Inconsistent SonarCloud Rule Detection Across Repositories

I’m encountering an issue with SonarCloud where the behavior differs between two repositories when scanning pull requests.

Problem

• Repository A: Both a security issue and a code quality issue are detected.
• Repository B: Only the security issue is detected; the code quality issue is missed.

Test Details

To investigate, I connected both repositories to the same quality profile that checks for:

1. 1 Security Rule
2. 1 Code Quality Rule

I then introduced the same piece of non-compliant code into both repositories.

Results

• Repository A: Catches both the security and code quality issues as expected.
• Repository B: Only catches the security issue; the code quality issue is not flagged.

Question

What could be causing this inconsistency, and how can I ensure that both repositories are scanned equally under the same quality profile?

Hi,

Welcome to the community!

Can you provide this piece of non-compliant code to us?

 
Thx,
Ann

Hello!
I have provided the non-compliant code I’ve been testing with below.
One of my repos is able to catch both typescript issues
Security: DOM updates should not lead to cross-site scripting (XSS) attacks
Quality: Nesting too deep

The other repo is only catching the quality issue, not the security issue

  try {
    const rootEl: any = document.getElementById('root');
    const queryParams = new URLSearchParams(document.location.search);
    const input = queryParams.get('input');
    rootEl.innerHTML = input; // Noncompliant
  } catch (error) {
    console.error(error);
  }

  const test = () => {
    const items = ['1', '2', '4', '5'];
    const test = items.map(() => {
      return items.filter((item) => {
        return console.log(() => {
          console.log(() => {
            console.log(() => {
              console.log('item', item);
              console.log(() => {
                'test';
              });
            });
          });
        });
      });
    });
    return test;
  };

  test();

Hi,

Thanks for the code.

Can you also share about your two repos:

• how and where they’re analyzed (i.e. in-IDE, Server / Community Build / Cloud)
• whether they’re sharing the same Quality Profile

 
Thx,
Ann

Both of our repositories are analyzed as part of our Azure DevOps pipelines during PR creation. In our YAML pipeline, we’ve included the following SonarCloud tasks:

• SonarCloudPrepare
• SonarCloudAnalyze
• SonarCloudPublish

To troubleshoot further, I also manually ran SonarScanner on both full repositories via the CLI.

For testing purposes, I created a new Quality Profile with only two specific rules and connected both repositories to this profile to narrow down the scope.

Thanks!

Hi,

Thanks for those details. Could you provide the analysis logs of the two repositories, please?

 
Thx,
Ann

Hello,

For analysis logs do you mean the ones from the pipeline or the issues that I see in Sonarcloud.io? Or something else entirely?

Thanks!

Hi,

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well. Sorry I didn’t say that earlier.

This guide will help you find them.

 
Ann

I’m not sure when things changed, but now
both repositories are not detecting non-compliant code.

Details:

• Quality Profile: The profile being used is for TypeScript and is called "REPORTS ONLY TEST".
• Logs: I’ve included the analysis logs below from the Azure Pipeline as a code block for your reference.
• Screenshots: To provide additional context:
  • I’ve included screenshots of the non-compliant code in our repository.
  • I’ve also included a screenshot of the code from the Sonar example, which I copied into our repository for comparison.

Logs:

