How to speed up security analyzes on a large java project?


I am in the process of migrating our SonarQube 6.7 to LTS 7.9.5 version Enterprise, and the first analysis of my java project took almost 7 hours, while in version 6.7 it took 40 min max.
The analysis is made by the “cli scanner” ( version), with a jdk 11 and 5Go of memory (-XMX) in a docker under linux.
I see from the logs, and I had read it in the forum, that it is the addition of the analysis of new security rules that increases this analysis time so greatly. (
My java project being quite large, I would like to know if there are any tips to speed up the analysis apart from disabling these rules?

I am attaching an extract from the logs so that you have the metrics of my project:
log analyze.txt (5.3 KB)

Thank You.

Hello Julien,

A lot of performance improvements have been done since the release of SQ LTS 7.9. These improvements have been made available in the 8.x versions.

I would be interested to know the scan time of your big Java project with SonarQube 8.5 (or the upcoming 8.6).


I switched to the latest sonarqube 8 version and I tested the analysis of my project by reactivating all the rules: the analysis lasted only 1 hour 15 minutes!

Thank You.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.