Bitbucket Pipeline timout

  • ALM used: Bitbucket Cloud
  • CI system used: Bitbucket Cloud
  • Language: PHP
  • Analysis seems to be in loop:

INFO: Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
INFO: Available processors: 2
INFO: Using 2 threads for analysis.
INFO: The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
  * The filename starts with "test"
  * The filename contains "test." or "tests."
  * Any directory in the file path is named: "doc", "docs", "test" or "tests"
  * Any directory in the file path has a name ending in "test" or "tests"
INFO: Start fetching files for the text and secrets analysis
INFO: Using Git CLI to retrieve untracked files
WARN: Retrieving only language associated files, make sure to run the analysis inside a git repository to make use of inclusions specified via "sonar.text.inclusions"
INFO: Starting the text and secrets analysis
INFO: 8 source files to be analyzed for the text and secrets analysis
INFO: 8/8 source files have been analyzed for the text and secrets analysis
INFO: Start fetching files for the binary file analysis
INFO: There are no files to be analyzed for the binary file analysis
INFO: Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=2995ms
INFO: Sensor JavaSecuritySensor [security]
INFO: 27 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: java security sensor: Begin: 2025-07-22T21:17:57.340541202Z, End: 2025-07-22T21:17:57.350256453Z, Duration: 00:00:00.009
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.345113767Z, End: 2025-07-22T21:17:57.347498319Z, Duration: 00:00:00.002
    Load type hierarchy: Begin: 2025-07-22T21:17:57.345134612Z, End: 2025-07-22T21:17:57.347222629Z, Duration: 00:00:00.002
    Load UCFGs: Begin: 2025-07-22T21:17:57.347414174Z, End: 2025-07-22T21:17:57.347463112Z, Duration: 00:00:00.000
INFO: java security sensor peak memory: 312 MB
INFO: Sensor JavaSecuritySensor [security] (done) | time=15ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: 26 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: csharp security sensor: Begin: 2025-07-22T21:17:57.352707335Z, End: 2025-07-22T21:17:57.354481370Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.353452698Z, End: 2025-07-22T21:17:57.354016039Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2025-07-22T21:17:57.353470930Z, End: 2025-07-22T21:17:57.353908531Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2025-07-22T21:17:57.353973498Z, End: 2025-07-22T21:17:57.353991771Z, Duration: 00:00:00.000
INFO: csharp security sensor peak memory: 312 MB
INFO: Sensor CSharpSecuritySensor [security] (done) | time=3ms
INFO: Sensor PhpSecuritySensor [security]
INFO: 13 taint analysis rules enabled.
INFO: Analyzing 9820 UCFGs to detect vulnerabilities.
INFO: Cache loaded: SecuritySensorCache{ucfgsHashes.count=9897, typeDefinitionsHashes.count=1244}
INFO: All rules entry points : 396
INFO: Retained UCFGs : 4756
INFO: 0 / 4756 UCFGs simulated, memory usage: 413 MB
INFO: 519 / 4756 UCFGs simulated, memory usage: 416 MB
INFO: 992 / 4756 UCFGs simulated, memory usage: 390 MB
INFO: 1570 / 4756 UCFGs simulated, memory usage: 400 MB
INFO: 2022 / 4756 UCFGs simulated, memory usage: 424 MB
INFO: 2515 / 4756 UCFGs simulated, memory usage: 391 MB
INFO: 3099 / 4756 UCFGs simulated, memory usage: 367 MB
INFO: 3485 / 4756 UCFGs simulated, memory usage: 347 MB
INFO: 4044 / 4756 UCFGs simulated, memory usage: 375 MB
INFO: 4370 / 4756 UCFGs simulated, memory usage: 374 MB
INFO: php security sensor: Begin: 2025-07-22T21:17:57.356308159Z, End: 2025-07-22T21:18:41.683654041Z, Duration: 00:00:44.327
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:17:57.356677828Z, End: 2025-07-22T21:18:03.853042431Z, Duration: 00:00:06.496
    Load type hierarchy: Begin: 2025-07-22T21:17:57.356680077Z, End: 2025-07-22T21:17:57.673521667Z, Duration: 00:00:00.316
    Load UCFGs: Begin: 2025-07-22T21:17:57.673630710Z, End: 2025-07-22T21:18:03.852890636Z, Duration: 00:00:06.179
  Check cache: Begin: 2025-07-22T21:18:03.853224332Z, End: 2025-07-22T21:18:03.883024209Z, Duration: 00:00:00.029
    Load cache: Begin: 2025-07-22T21:18:03.853238472Z, End: 2025-07-22T21:18:03.872635467Z, Duration: 00:00:00.019
    Compare cache: Begin: 2025-07-22T21:18:03.873178780Z, End: 2025-07-22T21:18:03.882874631Z, Duration: 00:00:00.009
  Create runtime call graph: Begin: 2025-07-22T21:18:03.883064716Z, End: 2025-07-22T21:18:14.162807762Z, Duration: 00:00:10.279
    Create declared type propagation graph: Begin: 2025-07-22T21:18:03.889987989Z, End: 2025-07-22T21:18:06.191332339Z, Duration: 00:00:02.301
    Run SCC (Tarjan) on 116238 nodes: Begin: 2025-07-22T21:18:06.210435059Z, End: 2025-07-22T21:18:06.780945763Z, Duration: 00:00:00.570
    Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:06.781222594Z, End: 2025-07-22T21:18:07.767152723Z, Duration: 00:00:00.985
    Variable Type Analysis #1: Begin: 2025-07-22T21:18:07.770781907Z, End: 2025-07-22T21:18:10.889892438Z, Duration: 00:00:03.119
      Create runtime type propagation graph: Begin: 2025-07-22T21:18:07.770806856Z, End: 2025-07-22T21:18:09.274552934Z, Duration: 00:00:01.503
      Run SCC (Tarjan) on 126710 nodes: Begin: 2025-07-22T21:18:09.274715275Z, End: 2025-07-22T21:18:09.907662719Z, Duration: 00:00:00.632
      Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:09.907837189Z, End: 2025-07-22T21:18:10.889700440Z, Duration: 00:00:00.981