2025-01-24T19:47:47.2035298Z ##[section]Starting: SonarCloudAnalyze
2025-01-24T19:47:47.2039991Z ==============================================================================
2025-01-24T19:47:47.2040159Z Task : Run Code Analysis
2025-01-24T19:47:47.2040250Z Description : Run scanner and upload the results to SonarQube Cloud.
2025-01-24T19:47:47.2040353Z Version : 3.1.1
2025-01-24T19:47:47.2040439Z Author : sonarsource
2025-01-24T19:47:47.2040531Z Help : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
2025-01-24T19:47:47.2040816Z ==============================================================================
2025-01-24T19:47:47.4488723Z [command]/home/vsts/work/\_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/3.1.1/sonar-scanner/bin/sonar-scanner
2025-01-24T19:47:48.1858831Z 19:47:48.175 WARN Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-24T19:47:48.1869961Z 19:47:48.186 INFO Scanner configuration file: /home/vsts/work/\_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/3.1.1/sonar-scanner/conf/sonar-scanner.properties
2025-01-24T19:47:48.1890952Z 19:47:48.188 WARN Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-24T19:47:48.1898957Z 19:47:48.189 INFO Project root configuration file: NONE
2025-01-24T19:47:48.1912971Z 19:47:48.191 WARN Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-24T19:47:48.2250714Z 19:47:48.224 INFO SonarScanner CLI 6.2.1.4610
2025-01-24T19:47:48.2273322Z 19:47:48.226 INFO Java 17.0.13 Eclipse Adoptium (64-bit)
2025-01-24T19:47:48.2292996Z 19:47:48.228 INFO Linux 6.5.0-1025-azure amd64
2025-01-24T19:47:48.2828927Z 19:47:48.282 INFO User cache: /home/vsts/.sonar/cache
2025-01-24T19:47:49.0960065Z 19:47:49.095 INFO JRE provisioning: os[linux], arch[x86_64]
2025-01-24T19:47:53.5325057Z 19:47:53.531 INFO Communicating with SonarCloud
2025-01-24T19:47:53.8395587Z 19:47:53.838 INFO Starting SonarScanner Engine...
2025-01-24T19:47:53.8413911Z 19:47:53.840 INFO Java 17.0.11 Eclipse Adoptium (64-bit)
2025-01-24T19:47:53.8859456Z 19:47:53.884 WARN Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-24T19:47:54.6657591Z 19:47:54.664 INFO Load global settings
2025-01-24T19:47:55.1290394Z 19:47:55.128 INFO Load global settings (done) | time=463ms
2025-01-24T19:47:55.1356026Z 19:47:55.133 INFO Server id: REDACTED
2025-01-24T19:47:55.2771578Z 19:47:55.275 INFO Loading required plugins
2025-01-24T19:47:55.2772211Z 19:47:55.276 INFO Load plugins index
2025-01-24T19:47:55.5720267Z 19:47:55.571 INFO Load plugins index (done) | time=295ms
2025-01-24T19:47:55.5721046Z 19:47:55.571 INFO Load/download plugins
2025-01-24T19:47:56.6291060Z 19:47:56.628 INFO Load/download plugins (done) | time=1057ms
2025-01-24T19:47:57.0451318Z 19:47:57.044 INFO Found an active CI vendor: 'Azure DevOps'
2025-01-24T19:47:57.0602754Z 19:47:57.059 INFO Load project settings for component key: 'REDACTED'
2025-01-24T19:47:57.1859585Z 19:47:57.185 INFO Load project settings for component key: 'REDACTED' (done) | time=124ms
2025-01-24T19:47:57.1930263Z 19:47:57.192 INFO Process project properties
2025-01-24T19:47:57.2030871Z 19:47:57.202 INFO Project key: REDACTED
2025-01-24T19:47:57.2045438Z 19:47:57.202 INFO Base dir: /home/vsts/work/1/s
2025-01-24T19:47:57.2045957Z 19:47:57.202 INFO Working dir: /home/vsts/work/1/s/.scannerwork
2025-01-24T19:47:57.2093013Z 19:47:57.207 INFO Load project branches
2025-01-24T19:47:57.5998270Z 19:47:57.599 INFO Load project branches (done) | time=388ms
2025-01-24T19:47:57.6002597Z 19:47:57.599 INFO Check ALM binding of project 'REDACTED'
2025-01-24T19:47:57.8788101Z 19:47:57.877 INFO Detected project binding: BOUND
2025-01-24T19:47:57.8788930Z 19:47:57.877 INFO Check ALM binding of project 'REDACTED' (done) | time=280ms
2025-01-24T19:47:57.8804505Z 19:47:57.880 INFO Load project pull requests
2025-01-24T19:47:58.0985809Z 19:47:58.097 INFO Load project pull requests (done) | time=218ms
2025-01-24T19:47:58.1027657Z 19:47:58.100 INFO Load branch configuration
2025-01-24T19:47:58.3750356Z 19:47:58.374 INFO Load branch configuration (done) | time=274ms
2025-01-24T19:47:58.3833195Z 19:47:58.382 INFO Load quality profiles
2025-01-24T19:47:58.6554758Z 19:47:58.654 INFO Load quality profiles (done) | time=272ms
2025-01-24T19:47:58.6612213Z 19:47:58.660 INFO Load active rules
2025-01-24T19:48:07.0192624Z 19:48:07.018 INFO Load active rules (done) | time=8358ms
2025-01-24T19:48:07.1582458Z 19:48:07.157 INFO Organization key: REDACTED
2025-01-24T19:48:07.1600490Z 19:48:07.159 INFO Pull request 9559 for merge into dev from REDACTED
2025-01-24T19:48:07.1822637Z 19:48:07.181 INFO Preprocessing files...
2025-01-24T19:48:07.5183028Z 19:48:07.517 INFO 6 languages detected in 172 preprocessed files
2025-01-24T19:48:07.5187197Z 19:48:07.517 INFO 0 files ignored because of inclusion/exclusion patterns
2025-01-24T19:48:07.5206794Z 19:48:07.517 INFO 0 files ignored because of scm ignore settings
2025-01-24T19:48:09.6221996Z 19:48:09.621 INFO Loading plugins for detected languages
2025-01-24T19:48:09.6237643Z 19:48:09.622 INFO Load/download plugins
2025-01-24T19:48:11.2189540Z 19:48:11.217 INFO Load/download plugins (done) | time=1594ms
