We’re using SonarQube 8.0 since last November to analyze our Java & Angular JS projects. The analysis is executed by our Jenkins agents using maven (via SonarScanner). We’re currently happy with the results that we’re achieving, but we’re not really happy about the performance of the analysis, specially in our biggest project.
This project has 516k lines of code (12258 files) and when we run the analysis using the ‘Sonar way’ quality profile for Java code it takes around 55’.
We run our analysis with the following command:
mvn clean package sonar:sonar
This command also runs the UTs (the execution of the UTs takes 6 if we execute it alone)
Our Jenkins agents are virtual machines with the following flavor:
80 GB HDD (SSD)
CPU (8x cores 2.3ghz base with turbo boost up to 3.9)
16 GB RAM
What would be your recommendations in order to achieve a faster build?
Adding more RAM / allocating more RAM?
Move our analysis a VM with a faster CPUs? More cores?
Any specific configuration on maven or on the sonar analysis?
Did you have also a look on the memory consumption of your SonarQube server? This can affect some steps in the build pipeline (at least on Azure DevOps Server).
When our server was upgraded from 6.7 to 8.0 (and switched to Java 11) I observed also a delay of the builds. The server memory was over 90% used and swapping.
Doubling memory of SonarQube server from 4GB to 8GB speed up the builds again.
v6.0 of our Java analyzer has some pretty notorious performance issues. Can you upgrade to v6.3?
Since you’re using the Developer Edition of SonarQube, you’re probably taking advantage of our advanced injection vulnerability rules.
Performance of these rules has improved pretty significantly in later versions of SonarQube (currently v8.2, v8.3 next week)
Since you’re using a non-LTS version of SonarQube (v8.0, as opposed to v7.9 LTS), you should be prepared to upgrade soon after any new release of the platform. This should also speed up your analysis.
These are common culprits for slowing down SonarQube analysis and are really out of our control. These community-supported plugins execute their external analyzer (Findbugs, PMD) during SonarQube analysis. You might want to check the logs to see how long these tools are taking to run and weigh the benefits.
We already upgraded the Sonar analyzer plugin and I can confirm that the analysis are a bit faster already. We’re also preparing the upgrade of SonarQube instance.
For the external analyzer, we have enabled the verbose mode and we’re trying to understand we’re are the bottlenecks on our analysis.
Regarding the HW that we use, do you see any check to performed / anything that we can improve?
Hardware is probably where we look last (if only it were that easy)!
You may be able to try allocating more memory to the scanner by adjusting the SONAR_SCANNER_OPTS environment variable and providing more memory (-XmX2G -Xms2G). No promises.
Thanks again for your answer. The SONAR_SCANNER_OPTS didn’t improve anything. Right now we’re focus on the migration to a newer version and checking the analysis logs in order to understand the potential issues.
After quite a lot of time I’m back - I’m followed your suggestion about the upgrading the our current instance from 8.0 to 8.3.X - and the generation of the analysis seems a bit faster - that’s great - but the time needed to process the the analysis in the Sonar server for our features branches has been increased by 5/6 times - could it be explained by the removal of the short lived branches concept in 8.1? Is there any way to improve this?