##[debug]set SONARQUBE_SCANNER_MODE=CLI

Base dir: C:\W\1\102\s

Which is out repository root, where the git clones in the build pipeline

To be specific on this error, i get warning like

File 'C:\W\1\102\s\Scripts\xxx\xxx.ps1' not found in system to add issue ps-psanalyzer:PSAvoidUsingPlainTextForPassword

[gretard]

Hi, could you run with debug mode enabled? :) Maybe it will provide some insights.

[vnekatesharao]

Please find the logs here I didn't find any suspicious. Please let me know if you do so.

[gretard]

Hi, I think you sonar.sources directory should be ./SYC_DevOps instead of ./Scripts as plugin is scanning everything in the work dir and SYC_DevOps is not included in sonar.sources so that's why you are getting that message on plugin not able to report issue found in "2020-03-15T05:10:43.9577701Z 05:10:43.937 DEBUG: File 'C:\W\1\3\s\SYC_DevOps\Shared\Test_Infrastructure\Scripts\DeploymentTests\Set-LoadTestSettings.ps1' not found in system to add issue ps-psanalyzer:PSAvoidTrailingWhitespace" :)

[gretard]

If you don't want issues found in other dirs such as SYC_DevOps to be reported, then you can ignore that message and you should only see issues reported in files from ./Scripts directory.

Please let me know if this helps :)

[vnekatesharao]

I tried as you suggested as well as by giving sonar.sources=. still i am not seeing analysis results in sonar

The problem is that the scripts are analyzing, i see that in the given log Script-Analyzer finished, found 4377 issues at 'C:\W\1\3\s'

But in dashboard i am not seeing the 4377 issues which is identified.

[vnekatesharao]

i hope ps plugin supports psscriptanalyzer rules of version 1.18.3.

[gretard]

Hi, I have checked the rules and seems that this version is not supported. Could you try running now with debug mode enabled? Maybe not all rules are enabled in Sonar? Or did the plugin reported that it was not able to add violation?

[vnekatesharao]

Most of the rules are enabled and for verification I checked couple of rules and those are enabled. (worst case, atleast for this issue whould show up.

No violation reported

I am using sonar Version 7.9.2 (build 30863)

[gretard]

What about the further lines? Could you share full log?

On Thu, Apr 2, 2020, 8:50 PM Venkatesha Rao notifications@github.com wrote:

Most of the rules are enabled and for verification I checked couple of rules and those are enabled. (worst case, atleast for this issue whould show up.

No violation reported

[image: image] https://user-images.githubusercontent.com/14861231/78281466-57360d80-7538-11ea-85da-7dfae022952e.png

I am using sonar Version 7.9.2 (build 30863)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/gretard/sonar-ps-plugin/issues/20#issuecomment-608008595, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE3VN7GPI65LIIPHEGKOWD3RKTF4ZANCNFSM4LAIWV5A .

[vnekatesharao]

you can click here to get the complete logs

[gretard]

Could you check the link? :) 404: Not found

[vnekatesharao]

It is accessible now

[gretard]

Hi, I have looked into debug file and I see no errors on the Powershell plugin. Not showing of that 4k+ issues could be due to exclude settings, server configuration (maybe some rules are disabled) or configuration parameters or something else. I would suggest trying to do another scan for a new project or maybe even locally with minimal configuration with debug enabled:

sonar.ps.tokenizer.skip=true
sonar.verbose=true
sonar.language=ps
sonar.sources=.

Please let me know if you was able to see those 4k+ issues. If yes - then configuration parameters need to be checked.