Hi
SonarQube * Developer Edition Version 9.2 (build 49834)
sonarsource/sonar-scanner-cli:latest
Gitlab EE 14.8
We have a pipeline job set up that does a scan when a Merge Request is opened from a Feature branch into Develop branch:
.sonarqubePullRequestAnalysis: &sonarqubePullRequestAnalysis
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [ "" ]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- |
sonar-scanner \
-Dsonar.pullrequest.key=$CI_MERGE_REQUEST_IID \
-Dsonar.pullrequest.branch=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME \
-Dsonar.pullrequest.base=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME \
-Dsonar.cpd.php.minimumTokens=3 \
-Dsonar.gitlab.unique_issue_per_inline=true \
-Dsonar.gitlab.commit_sha=$COMMIT_SHA \
-Dsonar.gitlab.ref_name=$COMMIT_REF_NAME \
-Dsonar.gitlab.project_id=$PROJECT_ID
allow_failure: true
tags:
- external
sonarqubeMergeRequest:
<<: *sonarqubePullRequestAnalysis
stage: sonarqubeMergeRequest
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never
The scan itself works. And I can see the analysis in the merge request in Gitlab. I made a file with a load of Code Smells and Sonar picks this up however I can’t see any comments added to the lines in Gitlab:
Is there anything I’m setting/not setting in order see these comments?
Looking in the sonarqube container logs I don’t see any Failures:
2022.05.20 15:58:35 INFO ce[][o.s.c.t.CeWorkerImpl] Execute task | project=REDACTED| type=REPORT | pullRequest=1723 | id=REDACTED | submitter=admin
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Extract report | status=SUCCESS | time=375ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist scanner context | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Propagate analysis warnings from scanner report | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Generate analysis UUID | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load analysis metadata | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Initialize | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Build tree of components | components=2 | status=SUCCESS | time=86ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Validate project | status=SUCCESS | time=3ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load quality profiles | status=SUCCESS | time=186ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load Quality gate | status=SUCCESS | time=6ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load new code period | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Detect file moves | reportFiles=1 | dbFiles=1 | addedFiles=0 | status=SUCCESS | time=2ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load duplications | duplications=3140 | status=SUCCESS | time=191ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute cross project duplications | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute size measures | status=SUCCESS | time=1ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute new coverage | status=SUCCESS | time=1ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute coverage measures | status=SUCCESS | time=131ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute comment measures | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute duplication measures | status=SUCCESS | time=19ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute size measures on new code | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute language distribution | status=SUCCESS | time=1ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute test measures | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute complexity measures | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Load measure computers | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute Quality Profile status | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Execute component visitors | status=SUCCESS | time=64ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Checks executed after computation of measures | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute Quality Gate measures | status=SUCCESS | time=9ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Compute Quality profile measures | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Generate Quality profile events | status=SUCCESS | time=2ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Generate Quality gate events | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Check upgrade possibility for not analyzed code files. | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist components | status=SUCCESS | time=7ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist analysis | status=SUCCESS | time=3ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist analysis properties | status=SUCCESS | time=8ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist measures | inserts=52 | status=SUCCESS | time=11ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist live measures | insertsOrUpdates=148 | status=SUCCESS | time=18ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist duplication data | insertsOrUpdates=0 | status=SUCCESS | time=3ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist new ad hoc Rules | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist issues | cacheSize=0 bytes | inserts=0 | updates=0 | merged=0 | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist project links | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist events | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist sources | status=SUCCESS | time=2ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Persist cross project duplications | status=SUCCESS | time=0ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Enable analysis | status=SUCCESS | time=4ms
2022.05.20 15:58:36 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Update last usage date of quality profiles | status=SUCCESS | time=6ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Purge db | status=SUCCESS | time=22ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Index analysis | status=SUCCESS | time=61ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Update need issue sync for branch | status=SUCCESS | time=3ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Send issue notifications | status=SUCCESS | time=0ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Publish task results | status=SUCCESS | time=0ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.s.ComputationStepExecutor] Trigger refresh of Portfolios and Applications | status=SUCCESS | time=0ms
2022.05.20 15:58:37 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Webhooks | globalWebhooks=0 | projectWebhooks=0 | status=SUCCESS | time=3ms
2022.05.20 15:58:38 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=SUCCESS | time=1247ms
2022.05.20 15:58:38 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Report branch Quality Gate status to devops platforms | status=SUCCESS | time=0ms
2022.05.20 15:58:38 INFO ce[AYDiMSc6w3FkWLX-0Gir][o.s.c.t.CeWorkerImpl] Executed task | project=REDACTED | type=REPORT | pullRequest=1723 | id=REDACTED | submitter=admin | status=SUCCESS | time=2710ms
I’ll post the scanner output in comment below.
