Analyzing C/C++ code built using a container

SonarQube Server / Community Build
1

Hi,
I am running SonarQube in a Jenkins pipeline in order to analyze C/C++ code. The build is done on Linux using a docker container with all build dependencies inside.
When I run the scanner after the buildwrapper (all within the same docker image and on the same machine), I get a stable result.
I want to separate the build-wrapper step from the analysis and potentially run them on two different machines.
If I use the same docker image on a different machine to run the analysis, of course with the same source code as what was used at the wrapper step (but not the derived objects), being available and at the same location (as seen within the container) and with the results of the wrapper steps available, I get a scanner result that looks correct. However the analysis results are not exactly the same as per my previous test. I still need to check the differences to understand exactly what happened.

So my question is the following: are derived objects needed for the analysis? (.o, .a, etc…).
If yes, what is needed and why ?

Thanks for your answers

2

Hey there.

No, the build artifacts are not needed to run the analysis. However, the environment can influence the analysis results. As noted in the docs

  • The environment where you execute the analysis should be the same as the build environment; the analyzer may need to access the build-related environment variables. For example, when using the Microsoft Visual C++ compiler, execute the analysis from the same Visual Studio Developer Command Prompt you use to build your project. The command prompt sets some environment variables, like INCLUDE, that must be set during the analysis.