2025-01-24T19:48:11.3927241Z 19:48:11.390 INFO Load project repositories
2025-01-24T19:48:11.5561315Z 19:48:11.555 INFO Load project repositories (done) | time=164ms
2025-01-24T19:48:11.5591843Z 19:48:11.558 INFO SCM collecting changed files in the branch
2025-01-24T19:48:11.5666250Z 19:48:11.566 WARN Could not find ref: dev in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-24T19:48:11.5717183Z 19:48:11.571 INFO SCM collecting changed files in the branch (done) | time=13ms
2025-01-24T19:48:11.5797392Z 19:48:11.579 INFO Indexing files...
2025-01-24T19:48:11.5828594Z 19:48:11.581 INFO Project configuration:
2025-01-24T19:48:11.5829196Z 19:48:11.581 INFO Excluded sources: \*_/build-wrapper-dump.json
2025-01-24T19:48:11.7542329Z 19:48:11.753 INFO 171 files indexed
2025-01-24T19:48:11.7634325Z 19:48:11.762 INFO Quality profile for css: Sonar way
2025-01-24T19:48:11.7651865Z 19:48:11.764 INFO Quality profile for js: Sonar way
2025-01-24T19:48:11.7659432Z 19:48:11.765 INFO Quality profile for json: Sonar way
2025-01-24T19:48:11.7674399Z 19:48:11.767 INFO Quality profile for ts: REPORTS ONLY TEST
2025-01-24T19:48:11.7681662Z 19:48:11.767 INFO Quality profile for web: Sonar way
2025-01-24T19:48:11.7688671Z 19:48:11.768 INFO Quality profile for yaml: Sonar way
2025-01-24T19:48:11.7696221Z 19:48:11.769 INFO ------------- Run sensors on module REDACTED
2025-01-24T19:48:11.8211748Z 19:48:11.820 INFO Load metrics repository
2025-01-24T19:48:11.9383820Z 19:48:11.937 INFO Load metrics repository (done) | time=117ms
2025-01-24T19:48:11.9432971Z 19:48:11.942 INFO Sensor cache enabled
2025-01-24T19:48:12.0538273Z 19:48:12.051 INFO Load sensor cache
2025-01-24T19:48:13.8469925Z 19:48:13.845 INFO Load sensor cache (356 KB) | time=1794ms
2025-01-24T19:48:14.3573525Z 19:48:14.356 INFO Sensor HTML [web]
2025-01-24T19:48:14.3582513Z 19:48:14.357 INFO Sensor HTML is restricted to changed files only
2025-01-24T19:48:14.5310713Z 19:48:14.529 INFO Sensor HTML [web] (done) | time=173ms
2025-01-24T19:48:14.5350552Z 19:48:14.530 INFO Sensor JaCoCo XML Report Importer [jacoco]
2025-01-24T19:48:14.5351170Z 19:48:14.534 INFO 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2025-01-24T19:48:14.5351675Z 19:48:14.534 INFO No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2025-01-24T19:48:14.5352283Z 19:48:14.534 INFO Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
2025-01-24T19:48:14.5352609Z 19:48:14.534 INFO Sensor IaC Ansible Sensor [iacenterprise]
2025-01-24T19:48:14.6193743Z 19:48:14.618 INFO 0 source files to be analyzed
2025-01-24T19:48:14.6268628Z 19:48:14.625 INFO 0/0 source files have been analyzed
2025-01-24T19:48:14.6307278Z 19:48:14.626 INFO Sensor IaC Ansible Sensor [iacenterprise] (done) | time=93ms
2025-01-24T19:48:14.6307800Z 19:48:14.626 INFO Sensor IaC CloudFormation Sensor [iac]
2025-01-24T19:48:14.6467829Z 19:48:14.639 INFO 0 source files to be analyzed
2025-01-24T19:48:14.6477106Z 19:48:14.640 INFO 0/0 source files have been analyzed
2025-01-24T19:48:14.6477647Z 19:48:14.640 INFO Sensor IaC CloudFormation Sensor [iac] (done) | time=14ms
2025-01-24T19:48:14.6486419Z 19:48:14.640 INFO Sensor IaC Kubernetes Sensor [iac]
2025-01-24T19:48:14.7390510Z 19:48:14.737 INFO 0 source files to be parsed
2025-01-24T19:48:14.7396900Z 19:48:14.737 INFO 0/0 source files have been parsed
2025-01-24T19:48:14.7397552Z 19:48:14.737 INFO 0 source files to be analyzed
2025-01-24T19:48:14.7397884Z 19:48:14.737 INFO 0/0 source files have been analyzed
2025-01-24T19:48:14.7398173Z 19:48:14.737 INFO 0 source files to be checked
2025-01-24T19:48:14.7398448Z 19:48:14.738 INFO 0/0 source files have been checked
2025-01-24T19:48:14.7509851Z 19:48:14.738 INFO Sensor IaC Kubernetes Sensor [iac] (done) | time=97ms
2025-01-24T19:48:14.7510157Z 19:48:14.738 INFO Sensor IaC AzureResourceManager Sensor [iac]
2025-01-24T19:48:14.7510414Z 19:48:14.738 INFO Sensor IaC AzureResourceManager Sensor is restricted to changed files only
2025-01-24T19:48:14.8399576Z 19:48:14.838 INFO 0 source files to be analyzed
2025-01-24T19:48:14.8400374Z 19:48:14.838 INFO 0/0 source files have been analyzed
2025-01-24T19:48:14.8401156Z 19:48:14.838 INFO Sensor IaC AzureResourceManager Sensor [iac] (done) | time=100ms
2025-01-24T19:48:14.8401488Z 19:48:14.839 INFO Sensor Java Config Sensor [iac]
2025-01-24T19:48:14.8502831Z 19:48:14.847 INFO 0 source files to be analyzed
2025-01-24T19:48:14.8503729Z 19:48:14.847 INFO 0/0 source files have been analyzed
2025-01-24T19:48:14.8504400Z 19:48:14.848 INFO Sensor Java Config Sensor [iac] (done) | time=10ms
2025-01-24T19:48:14.8511445Z 19:48:14.850 INFO Sensor JavaScript/TypeScript analysis [javascript]
2025-01-24T19:48:15.0001093Z 19:48:14.999 INFO Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
2025-01-24T19:48:15.0019689Z 19:48:15.001 INFO Deploy location /home/vsts/.sonar/js/node-runtime, tagetRuntime: /home/vsts/.sonar/js/node-runtime/node, version: /home/vsts/.sonar/js/node-runtime/version.txt
2025-01-24T19:48:18.2336134Z 19:48:18.232 INFO Using embedded Node.js runtime.