Using docker image sha256:REDACTED for sonarsource/sonar-scanner-cli:latest with digest sonarsource/sonar-scanner-cli@sha256:REDACTED ...
$ sonar-scanner \ # collapsed multi-line command
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/REDACTED/sonar-project.properties
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.14 Alpine (64-bit)
INFO: Linux 5.4.0-89-generic amd64
INFO: User cache: /builds/REDACTED/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/REDACTED/sonar-project.properties
INFO: Analyzing on SonarQube server 9.2.0
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=203ms
INFO: Server id: REDACTED
INFO: User cache: /builds/REDACTED/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=86ms
INFO: Load/download plugins (done) | time=397ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=1ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: REDACTED
INFO: Base dir: /builds/REDACTED
INFO: Working dir: /builds/REDACTED.scannerwork
INFO: Load project settings for component key: 'REDACTED'
INFO: Load project settings for component key: 'REDACTED' (done) | time=23ms
INFO: Load project branches
INFO: Load project branches (done) | time=23ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=69ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=6ms
INFO: Auto-configuring with CI 'Gitlab CI'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=71ms
INFO: Auto-configuring with CI 'Gitlab CI'
INFO: Load active rules
INFO: Load active rules (done) | time=2163ms
INFO: Pull request 1723 for merge into develop from fea/a-smelly-branch-not-to-be-merged
INFO: SCM collecting changed files in the branch
INFO: Merge base sha1: 71edaac762da1e98b266d6b6eac099f5e49b81ca
INFO: SCM collecting changed files in the branch (done) | time=405ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: REDACTED*
INFO: Excluded sources for coverage: /REDACTED/**
INFO: 1963 files indexed
INFO: 278 files ignored because of inclusion/exclusion patterns
INFO: 47 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for json: Sonar way
INFO: Quality profile for php: REDACTED PHP Rules
INFO: Quality profile for web: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module REDACTED
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=47ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=32ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=7ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=17ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: 3 source files to be analyzed
INFO: 3/3 source files have been analyzed
INFO: Sensor JavaXmlSensor [java] (done) | time=269ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=1491ms
INFO: Sensor XML Sensor [xml]
INFO: 3 source files to be analyzed
INFO: 3/3 source files have been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=220ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=3ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=19ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=7ms
INFO: Sensor JavaScript analysis [javascript]
INFO: Deploying custom rules bundle jar:file:/builds/REDACTED/.sonar/cache/54f02b9cc8c8e36a9aaad1b63c7a20a5/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /builds/REDACTED/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules163464288210924607
INFO: 230 source files to be analyzed
WARN: Invalid character encountered in file /builds/REDACTED.js at line 5 for encoding UTF-8. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
ERROR: Browserslist: caniuse-lite is outdated. Please run:
ERROR: npx browserslist@latest --update-db
ERROR: Why you should do it regularly: https://github.com/browserslist/browserslist#browsers-data-updating
WARN: Invalid character encountered in file /builds/REDACTED.js at line 5 for encoding UTF-8. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
INFO: 230/230 source files have been analyzed
INFO: Sensor JavaScript analysis [javascript] (done) | time=104498ms
INFO: Sensor TypeScript analysis [javascript]
INFO: No input files found for analysis
INFO: Sensor TypeScript analysis [javascript] (done) | time=7ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics [javascript] (done) | time=361ms
INFO: Sensor CSS Rules [javascript]
INFO: 879 source files to be analyzed
INFO: 879/879 source files have been analyzed
INFO: Sensor CSS Rules [javascript] (done) | time=9441ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=8ms
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 765 source files to be analyzed
