Gradle project scan on Jenkins taking 20 min for 400k lines

I’m evaluating SonarCloud to execute scans for a java project using gradle with ~400k lines and the scan takes around 21 minutes to execute. This timing makes it not a good fit Pull-requests.

Is possible to gradlew sonarqube command only upload the coverage reports and run the analysis on sonarcloud?

What other options can I take to speedup PR analysis?

  • ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
    • Github
  • CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
    • Jenkins
  • Scanner command used when applicable (private details masked)
    def sonarParams = ""
    if ("${env.CHANGE_ID}" != "") {
        sonarParams = "-Dsonar.pullrequest.key=${env.CHANGE_ID}"
        sonarParams += " -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
   withSonarQubeEnv('SonarCloud') {
        sh "./gradlew --no-daemon sonarqube ${sonarParams}"
  • Languages of the repository
    • java

Hi Marcel,

Today SonarCloud allows 2 modes:

  • everything (code scan + report creation and enrichment) runs on on SonarCloud: it’s the Autoscan mode
  • the code is scanned on your side (on prem, on a cloud provider infrastructure, …), the report is sent to SonarCloud and enriched on the SonarCloud side

Java is not available in the Autoscan mode, yet.

So for now, you are stuck with the shared responsibility mode.

What you could do first, is to re-assess the scope of your analysis.
Could you exclude some part of your code base you don’t really need to analyse?


Hello Oliver,

Thank you for the answer.
I will review the analysis scope to improve the timing.

On the other side I have 1 more question.

  • Can I split the scanner execution in two steps ? code analysis and coverage report collection

That will allow me to execute test and analysis in parallel and at the collect the coverage report.

Hello Marcel,

Unfortunately it’s not possible right now.
Could you share the los you the scanner?
We might spot something related to your performance issue.

Of course, if your project is public it would be great because we could try to reproduce your issue.