2025-01-24T19:48:18.2337575Z 19:48:18.232 INFO Using Node.js executable: '/home/vsts/.sonar/js/node-runtime/node'.
2025-01-24T19:48:20.0375231Z 19:48:20.036 INFO Memory configuration: OS (6921 MB), Node.js (2096 MB).
2025-01-24T19:48:21.9996186Z 19:48:21.996 WARN Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-24T19:48:21.9997059Z 19:48:21.997 WARN Access to the multi-values/property set property 'sonar.typescript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-24T19:48:22.0113831Z 19:48:22.010 INFO Found 1 tsconfig.json file(s): [/home/vsts/work/1/s/tsconfig.json]
2025-01-24T19:48:22.0123289Z 19:48:22.011 INFO Creating TypeScript program
2025-01-24T19:48:22.0123772Z 19:48:22.011 INFO TypeScript configuration file /home/vsts/work/1/s/tsconfig.json
2025-01-24T19:48:22.0167826Z 19:48:22.016 INFO 113 source files to be analyzed
2025-01-24T19:48:22.7368166Z 19:48:22.736 INFO Starting analysis with current program
2025-01-24T19:48:26.8625997Z 19:48:26.861 INFO Analyzed 110 file(s) with current program
2025-01-24T19:48:26.8711788Z 19:48:26.870 INFO Creating TypeScript program
2025-01-24T19:48:26.8712522Z 19:48:26.870 INFO TypeScript configuration file /home/vsts/work/1/s/tsconfig.node.json
2025-01-24T19:48:27.1436025Z 19:48:27.143 INFO Starting analysis with current program
2025-01-24T19:48:27.3032152Z 19:48:27.302 INFO Analyzed 1 file(s) with current program
2025-01-24T19:48:27.3071421Z 19:48:27.306 INFO Found 2 file(s) not part of any tsconfig.json: they will be analyzed without type information
2025-01-24T19:48:27.4243070Z 19:48:27.422 INFO 113/113 source files have been analyzed
2025-01-24T19:48:27.4252361Z 19:48:27.424 INFO Hit the cache for 5 out of 113
2025-01-24T19:48:27.4357438Z 19:48:27.434 INFO Miss the cache for 108 out of 113: FILE_CHANGED [108/113]
2025-01-24T19:48:27.4358082Z 19:48:27.435 INFO Sensor JavaScript/TypeScript analysis [javascript] (done) | time=12580ms
2025-01-24T19:48:27.4358973Z 19:48:27.435 INFO Sensor JavaScript inside YAML analysis [javascript]
2025-01-24T19:48:27.4432904Z 19:48:27.441 INFO No input files found for analysis
2025-01-24T19:48:27.4433472Z 19:48:27.442 INFO Hit the cache for 0 out of 0
2025-01-24T19:48:27.4433923Z 19:48:27.442 INFO Miss the cache for 0 out of 0
2025-01-24T19:48:27.4434469Z 19:48:27.442 INFO Sensor JavaScript inside YAML analysis [javascript] (done) | time=14ms
2025-01-24T19:48:27.4434911Z 19:48:27.442 INFO Sensor JavaScript inside HTML analysis [javascript]
2025-01-24T19:48:27.4728599Z 19:48:27.472 INFO 2 source files to be analyzed
2025-01-24T19:48:27.5782357Z 19:48:27.575 INFO 2/2 source files have been analyzed
2025-01-24T19:48:27.5783183Z 19:48:27.576 INFO Hit the cache for 0 out of 2
2025-01-24T19:48:27.5783660Z 19:48:27.576 INFO Miss the cache for 2 out of 2: FILE_CHANGED [2/2]
2025-01-24T19:48:27.5784178Z 19:48:27.576 INFO Sensor JavaScript inside HTML analysis [javascript] (done) | time=133ms
2025-01-24T19:48:27.5951844Z 19:48:27.576 INFO Sensor CSS Rules [javascript]
2025-01-24T19:48:27.5952214Z 19:48:27.576 INFO Sensor CSS Rules is restricted to changed files only
2025-01-24T19:48:27.5969347Z 19:48:27.596 INFO 2 source files to be analyzed
2025-01-24T19:48:27.6895964Z 19:48:27.686 INFO 2/2 source files have been analyzed
2025-01-24T19:48:27.6896752Z 19:48:27.687 INFO Hit the cache for 0 out of 0
2025-01-24T19:48:27.6897486Z 19:48:27.687 INFO Miss the cache for 0 out of 0
2025-01-24T19:48:27.6897874Z 19:48:27.687 INFO Sensor CSS Rules [javascript] (done) | time=111ms
2025-01-24T19:48:27.6898281Z 19:48:27.687 INFO Sensor CSS Metrics [javascript]
2025-01-24T19:48:27.6898728Z 19:48:27.687 INFO Sensor CSS Metrics is restricted to changed files only
2025-01-24T19:48:27.6912253Z 19:48:27.690 INFO Sensor CSS Metrics [javascript] (done) | time=0ms
2025-01-24T19:48:27.6912795Z 19:48:27.690 INFO Sensor IaC Docker Sensor [iac]
2025-01-24T19:48:27.6913154Z 19:48:27.690 INFO Sensor IaC Docker Sensor is restricted to changed files only
2025-01-24T19:48:27.8018729Z 19:48:27.801 INFO 0 source files to be analyzed
2025-01-24T19:48:27.8029204Z 19:48:27.802 INFO 0/0 source files have been analyzed
2025-01-24T19:48:27.8070725Z 19:48:27.806 INFO Sensor IaC Docker Sensor [iac] (done) | time=115ms
2025-01-24T19:48:27.8071268Z 19:48:27.806 INFO Sensor Serverless configuration file sensor [security]
2025-01-24T19:48:27.8071768Z 19:48:27.806 INFO 0 Serverless function entries were found in the project
2025-01-24T19:48:27.8138232Z 19:48:27.813 INFO 0 Serverless function handlers were kept as entrypoints
2025-01-24T19:48:27.8138840Z 19:48:27.813 INFO Sensor Serverless configuration file sensor [security] (done) | time=6ms
2025-01-24T19:48:27.8139309Z 19:48:27.813 INFO Sensor AWS SAM template file sensor [security]
2025-01-24T19:48:27.8139771Z 19:48:27.813 INFO Sensor AWS SAM template file sensor [security] (done) | time=2ms
2025-01-24T19:48:27.8140384Z 19:48:27.813 INFO Sensor AWS SAM Inline template file sensor [security]
2025-01-24T19:48:27.8157873Z 19:48:27.815 INFO Sensor AWS SAM Inline template file sensor [security] (done) | time=4ms
2025-01-24T19:48:27.8167204Z 19:48:27.816 INFO Sensor EnterpriseTextAndSecretsSensor [textenterprise]