INFO: 312/765 files analyzed, current file: REDACTED.php
INFO: 750/765 files analyzed, current file: REDACTED.php
INFO: 765/765 source files have been analyzed
INFO: Starting PHP rules
INFO: 765 source files to be analyzed
INFO: 66/765 files analyzed, current file: REDACTED.php
INFO: 192/765 files analyzed, current file: login.php
INFO: 765/765 source files have been analyzed
INFO: No PHPUnit tests reports provided (see 'sonar.php.tests.reportPath' property)
INFO: No PHPUnit coverage reports provided (see 'sonar.php.coverage.reportPaths' property)
INFO: Sensor PHP sensor [php] (done) | time=82033ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=7ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=9ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=3ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/REDACTED/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/REDACTED/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=5ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/REDACTED/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/REDACTED/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=2ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/REDACTED/.scannerwork/ucfg2/php
INFO: Read 505 type definitions
INFO: Reading UCFGs from: /builds/REDACTED/.scannerwork/ucfg2/php
INFO: 15:57:26.648257 Running Tarjan on 36205 nodes
INFO: 15:57:26.768297 Tarjan found 36149 components
INFO: 15:57:26.920625 Variable type analysis: done
INFO: 15:57:26.927287 Building Runtime Type propagation graph
INFO: 15:57:27.255926 Running Tarjan on 41674 nodes
INFO: 15:57:27.333191 Tarjan found 41632 components
INFO: 15:57:27.437391 Variable type analysis: done
INFO: 15:57:27.438999 Building Runtime Type propagation graph
INFO: 15:57:27.649495 Running Tarjan on 41506 nodes
INFO: 15:57:27.717285 Tarjan found 41427 components
INFO: 15:57:27.840821 Variable type analysis: done
INFO: Analyzing 4018 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 379
INFO: Retained UCFGs : 1437
INFO: Taint analysis starting. Entrypoints: 379
INFO: Running symbolic analysis for 'PHP'
INFO: Taint analysis: done.
INFO: Sensor PhpSecuritySensor [security] (done) | time=26291ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /REDACTED/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/REDACTED/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/REDACTED/.scannerwork/REDACTED/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/REDACTED/.scannerwork/REDACTED/js
INFO: 15:57:53.113473 Building Runtime Type propagation graph
INFO: 15:57:53.461143 Running Tarjan on 38719 nodes
INFO: 15:57:53.526153 Tarjan found 38662 components
INFO: 15:57:53.616233 Variable type analysis: done
INFO: 15:57:53.617165 Building Runtime Type propagation graph
INFO: 15:57:53.998166 Running Tarjan on 38719 nodes
INFO: 15:57:54.039422 Tarjan found 38662 components
INFO: 15:57:54.120355 Variable type analysis: done
INFO: Analyzing 4134 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 231
INFO: Running symbolic analysis for 'JS'
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=39640ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=34ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 1/1 source file have been analyzed (done) | time=151ms
INFO: CPD Executor 157 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 874 files
WARN: Too many duplication references on file REDACTED.php for block at line 101. Keep only the first 100 references.
INFO: CPD Executor CPD calculation finished (done) | time=983ms
INFO: SCM writing changed lines
INFO: Merge base sha1: 71edaac762da1e98b266d6b6eac099f5e49b81ca
INFO: SCM writing changed lines (done) | time=71ms
INFO: Analysis report generated in 236ms, dir size=2.5 MB
INFO: Analysis report compressed in 1018ms, zip size=1.3 MB
INFO: Analysis report uploaded in 248ms
INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 4:50.763s
INFO: Final Memory: 130M/440M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: QUALITY GATE STATUS: FAILED - View details on https://REDACTED
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
Colin
May 23, 2022, 8:39am
3
Hey there.
The GitLab Summary Comment is what is available so far as decorating the Merge Request – there’s no further decoration of individual lines in GitLab with issues. So everything appears to be working as expected.
Hi Colin,
Maybe they did some extra configuration/plugins to get it working or this worked in an older version of SonarQube.
