GC overhead limit exceeded during sonar scanning

  • SonarQube - Developer Edition Version 8.7 (build 41497)
  • Scanner - sonar-maven-plugin Version 3.7.0.1746
  • Project codebase - Java v1.8

Error during scanning
[ERROR] GC overhead limit exceeded → [Help 1]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] For more information about the errors and possible solutions, please read the following articles: OutOfMemoryError - Apache Maven - Apache Software Foundation

SONAR_SCANNER_OPTS=-Xmx8192m -Xms8192m
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-

Steps to reproduce:
Run scanning of the project with default SonarQube and SonarScanner options

No workaround found
Tried to allocate more memory (up to 16 GB) - didn’t help

Scanning log is attached
sonar_scan.log (227.3 KB)

Greetings @nikolay.sidorenko
thanks for reaching out to us with this report.
In order to troubleshoot SonarQube analysis, verbose logs are needed.
Could you please run this analysis again with DEBUG log level enabled? And please make sure to capture both stdin and stderr with your log capture.

A few additional information which may be useful as well:

  • did you analyze this project successfully on SonarQube before, maybe on some older SonarQube or with the Community Edition?
  • any reason for you to stay on version 8.7? SonarQube 8.9 provides 119 improvements and bug fixes for the Java analyzer only
  • Java 11 is known to better manage memory consumption than Java 8, would it be possibile for you to test an analysis using Java 11?

Will collect requested logs.

Java 8 is now required for our project. We are in the progress of migration to Java 11. However, now it is not possible to test with Java 11.

Previously we run scanning on Community Edition and it worked fine.

Also will try to update SonarQube version.

For now, we have found that the issue with the rule S5145. After it’s disabling, the scanner completed successfully.

Thanks for this good news @nikolay.sidorenko
With your previous logs, S5145 was indeed a good candidate as the analysis stopped there.

I am not surprised that analysis memory consumption increased a lot with your upgrade to the Developer Edition. Taint Analysis and the related security rules are not part of the Community Edition, and they are much more memory intensive than the Java analysis Open Source part.
We are also aware that on some large projects this scanner memory usage can become a problem, your analysis DEBUG logs may help us further with our effort to limit this memory consumption.

Sure. I will prepare the logs for you. However, will do it a bit later these days. Have some urgent tasks after we got unblocked with Sonar.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.