- ALM used: Bitbucket Cloud
- CI system used: Bitbucket Cloud
- Language: PHP
- Analysis seems to be in loop:
INFO: Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
INFO: Available processors: 2
INFO: Using 2 threads for analysis.
INFO: The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
* The filename starts with "test"
* The filename contains "test." or "tests."
* Any directory in the file path is named: "doc", "docs", "test" or "tests"
* Any directory in the file path has a name ending in "test" or "tests"
INFO: Start fetching files for the text and secrets analysis
INFO: Using Git CLI to retrieve untracked files
WARN: Retrieving only language associated files, make sure to run the analysis inside a git repository to make use of inclusions specified via "sonar.text.inclusions"
INFO: Starting the text and secrets analysis
INFO: 8 source files to be analyzed for the text and secrets analysis
INFO: 8/8 source files have been analyzed for the text and secrets analysis
INFO: Start fetching files for the binary file analysis
INFO: There are no files to be analyzed for the binary file analysis
INFO: Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=2995ms
INFO: Sensor JavaSecuritySensor [security]
INFO: 27 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: java security sensor: Begin: 2025-07-22T21:17:57.340541202Z, End: 2025-07-22T21:17:57.350256453Z, Duration: 00:00:00.009
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.345113767Z, End: 2025-07-22T21:17:57.347498319Z, Duration: 00:00:00.002
Load type hierarchy: Begin: 2025-07-22T21:17:57.345134612Z, End: 2025-07-22T21:17:57.347222629Z, Duration: 00:00:00.002
Load UCFGs: Begin: 2025-07-22T21:17:57.347414174Z, End: 2025-07-22T21:17:57.347463112Z, Duration: 00:00:00.000
INFO: java security sensor peak memory: 312 MB
INFO: Sensor JavaSecuritySensor [security] (done) | time=15ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: 26 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: csharp security sensor: Begin: 2025-07-22T21:17:57.352707335Z, End: 2025-07-22T21:17:57.354481370Z, Duration: 00:00:00.001
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.353452698Z, End: 2025-07-22T21:17:57.354016039Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2025-07-22T21:17:57.353470930Z, End: 2025-07-22T21:17:57.353908531Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2025-07-22T21:17:57.353973498Z, End: 2025-07-22T21:17:57.353991771Z, Duration: 00:00:00.000
INFO: csharp security sensor peak memory: 312 MB
INFO: Sensor CSharpSecuritySensor [security] (done) | time=3ms
INFO: Sensor PhpSecuritySensor [security]
INFO: 13 taint analysis rules enabled.
INFO: Analyzing 9820 UCFGs to detect vulnerabilities.
INFO: Cache loaded: SecuritySensorCache{ucfgsHashes.count=9897, typeDefinitionsHashes.count=1244}
INFO: All rules entry points : 396
INFO: Retained UCFGs : 4756
INFO: 0 / 4756 UCFGs simulated, memory usage: 413 MB
INFO: 519 / 4756 UCFGs simulated, memory usage: 416 MB
INFO: 992 / 4756 UCFGs simulated, memory usage: 390 MB
INFO: 1570 / 4756 UCFGs simulated, memory usage: 400 MB
INFO: 2022 / 4756 UCFGs simulated, memory usage: 424 MB
INFO: 2515 / 4756 UCFGs simulated, memory usage: 391 MB
INFO: 3099 / 4756 UCFGs simulated, memory usage: 367 MB
INFO: 3485 / 4756 UCFGs simulated, memory usage: 347 MB
INFO: 4044 / 4756 UCFGs simulated, memory usage: 375 MB
INFO: 4370 / 4756 UCFGs simulated, memory usage: 374 MB
INFO: php security sensor: Begin: 2025-07-22T21:17:57.356308159Z, End: 2025-07-22T21:18:41.683654041Z, Duration: 00:00:44.327
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.356677828Z, End: 2025-07-22T21:18:03.853042431Z, Duration: 00:00:06.496
Load type hierarchy: Begin: 2025-07-22T21:17:57.356680077Z, End: 2025-07-22T21:17:57.673521667Z, Duration: 00:00:00.316
Load UCFGs: Begin: 2025-07-22T21:17:57.673630710Z, End: 2025-07-22T21:18:03.852890636Z, Duration: 00:00:06.179
Check cache: Begin: 2025-07-22T21:18:03.853224332Z, End: 2025-07-22T21:18:03.883024209Z, Duration: 00:00:00.029
Load cache: Begin: 2025-07-22T21:18:03.853238472Z, End: 2025-07-22T21:18:03.872635467Z, Duration: 00:00:00.019
Compare cache: Begin: 2025-07-22T21:18:03.873178780Z, End: 2025-07-22T21:18:03.882874631Z, Duration: 00:00:00.009
Create runtime call graph: Begin: 2025-07-22T21:18:03.883064716Z, End: 2025-07-22T21:18:14.162807762Z, Duration: 00:00:10.279
Create declared type propagation graph: Begin: 2025-07-22T21:18:03.889987989Z, End: 2025-07-22T21:18:06.191332339Z, Duration: 00:00:02.301
Run SCC (Tarjan) on 116238 nodes: Begin: 2025-07-22T21:18:06.210435059Z, End: 2025-07-22T21:18:06.780945763Z, Duration: 00:00:00.570
Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:06.781222594Z, End: 2025-07-22T21:18:07.767152723Z, Duration: 00:00:00.985
Variable Type Analysis #1: Begin: 2025-07-22T21:18:07.770781907Z, End: 2025-07-22T21:18:10.889892438Z, Duration: 00:00:03.119
Create runtime type propagation graph: Begin: 2025-07-22T21:18:07.770806856Z, End: 2025-07-22T21:18:09.274552934Z, Duration: 00:00:01.503
Run SCC (Tarjan) on 126710 nodes: Begin: 2025-07-22T21:18:09.274715275Z, End: 2025-07-22T21:18:09.907662719Z, Duration: 00:00:00.632
Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:09.907837189Z, End: 2025-07-22T21:18:10.889700440Z, Duration: 00:00:00.981
Variable Type Analysis #2: Begin: 2025-07-22T21:18:10.890568407Z, End: 2025-07-22T21:18:14.149273345Z, Duration: 00:00:03.258
Create runtime type propagation graph: Begin: 2025-07-22T21:18:10.890581448Z, End: 2025-07-22T21:18:12.713770652Z, Duration: 00:00:01.823
Run SCC (Tarjan) on 126293 nodes: Begin: 2025-07-22T21:18:12.713931622Z, End: 2025-07-22T21:18:13.135230352Z, Duration: 00:00:00.421
Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:13.135395765Z, End: 2025-07-22T21:18:14.149113873Z, Duration: 00:00:01.013
Load config: Begin: 2025-07-22T21:18:14.162984507Z, End: 2025-07-22T21:18:14.694851026Z, Duration: 00:00:00.531
Compute entry points: Begin: 2025-07-22T21:18:14.695026587Z, End: 2025-07-22T21:18:16.896102909Z, Duration: 00:00:02.201
Slice call graph: Begin: 2025-07-22T21:18:16.896651294Z, End: 2025-07-22T21:18:17.357331545Z, Duration: 00:00:00.460
Live variable analysis: Begin: 2025-07-22T21:18:17.357477847Z, End: 2025-07-22T21:18:20.655817788Z, Duration: 00:00:03.298
Taint analysis for php: Begin: 2025-07-22T21:18:20.656328104Z, End: 2025-07-22T21:18:41.461051220Z, Duration: 00:00:20.804
Report issues: Begin: 2025-07-22T21:18:41.461235082Z, End: 2025-07-22T21:18:41.679978100Z, Duration: 00:00:00.218
Store cache: Begin: 2025-07-22T21:18:41.681797666Z, End: 2025-07-22T21:18:41.681810522Z, Duration: 00:00:00.000
INFO: php security sensor peak memory: 587 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=44330ms
INFO: Sensor PythonSecuritySensor [security]
INFO: 21 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Begin: 2025-07-22T21:18:41.686671730Z, End: 2025-07-22T21:18:41.688436026Z, Duration: 00:00:00.001
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.687077373Z, End: 2025-07-22T21:18:41.687307720Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2025-07-22T21:18:41.687080469Z, End: 2025-07-22T21:18:41.687229712Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2025-07-22T21:18:41.687285466Z, End: 2025-07-22T21:18:41.687296262Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 433 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=3ms
INFO: Sensor JsSecuritySensor [security]
INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
INFO: Sensor KotlinSecuritySensor [security]
INFO: 26 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: kotlin security sensor: Begin: 2025-07-22T21:18:41.691021428Z, End: 2025-07-22T21:18:41.692305878Z, Duration: 00:00:00.001
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.691464939Z, End: 2025-07-22T21:18:41.691891524Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2025-07-22T21:18:41.691469251Z, End: 2025-07-22T21:18:41.691571160Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2025-07-22T21:18:41.691621560Z, End: 2025-07-22T21:18:41.691865715Z, Duration: 00:00:00.000
INFO: kotlin security sensor peak memory: 433 MB
INFO: Sensor KotlinSecuritySensor [security] (done) | time=3ms
INFO: Sensor GoSecuritySensor [security]
INFO: 9 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: go security sensor: Begin: 2025-07-22T21:18:41.693872225Z, End: 2025-07-22T21:18:41.694647854Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.694136603Z, End: 2025-07-22T21:18:41.694350982Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2025-07-22T21:18:41.694138696Z, End: 2025-07-22T21:18:41.694289826Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2025-07-22T21:18:41.694330682Z, End: 2025-07-22T21:18:41.694338825Z, Duration: 00:00:00.000
INFO: go security sensor peak memory: 433 MB
INFO: Sensor GoSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor JsSecuritySensorV2 [jasmin]
INFO: 4 file(s) will be analysed by SonarJasmin.
INFO: Analysis progress: 25% (1/4 files)
INFO: Analysis progress: 50% (2/4 files)
INFO: Analysis progress: 75% (3/4 files)
INFO: Sensor JsSecuritySensorV2 [jasmin] (done) | time=5827ms
INFO: Sensor JsArchitectureSensor [architecture]
INFO: * Protobuf reading starting | memory total=512 | free=179 | used=332 (MB)
INFO: * Reading SonarArchitecture IR data from directory "/opt/atlassian/pipelines/agent/build/.scannerwork/architecture/js"
INFO: * Protobuf reading complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Build file hiGraphs complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Slicing complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Cycle detection complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Build file hiGraphs complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Slicing complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Export complete | memory total=512 | free=176 | used=335 (MB)
INFO: Sensor JsArchitectureSensor [architecture] (done) | time=114ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: ------------- Gather SCA dependencies on project
INFO: Inferred api base url 'https://api.sonarcloud.io' from host url 'https://sonarcloud.io'.
INFO: Checking if SCA is enabled for organization *******
INFO: Dependency analysis skipped
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 8 source files to be analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed