We have a small to medium size repository and we run Sonar as part of our PR pipelines to help ensure higher code quality in our product. Unfortunately while we have been able to greatly improve our pipeline times by running unit tests and various linters in parallel, the Sonar stage is now the bottleneck since it runs the analysis sequentially. We monitored the CPU load on the pod running sonar and it is pretty consistently using 1.5 CPU or 2.5 CPUs (we use k8s), we’ve allocated 6CPUs to the pod, but Sonar-scanner is not taking advantage of the increased compute capacity.
As far as we can tell the scanner is running the analysis entirely sequentially, while it could at the very least analyze each language in parallel, greatly reducing the time required to analyze monorepos with multiple languages.
Note that we are already excluding generated code and we are looking at finding ways to tell Sonar to only look at changed files for Pull Requests but that will not help with the main and release branches analysis times where we need full reports for audit purposes.