Bugs, Code Smell, Vulnerability are not detected for C/C++ language


I am trying to scan my C/C++ project with SonarQube. I am using MISRA rules only activated in my current Quality Profile. Also I have used the build-wrapper to build my source code. After analysis none of them have been detected by SonarScanner and I am getting 0 bugs, 0 code smells, and 0 vulnerability.

Information about setup:

  • SQ Enterprise Edition: Version 7.9.1 (build 27448)
  • SonarCFamily plugin: 6.3 (build 11371)
  • SonarQube Scanner: sonar-scanner-

We are running the build wrapper manually

/usr/local/build-wrapper-x86-64 --out-dir bw-output ./build.sh

Then, running the sonar-scanner via Jenkins.

As a result we are getting the below output

10:08:43.900 INFO: CPD calculation finished
10:08:44.072 INFO: Analysis report generated in 146ms, dir size=13 MB
10:08:44.833 INFO: Analysis report compressed in 760ms, zip size=3 MB
10:08:44.833 INFO: Analysis report generated in /build/jenkins/homes/jenkinsslave/workspace/NTG/sonar_scanner/.scannerwork/scanner-report
10:08:49.491 DEBUG: Post-jobs :
10:08:49.504 INFO: Analysis total time: 27.420 s
10:08:49.506 INFO: ------------------------------------------------------------------------
10:08:49.506 INFO: ------------------------------------------------------------------------
10:08:49.507 INFO: Total time: 29.559s
10:08:49.559 INFO: Final Memory: 33M/200M

Duplication are detected in the project.

Are we missing something?

Thanks in Advance.

Hi @dindasu,

could you please update SonarCFamily plugin to its latest version 6.8?

Just a note, build-wrapper and sonar-scanner should happen in the same machine in the same environment, i.e. both on Jenkins in your case.