Analysis Taking Multiple Hours to Complete

SonarCloud
1

  • ALM used (GitHub)

  • CI system used (Github Actions)

  • Scanner command used:
    *** indicates some id that was removed

    usr/bin/docker run --name *** --label 8a33c1 --workdir /github/workspace --rm -e GITHUB_TOKEN -e SONAR_TOKEN -e NODE_AUTH_TOKEN -e INPUT_ARGS -e INPUT_PROJECTBASEDIR -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/cu-adapter/cu-adapter":"/github/workspace" ***

  • Languages of the repository (javascript)

  • Error observed:
    Both automatic analysis and manual analysis via github actions is taking upwards of 2 hours to complete a scan.
    This started happening after updating a dependency (mocha from 8.4 → 9.0) but no other changes.
    No errors are observed and no reference to the scan is visible in sonarcloud until after the 2 hour mark.

  • Steps to reproduce:
    Trigger a workflow run on our private repository

  1. We already tried deleting the project entirely and re-adding it. That didn’t make a difference
  2. We set “New Code” to be for the last 30 days only - no difference
  3. We tried using automatic analysis instead of ci-driven and have been unable to get a successful response from auto analysis entirely
  4. We confirmed the github repo and associated actions tasks are communicating with the sonarcloud project
2

hi @james-pf ,

can you please provide more logs from github actions? I am looking for log like this

INFO: Sensor JsSecuritySensor [security] (done) | time=xxxxxms
3

Here is a full info log from a scan @saberduck :

INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /github/workspace/sonar-project.properties
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
INFO: Linux 5.8.0-1033-azure amd64
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /github/workspace/sonar-project.properties
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "US-ASCII" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=552ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=127ms
INFO: Load/download plugins (done) | time=20635ms
INFO: Loaded core extensions: developer-scanner
INFO: JavaScript/TypeScript frontend is enabled
INFO: Found an active CI vendor: 'Github Actions'
INFO: Load project settings for component key: ***
INFO: Load project settings for component key: *** (done) | time=119ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: ***
INFO: Base dir: /github/workspace
INFO: Working dir: /github/workspace/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=112ms
INFO: Check ALM binding of project ***
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project *** (done) | time=97ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=173ms
INFO: Load branch configuration
INFO: Github event: push
INFO: Auto-configuring branch development
INFO: Load branch configuration (done) | time=184ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=153ms
INFO: Load active rules
INFO: Load active rules (done) | time=3078ms
INFO: Organization key: ***
INFO: Branch name: development, type: long-lived
INFO: Indexing files...
INFO: Project configuration:
INFO: 63 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for js: Sonar way Recommended
INFO: ------------- Run sensors on module ***
INFO: JavaScript/TypeScript frontend is enabled
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=104ms
INFO: Sensor CSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [cssfamily] (done) | time=2ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=2ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=3ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=2ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
INFO: Sensor JavaScript analysis [javascript]
INFO: Deploying custom rules bundle jar:file:/opt/sonar-scanner/.sonar/cache/e90252615509e3e607c20e3fc2775448/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /github/workspace/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules1340959903449133774
INFO: 62 source files to be analyzed
INFO: Load project repositories
INFO: Load project repositories (done) | time=146ms
INFO: 30/62 files analyzed, current file: ***
INFO: 62/62 source files have been analyzed
INFO: Sensor JavaScript analysis [javascript] (done) | time=22932ms
INFO: Sensor TypeScript analysis [javascript]
INFO: No input files found for analysis
INFO: Sensor TypeScript analysis [javascript] (done) | time=1ms
INFO: Sensor JavaScript/TypeScript Coverage [javascript]
INFO: Analysing [/github/workspace/coverage/lcov.info]
INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=56ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=2ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=2ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/js
INFO: 14:27:22.308666 Building Runtime Type propagation graph
INFO: 14:27:22.400172 Running Tarjan on 11472 nodes
INFO: 14:27:22.414113 Tarjan found 11472 components
INFO: 14:27:22.435725 Variable type analysis: done
INFO: 14:27:22.437883 Building Runtime Type propagation graph
INFO: 14:27:22.534402 Running Tarjan on 11472 nodes
INFO: 14:27:22.544688 Tarjan found 11472 components
INFO: 14:27:22.562275 Variable type analysis: done
INFO: Analyzing 958 ucfgs to detect vulnerabilities.
INFO: rule: S2083, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S2083 done
INFO: rule: S5131, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5131 done
INFO: rule: S5334, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5334 done
INFO: rule: S5144, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5144 done
INFO: rule: S5696, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5696 done
INFO: rule: S3649, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S3649 done
INFO: rule: S2076, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S2076 done
INFO: rule: S6096, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S6096 done
INFO: rule: S5147, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5147 done
INFO: rule: S5883, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5883 done
INFO: rule: S5146, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S5146 done
INFO: rule: S2631, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S2631 done
INFO: rule: S6105, entrypoints: 63
INFO: Running symbolic analysis
INFO: rule: S6105 done
INFO: Sensor JsSecuritySensor [security] (done) | time=9239851ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=0ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 1/1 source file have been analyzed (done) | time=584ms
INFO: CPD Executor 7 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 55 files
INFO: CPD Executor CPD calculation finished (done) | time=48ms
INFO: Analysis report generated in 182ms, dir size=1 MB
INFO: Analysis report compressed in 182ms, zip size=568 KB
INFO: Analysis report uploaded in 1080ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=***&branch=development
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXoQntkZmIusp1SlkYQw
INFO: Analysis total time: 2:34:37.570 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:35:01.980s
INFO: Final Memory: 55M/187M
INFO: ------------------------------------------------------------------------