sonarqubesonarqube-scanazure-pipelines-build-taskazure-devops-servicessecurity-code-scan

ERROR: Validation of project failed o To use the property "sonar.branch.name" and analyze branches

Solution for this thread

The command provided by the SonarCommunity/Forum did not solve the issue, see snippet below, but by learning the dotnet framework method we manage, so basically we remove to problematic Property from the env:Variable, see solution snippet below,

SonarCommunity suggested solution (didn't work)

$params = "$env:SONARQUBE_SCANNER_PARAMS" -replace '"sonar.branch.name":"[\w,/,-]*"\,?'
Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params"

Functional solution via the PSObject.Properties dotnet Method

$params = "$env:SONARQUBE_SCANNER_PARAMS.PSObject.Properties('sonar.branch.name')"
Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params"

Above snippet allowed us to bring back our SonarQube code scanning, hope help you all as well!

Error Description

  1. This is an Azure DevOps Build Pipeline

  2. In the SonarQube Task we pass the next Key-value pairs {"project-key":"value","project-name":"value","project-version":"value"}

  3. System-wide we were downgraded from SonarQube "Developer Edition" to "Community Edition" since then we are experiencing the error from the title of this threat, see below snippet, and more importantly is creating a failure in the SonarQube task "Run code Analysis"

    ##[error]ERROR: Validation of project failed: o To use the property "sonar.branch.name" and analyze branches, Developer Edition or above is required. See https://redirect.sonarsource.com/doc/branches.html for more information.

What actions have been tested

Researching on the internet found the next powershell script but there isn't much context on how it should be implemented, see below snippet, because is it through a variable passing a "command call" for removing the usage of "sonar.branch.name" but this should be pick-up by a task from what I know by working with ADO:

$params = "$env:SONARQUBE_SCANNER_PARAMS" -replace '"sonar.branch.name":"[\w,/,-]*"\,?'
Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params"

When I do implement this task all the Unit-test fails, so the unit test task hangs until ADO by timeout closes the Pipeline run

Maybe should I Add this task before the "Prepare Analysis Configuration" task and afterwards pass the variable $param to the "advance" section of the Task "Prepare Analysis Configuration"? see screenshot below:

enter image description here

All help will be more than welcome we have all code analysis stopped at the moment and pulling our hair to find a solution

Solution

  • Solution for this thread The command provided by the SonarCommunity/Forum did not solve the issue, see snippet below, but by learning the dotnet framework method we manage, so basically we remove to problematic Property from the env:Variable, see solution snippet below,

    SonarCommunity suggested solution (didn't work)

    $params = "$env:SONARQUBE_SCANNER_PARAMS" -replace '"sonar.branch.name":"[\w,/,-]*"\,?'
Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params"

    Functional solution via the PSObject.Properties dotnet Method

    $params = "$env:SONARQUBE_SCANNER_PARAMS.PSObject.Properties('sonar.branch.name')"
Write-Host "##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS]$params"

    The above snippet allowed us to bring back our SonarQube code scanning, hope help you all as well!