2025-01-24T19:48:27.8174069Z 19:48:27.817 INFO Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
2025-01-24T19:48:27.8181437Z 19:48:27.817 INFO Available processors: 2
2025-01-24T19:48:27.8188093Z 19:48:27.818 INFO Using 2 threads for analysis.
2025-01-24T19:48:28.7839790Z 19:48:28.783 INFO The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
2025-01-24T19:48:28.7840598Z _ The filename starts with "test"
2025-01-24T19:48:28.7841339Z _ The filename contains "test." or "tests."
2025-01-24T19:48:28.7841720Z _ Any directory in the file path is named: "doc", "docs", "test" or "tests"
2025-01-24T19:48:28.7842126Z \* Any directory in the file path has a name ending in "test" or "tests"
2025-01-24T19:48:28.7842799Z
2025-01-24T19:48:28.8136264Z 19:48:28.813 INFO Using git CLI to retrieve untracked files
2025-01-24T19:48:28.8359686Z 19:48:28.835 INFO Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
2025-01-24T19:48:28.9152400Z 19:48:28.914 INFO 29 source files to be analyzed
2025-01-24T19:48:33.8047489Z 19:48:33.803 INFO 29/29 source files have been analyzed
2025-01-24T19:48:33.8125040Z 19:48:33.811 INFO Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=5989ms
2025-01-24T19:48:33.8125847Z 19:48:33.811 INFO Sensor JavaSecuritySensor [security]
2025-01-24T19:48:33.8126665Z 19:48:33.812 INFO Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
2025-01-24T19:48:33.8142441Z 19:48:33.813 INFO Load type hierarchy and UCFGs: Starting
2025-01-24T19:48:33.8153266Z 19:48:33.814 INFO Load type hierarchy: Starting
2025-01-24T19:48:33.8160748Z 19:48:33.815 INFO Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/java
2025-01-24T19:48:33.8167982Z 19:48:33.816 INFO Read 0 type definitions
2025-01-24T19:48:33.8201822Z 19:48:33.818 INFO Load type hierarchy: Time spent was 00:00:00.003
2025-01-24T19:48:33.8209898Z 19:48:33.820 INFO Load UCFGs: Starting
2025-01-24T19:48:33.8259741Z 19:48:33.825 INFO Load UCFGs: Time spent was 00:00:00.004
2025-01-24T19:48:33.8267848Z 19:48:33.826 INFO Load type hierarchy and UCFGs: Time spent was 00:00:00.012
2025-01-24T19:48:33.8274337Z 19:48:33.827 INFO No UCFGs have been included for analysis.
2025-01-24T19:48:33.8362545Z 19:48:33.835 INFO java security sensor: Time spent was 00:00:00.027
2025-01-24T19:48:33.8380852Z 19:48:33.837 INFO java security sensor: Begin: 2025-01-24T19:48:33.807577610Z, End: 2025-01-24T19:48:33.835332190Z, Duration: 00:00:00.027
2025-01-24T19:48:33.8381619Z Load type hierarchy and UCFGs: Begin: 2025-01-24T19:48:33.813290488Z, End: 2025-01-24T19:48:33.826216265Z, Duration: 00:00:00.012
2025-01-24T19:48:33.8382309Z Load type hierarchy: Begin: 2025-01-24T19:48:33.814509005Z, End: 2025-01-24T19:48:33.817987253Z, Duration: 00:00:00.003
2025-01-24T19:48:33.8388618Z Load UCFGs: Begin: 2025-01-24T19:48:33.820445486Z, End: 2025-01-24T19:48:33.824561843Z, Duration: 00:00:00.004
2025-01-24T19:48:33.8388917Z 19:48:33.838 INFO java security sensor peak memory: 228 MB
2025-01-24T19:48:33.8397744Z 19:48:33.839 INFO Sensor JavaSecuritySensor [security] (done) | time=34ms
2025-01-24T19:48:33.8473456Z 19:48:33.845 INFO Sensor CSharpSecuritySensor [security]
2025-01-24T19:48:33.8519165Z 19:48:33.851 INFO Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
2025-01-24T19:48:33.8530165Z 19:48:33.852 INFO Load type hierarchy and UCFGs: Starting
2025-01-24T19:48:33.8536553Z 19:48:33.853 INFO Load type hierarchy: Starting
2025-01-24T19:48:33.8547174Z 19:48:33.854 INFO Reading type hierarchy from: /home/vsts/work/1/s/ucfg2/cs
2025-01-24T19:48:33.8566996Z 19:48:33.855 INFO Read 0 type definitions
2025-01-24T19:48:33.8575662Z 19:48:33.857 INFO Load type hierarchy: Time spent was 00:00:00.003
2025-01-24T19:48:33.8581650Z 19:48:33.857 INFO Load UCFGs: Starting
2025-01-24T19:48:33.8590877Z 19:48:33.858 INFO Load UCFGs: Time spent was 00:00:00.000
2025-01-24T19:48:33.8598153Z 19:48:33.859 INFO Load type hierarchy and UCFGs: Time spent was 00:00:00.006
2025-01-24T19:48:33.8604586Z 19:48:33.860 INFO No UCFGs have been included for analysis.
2025-01-24T19:48:33.8619296Z 19:48:33.861 INFO csharp security sensor: Time spent was 00:00:00.010
2025-01-24T19:48:33.8646414Z 19:48:33.864 INFO csharp security sensor: Begin: 2025-01-24T19:48:33.850966704Z, End: 2025-01-24T19:48:33.861391946Z, Duration: 00:00:00.010
2025-01-24T19:48:33.8647498Z Load type hierarchy and UCFGs: Begin: 2025-01-24T19:48:33.852566126Z, End: 2025-01-24T19:48:33.859324918Z, Duration: 00:00:00.006
2025-01-24T19:48:33.8648190Z Load type hierarchy: Begin: 2025-01-24T19:48:33.853257135Z, End: 2025-01-24T19:48:33.856970686Z, Duration: 00:00:00.003
2025-01-24T19:48:33.8648561Z Load UCFGs: Begin: 2025-01-24T19:48:33.857805397Z, End: 2025-01-24T19:48:33.858440506Z, Duration: 00:00:00.000
2025-01-24T19:48:33.8669895Z 19:48:33.866 INFO csharp security sensor peak memory: 228 MB
2025-01-24T19:48:33.8689548Z 19:48:33.868 INFO Sensor CSharpSecuritySensor [security] (done) | time=24ms
2025-01-24T19:48:33.8698777Z 19:48:33.869 INFO Sensor PhpSecuritySensor [security]
2025-01-24T19:48:33.8730450Z 19:48:33.872 INFO Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
