we have sonarqube enterprese edition server and repo is in azure devops cloud. In PR validation pipeline i just want scan onle files changed in that PR. Azure devops pipeline run in seld hosted agent.
Hey there.
What version of SonarQube Server are you using? This information is requested in template post, and can be found in the footer of your instance.
-
Enterprise Edition
-
v2025.5 (113872)
How can i log a support ticket?
If you have access to Support, you should have been given instructions for logging into the support portal. Otherwise, you get this Community!
This should be the default behavior. What are you seeing instead? Screenshots, logs are all very helpful here!
12_Run Code Analysis.txt (358.6 KB) please find the log
Hey @bairagi
That means your instance doesn’t have access to commercial support.
Your logs show that analysis is pretty fast (and makes use of caching) up to the in-depth security analysis.
2025-11-25T15:09:06.3975653Z 16:09:06.397 INFO: Sensor CSharpSecuritySensor [security]
2025-11-25T15:09:06.3978390Z 16:09:06.397 INFO: 27 taint analysis rules enabled.
2025-11-25T15:09:15.9241853Z 16:09:15.922 INFO: Analyzing 152933 UCFGs to detect vulnerabilities.
....
2025-11-25T15:44:34.0481408Z 16:44:34.018 INFO: Sensor CSharpSecuritySensor [security] (done) | time=2127621ms
Unfortunately, this security analysis doesn’t make use of caching, and there’s no way around that for now (it might change in the future). The only way to avoid this entirely would be to turn off oslyn.sonaranalyzer.security.cs rules in your Quality Profile. 