Hello, I am using Sonar to scan PHP code, but it’s too slow. So, I tried Psalm to generate an external report. Is it possible for Sonar Scanner to analyze only the report without scanning the code?
Hey there.
SonarQube will always have to do some parsing of the code, even if you were to disable all rules. It’s not possible to upload a report without SonarQube also scanning the code.
Normally we don’t hear much about the performance of PHP analysis. Can you provide some more details – like analysis logs that show the long analysis (preferably a DEBUG level, sonar-scanner -X) and details such as the version of SonarQube you’re using?
Hi Colin,thanks for your reply
sonarqube 9.9LTA
SonarScanner CLI 6.0.0.4432
php 7.4.28 (cli)
11:49:44.243 INFO Starting PHP symbol indexer
11:49:44.249 INFO 5291 source files to be analyzed
11:49:54.256 INFO 61/5291 files analyzed, current file
11:50:04.256 INFO 101/5291 files analyzed, current file
...
12:08:19.796 INFO 5291/5291 source files have been analyzed
12:08:19.820 INFO Starting PHP rules
12:08:19.822 INFO 5291 source files to be analyzed
12:08:29.822 INFO 19/5291 files analyzed, current file
12:08:39.823 INFO 32/5291 files analyzed, current file
13:18:19.537 INFO 5291/5291 source files have been analyzed
13:18:19.541 INFO Sensor PHP sensor [php] (done) | time=5315338ms
...
13:19:52.549 INFO CPD Executor Calculating CPD for 2172 files
...
13:37:37.941 INFO CPD Executor CPD calculation finished (done) | time=1065392ms
...
13:42:01.914 INFO Total time: 1:53:52.720s
That’s the logs,I’m not sure if such a scanning time is an issue.And what can I do to speed up the scanning process?
hello,looking forward to your reply
Hey @Hz.O
Sorry about that! 5,000 files is a really big project. I don’t have a lot of other advice, except:
- Try increasing the memory available to the scanner, in case that’s affecting performance
- Run your analysis at DEBUG level (
sonar-scanner -X) to find out if any specific files are causing the analysis to take longer than usual. You might be able to exclude those files, or report them to us to investigate specific performance problems. - Try breaking up your project into smaller parts and analyzing them as separate projects. If the reason there are so many files is that this is a monorepo, that might even make the most sense for reporting.
- You can also disable
sonar.cpd.exclusionsif duplication detection isn’t useful to you (or not as useful as your build finishing faster). This would be done by configuringsonar.cpd.exclusions=**/*.
I’d also encourage you to update to the latest version of SonarQube (25.1) to take advantage of the last 2 years of improvements, although I haven’t turned up any specific performance improvements that would help you here.
If all else fails, I’d like to know what the stats of the machine running analysis is (CPU, memory, disk speed).