    Variable Type Analysis #2: Begin: 2025-07-22T21:18:10.890568407Z, End: 2025-07-22T21:18:14.149273345Z, Duration: 00:00:03.258
      Create runtime type propagation graph: Begin: 2025-07-22T21:18:10.890581448Z, End: 2025-07-22T21:18:12.713770652Z, Duration: 00:00:01.823
      Run SCC (Tarjan) on 126293 nodes: Begin: 2025-07-22T21:18:12.713931622Z, End: 2025-07-22T21:18:13.135230352Z, Duration: 00:00:00.421
      Propagate runtime types to strongly connected components: Begin: 2025-07-22T21:18:13.135395765Z, End: 2025-07-22T21:18:14.149113873Z, Duration: 00:00:01.013
  Load config: Begin: 2025-07-22T21:18:14.162984507Z, End: 2025-07-22T21:18:14.694851026Z, Duration: 00:00:00.531
  Compute entry points: Begin: 2025-07-22T21:18:14.695026587Z, End: 2025-07-22T21:18:16.896102909Z, Duration: 00:00:02.201
  Slice call graph: Begin: 2025-07-22T21:18:16.896651294Z, End: 2025-07-22T21:18:17.357331545Z, Duration: 00:00:00.460
  Live variable analysis: Begin: 2025-07-22T21:18:17.357477847Z, End: 2025-07-22T21:18:20.655817788Z, Duration: 00:00:03.298
  Taint analysis for php: Begin: 2025-07-22T21:18:20.656328104Z, End: 2025-07-22T21:18:41.461051220Z, Duration: 00:00:20.804
  Report issues: Begin: 2025-07-22T21:18:41.461235082Z, End: 2025-07-22T21:18:41.679978100Z, Duration: 00:00:00.218
  Store cache: Begin: 2025-07-22T21:18:41.681797666Z, End: 2025-07-22T21:18:41.681810522Z, Duration: 00:00:00.000
INFO: php security sensor peak memory: 587 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=44330ms
INFO: Sensor PythonSecuritySensor [security]
INFO: 21 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Begin: 2025-07-22T21:18:41.686671730Z, End: 2025-07-22T21:18:41.688436026Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.687077373Z, End: 2025-07-22T21:18:41.687307720Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2025-07-22T21:18:41.687080469Z, End: 2025-07-22T21:18:41.687229712Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2025-07-22T21:18:41.687285466Z, End: 2025-07-22T21:18:41.687296262Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 433 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=3ms
INFO: Sensor JsSecuritySensor [security]
INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
INFO: Sensor KotlinSecuritySensor [security]
INFO: 26 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: kotlin security sensor: Begin: 2025-07-22T21:18:41.691021428Z, End: 2025-07-22T21:18:41.692305878Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.691464939Z, End: 2025-07-22T21:18:41.691891524Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2025-07-22T21:18:41.691469251Z, End: 2025-07-22T21:18:41.691571160Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2025-07-22T21:18:41.691621560Z, End: 2025-07-22T21:18:41.691865715Z, Duration: 00:00:00.000
INFO: kotlin security sensor peak memory: 433 MB
INFO: Sensor KotlinSecuritySensor [security] (done) | time=3ms
INFO: Sensor GoSecuritySensor [security]
INFO: 9 taint analysis rules enabled.
INFO: No UCFGs have been included for analysis.
INFO: go security sensor: Begin: 2025-07-22T21:18:41.693872225Z, End: 2025-07-22T21:18:41.694647854Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2025-07-22T21:18:41.694136603Z, End: 2025-07-22T21:18:41.694350982Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2025-07-22T21:18:41.694138696Z, End: 2025-07-22T21:18:41.694289826Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2025-07-22T21:18:41.694330682Z, End: 2025-07-22T21:18:41.694338825Z, Duration: 00:00:00.000
INFO: go security sensor peak memory: 433 MB
INFO: Sensor GoSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor JsSecuritySensorV2 [jasmin]
INFO: 4 file(s) will be analysed by SonarJasmin.
INFO: Analysis progress:  25% (1/4 files)
INFO: Analysis progress:  50% (2/4 files)
INFO: Analysis progress:  75% (3/4 files)
INFO: Sensor JsSecuritySensorV2 [jasmin] (done) | time=5827ms
INFO: Sensor JsArchitectureSensor [architecture]
INFO: * Protobuf reading starting | memory total=512 | free=179 | used=332 (MB)
INFO: * Reading SonarArchitecture IR data from directory "/opt/atlassian/pipelines/agent/build/.scannerwork/architecture/js"
INFO: * Protobuf reading complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Build file hiGraphs complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Slicing complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Cycle detection complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Build file hiGraphs complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Slicing complete | memory total=512 | free=178 | used=333 (MB)
INFO: * Export complete | memory total=512 | free=176 | used=335 (MB)
INFO: Sensor JsArchitectureSensor [architecture] (done) | time=114ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: ------------- Gather SCA dependencies on project
INFO: Inferred api base url 'https://api.sonarcloud.io' from host url 'https://sonarcloud.io'.
INFO: Checking if SCA is enabled for organization *******
INFO: Dependency analysis skipped
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 8 source files to be analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed
INFO: 1/8 source file have been analyzed

Hey there.

This seems similar to the issue described in this thread.

Can you try the workaround? If it works, hopefully the workaround won’t be needed for long. We’re fixing it!