C++ Pipeline 0 C/C++/Objective-C files were analyzed

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • lts-developer
• how is SonarQube deployed: zip, Docker, Helm
  • Docker
• what are you trying to achieve
  • Basic C++ Scan
• what have you tried so far to achieve this
  • I can scan my repo if the build and the scan run from the same GitLab CI/CD job. I would like to seperate the build and the scan job I am archiving the sonarqube build build-wrapper-dump.json and build-wrapper.log files between jobs in their output directory. As soon as I separate the build and scan into separate jobs i get the error java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
  • I have reviewed and replicated all of the C++ GitLab examples but still can’t seem to correctly cache or archive the necessary components to scan the repo.
  • I archived the build folder to ensure that the built binaries are available if needed.

CI/CD Commands

Approximation CI/CD pipeline. Sanitized

artifacts-build-job:
    script:
        - cmake -S . -B build -G Ninja
        - build-wrapper-linux-x86-64 --out-dir .sonar/bw-output cmake --build ./build
artifacts:
    paths:
      - build
      - ./.sonar
sonarqube-check:
    script:
        - sonar-scanner -Dsonar.cfamily.build-wrapper-output=./.sonar/bw-output

Pipeline Logs

e[32;1m$ .sonar/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner -Dsonar.cfamily.build-wrapper-output=./.sonar/bw-outpute[0;m
INFO: Scanner configuration file: ./.sonar/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file:./sonar-project.properties
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
INFO: Linux 5.4.0-150-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: ./.sonar/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file:./sonar-project.properties
INFO: Analyzing on SonarQube server 9.9.6.92038
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=119ms
INFO: Server id: 243B8A4D-AZDqNWRBphOg4Gq8uV-a
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=56ms
INFO: Load/download plugins (done) | time=2863ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=13ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Base dir: 
INFO: Working dir: /.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=34ms
INFO: Load branch configuration
INFO: Detected branch/PR in 'GitLab'
INFO: Auto-configuring branch 'feat/sonarqube'
INFO: Load branch configuration (done) | time=4ms
INFO: Auto-configuring with CI 'Gitlab CI'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=83ms
INFO: Load active rules
INFO: Load active rules (done) | time=2413ms
INFO: Load analysis cache
INFO: Load analysis cache | time=91ms
INFO: Branch name: feat/sonarqube
INFO: Load project repositories
INFO: Load project repositories (done) | time=46ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 269 files indexed
INFO: 12 files ignored because of scm ignore settings
INFO: Quality profile for c: Sonar way
INFO: Quality profile for cpp: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=33ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=13ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=4ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: 216 source files to be analyzed
INFO: 216/216 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=650ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=13ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor Python Sensor [python]
WARN: Your code is analyzed as compatible with python 2 and 3 by default. This will prevent the detection of issues specific to python 2 or python 3. You can get a more precise analysis by setting a python version in your configuration via the parameter "sonar.python.version"
INFO: Starting global symbols computation
INFO: 73 source files to be analyzed
INFO: 73/73 source files have been analyzed
INFO: Starting rules execution
INFO: 73 source files to be analyzed
INFO: 73/73 source files have been analyzed
INFO: The Python analyzer was able to leverage cached data from previous analyses for 0 out of 73 files. These files were not parsed.
INFO: Sensor Python Sensor [python] (done) | time=5715ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=96ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=86ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=32ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=56ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=0ms
INFO: Sensor CFamily [cpp]
INFO: CFamily plugin version: 6.41.2.69583
INFO: Using build-wrapper output: ./.sonar/bw-output/build-wrapper-dump.json
INFO: Available processors: 48
INFO: Using 48 threads for analysis.
INFO: Loading cache from: server
WARN: Invalid probe found, skip analysis of files: [./build/../cpp/main.cpp]
The compiler probe 'stdout' is expected to contain at least one '#define' directive:

WARN: Invalid probe found, skip analysis of files: [./build/../cpp/ok_logger.cpp]
The compiler probe 'stdout' is expected to contain at least one '#define' directive:

INFO: PCH: unique=0 use=0 (forceInclude=0,throughHeader=0,firstInclude=0) out of 0 (forceInclude=0,throughHeader=0)
INFO: SE: 0 out of 0
INFO: Z3 refutation rate: 0 out of 0
INFO: Subprocess(es) done in 54ms
INFO: 32/143 files marked as unchanged
INFO: Cache: 0/0 hits, 125 bytes
INFO: 0 compilation units analyzed
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 20.749s
ERROR: Error during SonarScanner execution
INFO: Final Memory: 59M/440M
INFO: ------------------------------------------------------------------------
java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
  * you are using the latest version of the build-wrapper and the CFamily analyzer
  * you are correctly invoking the scanner with correct configuration
  * your compiler is supported
  * you are wrapping your build correctly
  * you are wrapping a full/clean build
  * you are providing the path to the correct build-wrapper output directory
  * you are building and analyzing the same source checkout, absolute paths must be identical in build and analysis steps
	at com.sonar.cpp.plugin.CFamilySensor.process(CFamilySensor.java:494)
	at com.sonar.cpp.plugin.CFamilySensor.execute(CFamilySensor.java:215)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:64)
	at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:403)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:399)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:368)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:137)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
section_end:1721939500:step_script
e[0Ksection_start:1721939500:cleanup_file_variables
e[0Ke[0Ke[36;1mCleaning up project directory and file based variablese[0;me[0;m
section_end:1721939501:cleanup_file_variables
e[0Ke[31;1mERROR: Job failed: exit code 1
e[0;m

Hey there.

This is a pretty clearly documented limitation of using the build-wrapper

• The Build Wrapper collects information about the build, including absolute file paths (source files, standard headers, libraries, etc…). Later on, SonarScanner uses this information and needs to access those paths. While this is straightforward when running these two steps on the same host, it is worth considering when using any containerization. A consequence of this is that C/C++/Objective-C analysis is NOT supported by SonarScanner CLI Docker image.

With that said, SonarQube v10.6 introduces AutoConfig of C/C++ Projects, which may be interesting for you, as it removes the need for a build wrapped by the build wrapper, and passing artifacts around.

Is there any additional information about the requirements on containerization?

I have been successful scanning from a container. Is there anything specific about why the SonarScanner CLI image can’t scan C/C++/Objective-C? Is it only because the image doesn’t contain the builder?

Hey @mike_mcnulty

If everything is identical between the containers (base image, environment variables, libraries, absolute file paths, etc.) then it should work. Often, that is hard to get right, and without seeing your full pipeline config and logs, it will be hard to tell what the difference is. However, it already sounds like you’re using a different image: