We’re using SonarQube 8.0 since last November to analyze our Java & Angular JS projects. The analysis is executed by our Jenkins agents using maven (via SonarScanner). We’re currently happy with the results that we’re achieving, but we’re not really happy about the performance of the analysis, specially in our biggest project.
This project has 516k lines of code (12258 files) and when we run the analysis using the ‘Sonar way’ quality profile for Java code it takes around 55’.
We run our analysis with the following command:
mvn clean package sonar:sonar
This command also runs the UTs (the execution of the UTs takes 6 if we execute it alone)
Our Jenkins agents are virtual machines with the following flavor:
80 GB HDD (SSD)
CPU (8x cores 2.3ghz base with turbo boost up to 3.9)
16 GB RAM
What would be your recommendations in order to achieve a faster build?
Adding more RAM / allocating more RAM?
Move our analysis a VM with a faster CPUs? More cores?
Any specific configuration on maven or on the sonar analysis?
v6.0 of our Java analyzer has some pretty notorious performance issues. Can you upgrade to v6.3?
Since you’re using the Developer Edition of SonarQube, you’re probably taking advantage of our advanced injection vulnerability rules.
Performance of these rules has improved pretty significantly in later versions of SonarQube (currently v8.2, v8.3 next week)
Since you’re using a non-LTS version of SonarQube (v8.0, as opposed to v7.9 LTS), you should be prepared to upgrade soon after any new release of the platform. This should also speed up your analysis.
These are common culprits for slowing down SonarQube analysis and are really out of our control. These community-supported plugins execute their external analyzer (Findbugs, PMD) during SonarQube analysis. You might want to check the logs to see how long these tools are taking to run and weigh the benefits.
Thanks again for your answer. The SONAR_SCANNER_OPTS didn’t improve anything. Right now we’re focus on the migration to a newer version and checking the analysis logs in order to understand the potential issues.
After quite a lot of time I’m back - I’m followed your suggestion about the upgrading the our current instance from 8.0 to 8.3.X - and the generation of the analysis seems a bit faster - that’s great - but the time needed to process the the analysis in the Sonar server for our features branches has been increased by 5/6 times - could it be explained by the removal of the short lived branches concept in 8.1? Is there any way to improve this?