I’m evaluating SonarCloud to execute scans for a java project using gradle with ~400k lines and the scan takes around 21 minutes to execute. This timing makes it not a good fit Pull-requests.
Is possible to gradlew sonarqube
command only upload the coverage reports and run the analysis on sonarcloud?
What other options can I take to speedup PR analysis?
- ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
- CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
- Scanner command used when applicable (private details masked)
def sonarParams = ""
if ("${env.CHANGE_ID}" != "") {
sonarParams = "-Dsonar.pullrequest.key=${env.CHANGE_ID}"
sonarParams += " -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
}
withSonarQubeEnv('SonarCloud') {
sh "./gradlew --no-daemon sonarqube ${sonarParams}"
}
- Languages of the repository
Hi Marcel,
Today SonarCloud allows 2 modes:
- everything (code scan + report creation and enrichment) runs on on SonarCloud: it’s the Autoscan mode
- the code is scanned on your side (on prem, on a cloud provider infrastructure, …), the report is sent to SonarCloud and enriched on the SonarCloud side
Java is not available in the Autoscan mode, yet.
So for now, you are stuck with the shared responsibility mode.
What you could do first, is to re-assess the scope of your analysis.
Could you exclude some part of your code base you don’t really need to analyse?
Best.
Hello Oliver,
Thank you for the answer.
I will review the analysis scope to improve the timing.
On the other side I have 1 more question.
- Can I split the scanner execution in two steps ? code analysis and coverage report collection
That will allow me to execute test and analysis in parallel and at the collect the coverage report.
Hello Marcel,
Unfortunately it’s not possible right now.
Could you share the los you the scanner?
We might spot something related to your performance issue.
Of course, if your project is public it would be great because we could try to reproduce your issue.
Thanks.
Best.