2025-01-24T19:48:33.8750239Z 19:48:33.874 INFO Load type hierarchy and UCFGs: Starting
2025-01-24T19:48:33.8756467Z 19:48:33.875 INFO Load type hierarchy: Starting
2025-01-24T19:48:33.8763279Z 19:48:33.876 INFO Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/php
2025-01-24T19:48:33.8769405Z 19:48:33.876 INFO Read 0 type definitions
2025-01-24T19:48:33.8776916Z 19:48:33.877 INFO Load type hierarchy: Time spent was 00:00:00.001
2025-01-24T19:48:33.8783019Z 19:48:33.878 INFO Load UCFGs: Starting
2025-01-24T19:48:33.8790248Z 19:48:33.878 INFO Load UCFGs: Time spent was 00:00:00.000
2025-01-24T19:48:33.8797404Z 19:48:33.879 INFO Load type hierarchy and UCFGs: Time spent was 00:00:00.004
2025-01-24T19:48:33.8803595Z 19:48:33.880 INFO No UCFGs have been included for analysis.
2025-01-24T19:48:33.8813405Z 19:48:33.881 INFO php security sensor: Time spent was 00:00:00.009
2025-01-24T19:48:33.8855180Z 19:48:33.885 INFO php security sensor: Begin: 2025-01-24T19:48:33.871383383Z, End: 2025-01-24T19:48:33.880881913Z, Duration: 00:00:00.009
2025-01-24T19:48:33.8855926Z Load type hierarchy and UCFGs: Begin: 2025-01-24T19:48:33.874546826Z, End: 2025-01-24T19:48:33.879267191Z, Duration: 00:00:00.004
2025-01-24T19:48:33.8856594Z Load type hierarchy: Begin: 2025-01-24T19:48:33.875269036Z, End: 2025-01-24T19:48:33.877201463Z, Duration: 00:00:00.001
2025-01-24T19:48:33.8857000Z Load UCFGs: Begin: 2025-01-24T19:48:33.877929473Z, End: 2025-01-24T19:48:33.878559281Z, Duration: 00:00:00.000
2025-01-24T19:48:33.8865417Z 19:48:33.886 INFO php security sensor peak memory: 228 MB
2025-01-24T19:48:33.8871845Z 19:48:33.886 INFO Sensor PhpSecuritySensor [security] (done) | time=17ms
2025-01-24T19:48:33.8882047Z 19:48:33.887 INFO Sensor PythonSecuritySensor [security]
2025-01-24T19:48:33.8893241Z 19:48:33.889 INFO Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
2025-01-24T19:48:33.8899368Z 19:48:33.889 INFO Load type hierarchy and UCFGs: Starting
2025-01-24T19:48:33.8907644Z 19:48:33.890 INFO Load type hierarchy: Starting
2025-01-24T19:48:33.8914705Z 19:48:33.891 INFO Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/python
2025-01-24T19:48:33.8922873Z 19:48:33.892 INFO Read 0 type definitions
2025-01-24T19:48:33.8935171Z 19:48:33.893 INFO Load type hierarchy: Time spent was 00:00:00.002
2025-01-24T19:48:33.8985349Z 19:48:33.893 INFO Load UCFGs: Starting
2025-01-24T19:48:33.8993740Z 19:48:33.899 INFO Load UCFGs: Time spent was 00:00:00.005
2025-01-24T19:48:33.9003738Z 19:48:33.900 INFO Load type hierarchy and UCFGs: Time spent was 00:00:00.010
2025-01-24T19:48:33.9008260Z 19:48:33.900 INFO No UCFGs have been included for analysis.
2025-01-24T19:48:33.9025531Z 19:48:33.902 INFO python security sensor: Time spent was 00:00:00.013
2025-01-24T19:48:33.9036348Z 19:48:33.903 INFO python security sensor: Begin: 2025-01-24T19:48:33.888675220Z, End: 2025-01-24T19:48:33.902074403Z, Duration: 00:00:00.013
2025-01-24T19:48:33.9037208Z Load type hierarchy and UCFGs: Begin: 2025-01-24T19:48:33.889576432Z, End: 2025-01-24T19:48:33.899890373Z, Duration: 00:00:00.010
2025-01-24T19:48:33.9037642Z Load type hierarchy: Begin: 2025-01-24T19:48:33.890323442Z, End: 2025-01-24T19:48:33.892930378Z, Duration: 00:00:00.002
2025-01-24T19:48:33.9038043Z Load UCFGs: Begin: 2025-01-24T19:48:33.893753789Z, End: 2025-01-24T19:48:33.898823958Z, Duration: 00:00:00.005
2025-01-24T19:48:33.9042827Z 19:48:33.904 INFO python security sensor peak memory: 228 MB
2025-01-24T19:48:33.9047578Z 19:48:33.904 INFO Sensor PythonSecuritySensor [security] (done) | time=17ms
2025-01-24T19:48:33.9054590Z 19:48:33.905 INFO Sensor JsSecuritySensor [security]
2025-01-24T19:48:33.9069163Z 19:48:33.906 INFO Enabled taint analysis rules: S2076, S2083, S2631, S3649, S5131, S5144, S5146, S5147, S5334, S5696, S5883, S6096, S6105, S6287, S6350
2025-01-24T19:48:33.9074075Z 19:48:33.907 INFO Load type hierarchy and UCFGs: Starting
2025-01-24T19:48:33.9078490Z 19:48:33.907 INFO Load type hierarchy: Starting
2025-01-24T19:48:33.9083913Z 19:48:33.908 INFO Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-24T19:48:33.9107244Z 19:48:33.910 INFO Read 0 type definitions
2025-01-24T19:48:33.9113188Z 19:48:33.911 INFO Load type hierarchy: Time spent was 00:00:00.003
2025-01-24T19:48:33.9120637Z 19:48:33.911 INFO Load UCFGs: Starting
2025-01-24T19:48:33.9171883Z 19:48:33.912 INFO Reading UCFGs from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-24T19:48:34.3932693Z 19:48:34.391 INFO Load UCFGs: Time spent was 00:00:00.479
2025-01-24T19:48:34.3933285Z 19:48:34.391 INFO Load type hierarchy and UCFGs: Time spent was 00:00:00.483
2025-01-24T19:48:34.3933616Z 19:48:34.391 INFO Analyzing 545 UCFGs to detect vulnerabilities.
2025-01-24T19:48:34.3933914Z 19:48:34.391 INFO Check cache: Starting
2025-01-24T19:48:34.3934180Z 19:48:34.391 INFO Load cache: Starting
2025-01-24T19:48:34.3948836Z 19:48:34.394 INFO Load cache: Time spent was 00:00:00.002
2025-01-24T19:48:34.3961627Z 19:48:34.395 INFO Compare cache: Starting
2025-01-24T19:48:34.3977193Z 19:48:34.397 INFO Cache loaded: SecuritySensorCache{ucfgsHashes.count=505, typeDefinitionsHashes.count=0}
