SonarQube MSBuild运行程序不适用于已添加到项目中的移植FxCop Roslyn规则

Question

Currently we're running SonarQube analyses during our build proces. We've wanted to run our quality profile locally in Visual Studio 2015. For this we've created a ruleset for Visual Studio and turned on the rules that were enabled in our quality profile. SonarLint has an intergration for this, but the FxCop rules aren't synced (at the moment). When enabled FxCop rules Visual Studio freezes. So this wasn't an option for us.

Another option we've tried is instead of creating a ruleset based on FxCop and Roslyn. Was trying to create a roslyn only ruleset. So we've added the FxCop port to Roslyn rules NuGet package to out projects. But when we ran SonarQube with MSBuild Runner 2.1 we received the following error: MSBUILD : error : CA0059 : Invalid settings passed to CodeAnalysis task. See output window for details. MSBUILD : error : CA0059 : Invalid settings passed to CodeAnalysis task. See output window for details. We get this error even when we didn't turn on these rules or use the default Microsoft Ruleset.

When I take a look at the MSBuild log I see the following (removed a lot of rules for readability):

/rulesetdirectory:"C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\\Rule Sets" 
/rule:"-C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\FxCop\\Rules" 
/ruleid:"-Microsoft.Performance#CA1820" 
/ruleid:"-Microsoft.Reliability#CA2002" 
/ruleid:"-Microsoft.Usage#CA1816
      -Microsoft.Usage#CA2208" 
/ruleid:"-Microsoft.Usage#CA2216"  
/searchgac /ignoreinvalidtargets 
/forceoutput /successfile /ignoregeneratedcode /saveMessagesToReport:Active,Excluded 
/timeout:120 
/reportMissingIndirectAssemblies

Switch '/microsoft.usage#ca2208" /ruleid' is an unknown switch.

Type 'FxCopCmd.exe /?' for help on command-line arguments.
MSBUILD : error : CA0059 : Invalid settings passed to CodeAnalysis task. See output window for details. 
Code Analysis Complete -- 1 error(s), 0 warning(s)

It looks like SonarQube isn't correctly generating the FxCop argument in this situation. Does anyone know a fix for this problem?

Thanks in advance.

I've created a GitHub repro where this problem can be reproduced: https://github.com/mvdiemen/SonarQubeFxCopRoslyn

Answer 1

First of all, currently the Scanner for MSBuild does not support running FxCop through Roslyn. The reason is that it exposes rules that are intended to be used by FxCop in a specific way, different than other rules that are passed to Roslyn.

The analyzers that you are using, notably System.Runtime.Analyzers-1.2.0-beta2 , override the rule set for FxCop using the property CodeAnalysisRuleSetOverrides .

MSBuild has the target CodeAnalysis which calls FxCopCmd.exe . As the CodeAnalysisRuleSetOverrides property is defined, FxCopCmd will receive as parameters all the rule IDs defined in that property.

The error you posted comes from a typo in the System.Runtime.Analyzers-1.2.0-beta2 analyzer when defining that property. There is a semicolon missing in packages\\System.Runtime.Analyzers-1.2.0-beta2\\build\\System.Runtime.Analyzers.props , which causes FxCopCmd.exe to fail.

Note that CodeAnalysisRuleSetOverrides overrides the rule set that is defined by the Scanner for MSBuild (through another property, CodeAnalysisRuleSet ). It is unintended because as a result FxCop will use the rules defined by the analyzers that you use in the project instead of the rules that are active in the Quality Profile defined in the SonarQube server.

I will fix the target file used by Scanner for MSBuild to reset the property CodeAnalysisRuleSetOverrides .

To use the Scanner for MSBuild, you should remove those analyzers. More information here: http://docs.sonarqube.org/display/SCAN/From+the+Command+Line