- ALM used: GitHub
- CI system used: Circle CI
- Scanner command used: CircleCI orb
- Languages of the repository: Golang
I’ve tested golangci-lint
and the output looks right, but there is no vulnerabilities in the dashboard, a different result compared to running locally. Do you know what is happening here? See that the line INFO: Importing /home/circleci/repo/report.xml
is there sucessfully importing. Look how data about other things as coverage is unchanged, differently of other branches.
#!/bin/bash -eo pipefail
set -e
VERSION=4.1.0.1829
SONAR_TOKEN=$SONAR_TOKEN
SCANNER_DIRECTORY=/tmp/cache/scanner
export SONAR_USER_HOME=$SCANNER_DIRECTORY/.sonar
OS="linux"
echo $SONAR_USER_HOME
if [[ ! -x "$SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner" ]]; then
curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$VERSION-$OS.zip
unzip -qq -o sonar-scanner-cli-$VERSION-$OS.zip -d $SCANNER_DIRECTORY
fi
chmod +x $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner
chmod +x $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/jre/bin/java
$SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner
/tmp/cache/scanner/.sonar
INFO: Scanner configuration file: /tmp/cache/scanner/sonar-scanner-4.1.0.1829-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/circleci/repo/sonar-project.properties
INFO: SonarQube Scanner 4.1.0.1829
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.15.0-1092-aws amd64
INFO: User cache: /tmp/cache/scanner/.sonar/cache
INFO: SonarQube server 8.5.0
INFO: Default locale: "en", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=569ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /tmp/cache/scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=130ms
INFO: Load/download plugins (done) | time=301ms
INFO: Loaded core extensions: developer-scanner
INFO: JavaScript/TypeScript frontend is enabled
INFO: Found an active CI vendor: 'CircleCI'
INFO: Load project settings for component key: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
INFO: Load project settings for component key: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' (done) | time=116ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
INFO: Base dir: /home/circleci/repo
INFO: Working dir: /home/circleci/repo/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=105ms
INFO: Check ALM binding of project 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' (done) | time=98ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=165ms
INFO: Load branch configuration
INFO: Auto-configuring branch golangci-lint-setup
INFO: Load branch configuration (done) | time=2ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=142ms
INFO: Load active rules
INFO: Load active rules (done) | time=3285ms
INFO: Organization key: xxxxxxxxxx
INFO: Branch name: golangci-lint-setup, type: short-lived
INFO: SCM collecting changed files in the branch
INFO: SCM collecting changed files in the branch (done) | time=226ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: sql/**, e2e/**, cmd/accountsub/**, cmd/api/**, **/mocks/**, **/*_test.go
INFO: Included tests: **/mocks/**, **/*_test.go
INFO: 84 files indexed
INFO: 175 files ignored because of inclusion/exclusion patterns
INFO: 3 files ignored because of scm ignore settings
INFO: Quality profile for go: Golangci-lint
INFO: Quality profile for plsql: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module xxxxxxxxxxxxxxxxxxxxxxxx
INFO: JavaScript/TypeScript frontend is enabled
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=101ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=2ms
INFO: Sensor PL/SQL Sensor [plsql]
WARN: The Data Dictionary is not configured for PLSQL analyzer which prevents rule(s) S3641, S3921, S3618, S3651 to raise issues. See https://sonarcloud.io/documentation/analysis/languages/plsql/
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Sensor PL/SQL Sensor [plsql] (done) | time=169ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: 1 source files to be analyzed
INFO: Sensor JavaXmlSensor [java] (done) | time=140ms
INFO: 1/1 source files have been analyzed
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=3ms
INFO: Sensor XML Sensor [xml]
INFO: 1 source file to be analyzed
INFO: 1/1 source file has been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=82ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor Code Quality and Security for Go [go]
INFO: 33 source files to be analyzed
INFO: Sensor Code Quality and Security for Go [go] (done) | time=928ms
INFO: 33/33 source files have been analyzed
INFO: Sensor Go Cover sensor for Go coverage [go]
INFO: Load coverage report from '/home/circleci/repo/cover.out'
INFO: Sensor Go Cover sensor for Go coverage [go] (done) | time=60ms
INFO: Sensor Import of GolangCI-Lint issues [go]
INFO: Importing /home/circleci/repo/report.xml
INFO: Sensor Import of GolangCI-Lint issues [go] (done) | time=27ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/repo/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/repo/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/repo/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/repo/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/repo/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/repo/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/repo/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/repo/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/repo/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/repo/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=6ms
INFO: CPD Executor 1 file had no CPD blocks
INFO: CPD Executor Calculating CPD for 34 files
INFO: CPD Executor CPD calculation finished (done) | time=33ms
INFO: SCM writing changed lines
INFO: SCM writing changed lines (done) | time=5ms
INFO: Analysis report generated in 147ms, dir size=234 KB
INFO: Analysis report compressed in 74ms, zip size=77 KB
INFO: Analysis report uploaded in 321ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=xxxxxxxxxxxxxxxxx&branch=golangci-lint-setup&resolved=false
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXfLFDUEeZCnlPUzU9KO
INFO: Analysis total time: 8.648 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.008s
INFO: Final Memory: 26M/94M
INFO: ------------------------------------------------------------------------