2025-01-24T19:48:34.3977648Z 19:48:34.397 INFO Compare cache: Time spent was 00:00:00.002
2025-01-24T19:48:34.3977964Z 19:48:34.397 INFO Check cache: Time spent was 00:00:00.005
2025-01-24T19:48:34.3978278Z 19:48:34.397 INFO Create runtime call graph: Starting
2025-01-24T19:48:34.3987378Z 19:48:34.398 INFO Variable Type Analysis #1: Starting
2025-01-24T19:48:34.3990705Z 19:48:34.398 INFO Create runtime type propagation graph: Starting
2025-01-24T19:48:34.4453244Z 19:48:34.443 INFO Create runtime type propagation graph: Time spent was 00:00:00.044
2025-01-24T19:48:34.4454298Z 19:48:34.444 INFO Run SCC (Tarjan) on 3584 nodes: Starting
2025-01-24T19:48:34.4569483Z 19:48:34.454 INFO Run SCC (Tarjan) on 3584 nodes: Time spent was 00:00:00.010
2025-01-24T19:48:34.4570213Z 19:48:34.455 INFO Tarjan found 3584 strongly connected components
2025-01-24T19:48:34.4570641Z 19:48:34.455 INFO Propagate runtime types to strongly connected components: Starting
2025-01-24T19:48:34.4742890Z 19:48:34.472 INFO Propagate runtime types to strongly connected components: Time spent was 00:00:00.015
2025-01-24T19:48:34.4743446Z 19:48:34.473 INFO Variable Type Analysis #1: Time spent was 00:00:00.074
2025-01-24T19:48:34.4753268Z 19:48:34.474 INFO Variable Type Analysis #2: Starting
2025-01-24T19:48:34.4835659Z 19:48:34.483 INFO Create runtime type propagation graph: Starting
2025-01-24T19:48:34.5128427Z 19:48:34.511 INFO Create runtime type propagation graph: Time spent was 00:00:00.028
2025-01-24T19:48:34.5138180Z 19:48:34.513 INFO Run SCC (Tarjan) on 3584 nodes: Starting
2025-01-24T19:48:34.5190216Z 19:48:34.518 INFO Run SCC (Tarjan) on 3584 nodes: Time spent was 00:00:00.004
2025-01-24T19:48:34.5204448Z 19:48:34.519 INFO Tarjan found 3584 strongly connected components
2025-01-24T19:48:34.5221521Z 19:48:34.520 INFO Propagate runtime types to strongly connected components: Starting
2025-01-24T19:48:34.5305765Z 19:48:34.530 INFO Propagate runtime types to strongly connected components: Time spent was 00:00:00.009
2025-01-24T19:48:34.5317120Z 19:48:34.531 INFO Variable Type Analysis #2: Time spent was 00:00:00.056
2025-01-24T19:48:34.5336553Z 19:48:34.533 INFO Create runtime call graph: Time spent was 00:00:00.135
2025-01-24T19:48:34.5342878Z 19:48:34.534 INFO Load config: Starting
2025-01-24T19:48:34.5996329Z 19:48:34.599 INFO Load config: Time spent was 00:00:00.064
2025-01-24T19:48:34.6005340Z 19:48:34.600 INFO Compute entry points: Starting
2025-01-24T19:48:34.6128419Z 19:48:34.612 INFO Compute entry points: Time spent was 00:00:00.012
2025-01-24T19:48:34.6136299Z 19:48:34.613 INFO All rules entry points : 114
2025-01-24T19:48:34.6142509Z 19:48:34.614 INFO Slice call graph: Starting
2025-01-24T19:48:34.6149454Z 19:48:34.614 INFO Slice call graph: Time spent was 00:00:00.000
2025-01-24T19:48:34.6155864Z 19:48:34.615 INFO Live variable analysis: Starting
2025-01-24T19:48:34.7361913Z 19:48:34.735 INFO Live variable analysis: Time spent was 00:00:00.119
2025-01-24T19:48:34.7373088Z 19:48:34.736 INFO Taint analysis for js: Starting
2025-01-24T19:48:35.4950315Z 19:48:35.493 INFO 0 / 545 UCFGs simulated, memory usage: 125 MB
2025-01-24T19:48:35.9588005Z 19:48:35.957 INFO 122 / 545 UCFGs simulated, memory usage: 121 MB
2025-01-24T19:48:35.9588801Z 19:48:35.957 INFO Taint analysis for js: Time spent was 00:00:01.220
2025-01-24T19:48:35.9589947Z 19:48:35.957 INFO Report issues: Starting
2025-01-24T19:48:35.9662688Z 19:48:35.965 WARN Failed to find InputFile for \_\_unknown_file, check exclusions.
2025-01-24T19:48:35.9677636Z 19:48:35.967 INFO Report issues: Time spent was 00:00:00.010
2025-01-24T19:48:35.9687185Z 19:48:35.968 INFO Store cache: Starting
2025-01-24T19:48:35.9687735Z 19:48:35.968 INFO Store cache: Time spent was 00:00:00.000
2025-01-24T19:48:35.9693901Z 19:48:35.969 INFO js security sensor: Time spent was 00:00:02.063
2025-01-24T19:48:35.9725024Z 19:48:35.972 INFO js security sensor: Begin: 2025-01-24T19:48:33.905621451Z, End: 2025-01-24T19:48:35.968885275Z, Duration: 00:00:02.063
2025-01-24T19:48:35.9725726Z Load type hierarchy and UCFGs: Begin: 2025-01-24T19:48:33.907028471Z, End: 2025-01-24T19:48:34.391015092Z, Duration: 00:00:00.483
2025-01-24T19:48:35.9726316Z Load type hierarchy: Begin: 2025-01-24T19:48:33.907511877Z, End: 2025-01-24T19:48:33.910856223Z, Duration: 00:00:00.003
2025-01-24T19:48:35.9726778Z Load UCFGs: Begin: 2025-01-24T19:48:33.911422231Z, End: 2025-01-24T19:48:34.390801389Z, Duration: 00:00:00.479
2025-01-24T19:48:35.9727223Z Check cache: Begin: 2025-01-24T19:48:34.391285695Z, End: 2025-01-24T19:48:34.397105675Z, Duration: 00:00:00.005
2025-01-24T19:48:35.9791016Z Load cache: Begin: 2025-01-24T19:48:34.391311596Z, End: 2025-01-24T19:48:34.393602227Z, Duration: 00:00:00.002
2025-01-24T19:48:35.9791421Z Compare cache: Begin: 2025-01-24T19:48:34.394475039Z, End: 2025-01-24T19:48:34.396995973Z, Duration: 00:00:00.002
2025-01-24T19:48:35.9792006Z Create runtime call graph: Begin: 2025-01-24T19:48:34.397363578Z, End: 2025-01-24T19:48:34.533124336Z, Duration: 00:00:00.135
