Great News
I Hope for seed improvement also C/C++ side
Currently we moved sonarQube analysis away from our pipeline commit stage , because it take to much time to compete
Hi @alef75
C and C++ are indeed heavy languages to analyze in-depth.
That being said, we have multiple mechanisms that allow you to circumvent this fact: analysis parallelism, incremental analysis, and more.
To check that your analysis configuration is optimal, would you mind sharing:
- the rough size of your codebase
- how the project is configured (AutoConfig, compilation database with or without build-wrapper)
- the number of CPU cores of the machines running the analysis
- your SonarQube version
- the scan time for aa whole branch and a pull request
1 Like
Hi @Geoffray
Thank you for supporting us.
We have just upgraded to sonarQube 2025.1 LTA (from a 10.4)
Below the information you requested:
-
codebase size: 135k loc
-
project is configured with build-wrapper that creates the compile_commands.json
the compile_commands.json is passed to the scanner via the sonar.cfamily.compile-commands parameter -
cpu cores: 16
-
SonarQube version: 2025.1 LTA
-
scan time: 3 min (+ 3 min clean/rebuild)
the sonarQube scan entire process is the following:
- clean all our C/C++ codebase
- build all with build-wrapper (3 min)
- execute sonar-scanner (3 min)
As far as we know we are forced to clean our build before execute the build-wrapper, is this correct ? are there any way to use incremental build?
For our normal build we are using incremental build and this is very fast.
The overall process is now 2 minutes faster than with the sonarQube 10.4 release.
We see also a very good speed improvements on the WEB scanner side (from 9 min to 3 min).
This is correct. But there are other ways to provide project configuration that don’t. For instance, if you can generate a compilation database without rebuilding your project, you can use it to analyze your code.
You might also want to monitor the analysis log. At the end of the C or C++ analysis, it contains a line stating with Analysis cache that will give some insight into how incremental the analysis was.
3 Likes
Hi @JolyLoic
Thank you for this suggestions.
We’ve develop a python script that generate the compilation database (in place of build-wrapper) from a make dry-run of our build (we need to expand the path of our arm crosscompiler for the sonar scanner to work), it take about 3 seconds, than the scanner took about 3 minutes.
than, the following scans took only few seconds because the analysis cache.
This is a very good result for us, we re-nable the sonar scans in our commit stage, it run in parallele to the build and because it take less than the real build, it does not add no delay in our feedback loop!
Thank you again for the suggestions
2 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.