GC overhead limit exceeded

chuck.bloodgood · July 18, 2019, 11:10am

I am using VSTS, Sonarcloud. I have reviewed the responses to others on this topic, and tried to adjust the parameters using different values. Also tried multiple exclusions. Any help appreciated.

======================================================

Additional properties that will be passed to the scanner,

Put one key=value per line, example:

sonar.exclusions=**/*.bin

SONAR_SCANNER_OPTS=-Xmx8512m -Xms8512m -XX:MaxPermSize=1024m / sonar.ce.javaOpts =-Xmx8512m -Xms512m -XX:MaxPermSize=1024m / sonar.search.javaOpts =-Xmx8512m -Xms8512m -XX:MaxPermSize=1024m
sonar.exclusions=/*.bin,/.java,/plugins// ,/bootstrap.css,/bootstrap.js,/bootstrap//, **/jquery-ui.js, /jquery-1.10.2.js, /jquery.js,/jquery//,/jsplumb.js,/jquery.js, /fabric.js,/pdfmake.js,/inputmask.js,/xlsx.js, /datatables.js,
/jquery.js,/*.png,/angular.js,/bootstrap*.js,/DateTimePicker/,/TreeView/,/Fonts/,/.pdf,/Plugins/,**/.css
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-
sonar.verbose=false

======================================================

SonarCloudLog.txt (85.5 KB)

Nicolas_Peru · July 19, 2019, 8:03am

Hi,

This is due to rule S5131 which is triggering our vulnerability analyzer.
In order to investigate this issue, could you try to share (privately if needed) what is in the directory : INFO: Reading UCFGs from: D:\a\1\.sonarqube\out\ucfg_cs2

In the meantime, as a workaround, you can deactivate the rules in the repository “Security SonarAnalyzer C#” (key roslyn.sonaranalyzer.security.cs)

chuck.bloodgood · July 19, 2019, 11:43am

Hi Nicolas… Many thanks for your response. We are on sonarcloud, so I am unable to provide what you request. I guess this is a bug, and my only option is to deactivate the rule. Is there a sonarcloud setting I could send you in place of the folder contents you request ?

Chuck

Nicolas_Peru · July 19, 2019, 4:39pm

The files I am requesting should be available from the scanner you are running the analysis. I read you are using VSTS, can you have an access to the folder where the analysis is running to get your hand on those files ?

by the way, do you encounter this on a public or private project ? (if public, maybe you can share a link to the project ?)

chuck.bloodgood · July 20, 2019, 3:11am

Hello Nicolas… I reran it with that rule disabled… and now I am getting " Java heap space" error. I have attached the log.SonarCloudLog2.txt (85.7 KB)

I am wondering if perhaps I should change some of the settings as described above.

Many thanks for your ongoing help.

Chuck

chuck.bloodgood · July 21, 2019, 12:24pm

Update: I was able to get it to work by disabling these rules: S1544, S2083, S2091, S5131. What is the cost of losing these rules and what can be done to reenable them.