2025-01-24T19:48:35.9792663Z Variable Type Analysis #1: Begin: 2025-01-24T19:48:34.397917686Z, End: 2025-01-24T19:48:34.472462406Z, Duration: 00:00:00.074
2025-01-24T19:48:35.9793035Z Create runtime type propagation graph: Begin: 2025-01-24T19:48:34.398619796Z, End: 2025-01-24T19:48:34.443185305Z, Duration: 00:00:00.044
2025-01-24T19:48:35.9793390Z Run SCC (Tarjan) on 3584 nodes: Begin: 2025-01-24T19:48:34.443751713Z, End: 2025-01-24T19:48:34.454207156Z, Duration: 00:00:00.010
2025-01-24T19:48:35.9793759Z Propagate runtime types to strongly connected components: Begin: 2025-01-24T19:48:34.454508360Z, End: 2025-01-24T19:48:34.470345377Z, Duration: 00:00:00.015
2025-01-24T19:48:35.9794123Z Variable Type Analysis #2: Begin: 2025-01-24T19:48:34.474394932Z, End: 2025-01-24T19:48:34.530883905Z, Duration: 00:00:00.056
2025-01-24T19:48:35.9794588Z Create runtime type propagation graph: Begin: 2025-01-24T19:48:34.482727846Z, End: 2025-01-24T19:48:34.511105234Z, Duration: 00:00:00.028
2025-01-24T19:48:35.9794944Z Run SCC (Tarjan) on 3584 nodes: Begin: 2025-01-24T19:48:34.513133962Z, End: 2025-01-24T19:48:34.517684924Z, Duration: 00:00:00.004
2025-01-24T19:48:35.9795310Z Propagate runtime types to strongly connected components: Begin: 2025-01-24T19:48:34.520694066Z, End: 2025-01-24T19:48:34.529696489Z, Duration: 00:00:00.009
2025-01-24T19:48:35.9795664Z Load config: Begin: 2025-01-24T19:48:34.533903146Z, End: 2025-01-24T19:48:34.598612132Z, Duration: 00:00:00.064
2025-01-24T19:48:35.9795992Z Compute entry points: Begin: 2025-01-24T19:48:34.599912549Z, End: 2025-01-24T19:48:34.612012115Z, Duration: 00:00:00.012
2025-01-24T19:48:35.9796320Z Slice call graph: Begin: 2025-01-24T19:48:34.613875640Z, End: 2025-01-24T19:48:34.614493649Z, Duration: 00:00:00.000
2025-01-24T19:48:35.9796659Z Live variable analysis: Begin: 2025-01-24T19:48:34.615221259Z, End: 2025-01-24T19:48:34.735098699Z, Duration: 00:00:00.119
2025-01-24T19:48:35.9796993Z Taint analysis for js: Begin: 2025-01-24T19:48:34.736661720Z, End: 2025-01-24T19:48:35.956669308Z, Duration: 00:00:01.220
2025-01-24T19:48:35.9797326Z Report issues: Begin: 2025-01-24T19:48:35.956788510Z, End: 2025-01-24T19:48:35.966891248Z, Duration: 00:00:00.010
2025-01-24T19:48:35.9797648Z Store cache: Begin: 2025-01-24T19:48:35.967970163Z, End: 2025-01-24T19:48:35.968025263Z, Duration: 00:00:00.000
2025-01-24T19:48:35.9797917Z 19:48:35.972 INFO js security sensor peak memory: 233 MB
2025-01-24T19:48:35.9798150Z 19:48:35.972 INFO Sensor JsSecuritySensor [security] (done) | time=2066ms
2025-01-24T19:48:35.9798385Z 19:48:35.975 INFO ------------- Run sensors on project
2025-01-24T19:48:36.2168908Z 19:48:36.215 INFO Sensor Zero Coverage Sensor
2025-01-24T19:48:36.2461084Z 19:48:36.245 INFO Sensor Zero Coverage Sensor (done) | time=31ms
2025-01-24T19:48:36.2486321Z 19:48:36.248 INFO SCM Publisher SCM provider for this project is: git
2025-01-24T19:48:36.2496760Z 19:48:36.249 INFO SCM Publisher 29 source files to be analyzed
2025-01-24T19:48:36.2608677Z 19:48:36.260 WARN Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
2025-01-24T19:48:36.2639412Z 19:48:36.262 INFO SCM Publisher 0/29 source files have been analyzed (done) | time=3ms
2025-01-24T19:48:36.2640004Z 19:48:36.262 WARN Missing blame information for the following files:
[REDACTED FILES]
2025-01-24T19:48:36.2802884Z 19:48:36.269 WARN This may lead to missing/broken features in SonarCloud
2025-01-24T19:48:36.2803113Z 19:48:36.279 INFO CPD Executor 38 files had no CPD blocks
2025-01-24T19:48:36.2835028Z 19:48:36.283 INFO CPD Executor Calculating CPD for 77 files
2025-01-24T19:48:36.3507670Z 19:48:36.350 INFO CPD Executor CPD calculation finished (done) | time=59ms
2025-01-24T19:48:36.4435168Z 19:48:36.442 INFO SCM writing changed lines
2025-01-24T19:48:36.4463773Z 19:48:36.445 WARN Could not find ref: dev in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-24T19:48:36.4478799Z 19:48:36.447 INFO SCM writing changed lines (done) | time=5ms
2025-01-24T19:48:37.3375904Z 19:48:37.337 INFO Analysis report generated in 980ms, dir size=1 MB
2025-01-24T19:48:37.5068029Z 19:48:37.506 INFO Analysis report compressed in 169ms, zip size=380 KB
2025-01-24T19:48:38.2315000Z 19:48:38.230 INFO Analysis report uploaded in 725ms
2025-01-24T19:48:38.2335296Z 19:48:38.233 INFO ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=REDACTED&pullRequest=9559
2025-01-24T19:48:38.2338537Z 19:48:38.233 INFO Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2025-01-24T19:48:38.2342538Z 19:48:38.234 INFO More about the report processing at https://sonarcloud.io/api/ce/task?id=AZSZ2_o9cB4uQIuh-_IO
2025-01-24T19:48:38.2427737Z 19:48:38.241 INFO Time spent writing ucfgs 252ms
2025-01-24T19:48:38.3280364Z 19:48:38.327 INFO Analysis total time: 41.531 s
2025-01-24T19:48:38.3292837Z 19:48:38.328 INFO SonarScanner Engine completed successfully
2025-01-24T19:48:38.6617664Z 19:48:38.660 INFO EXECUTION SUCCESS
2025-01-24T19:48:38.6638170Z 19:48:38.662 INFO Total time: 50.562s
2025-01-24T19:48:38.9982666Z ##[section]Finishing: SonarCloudAnalyze

Screenshots:

Code Example1577×697 43.1 KB

Our Code657×663 21.8 KB

Rules1652×453 40.2 KB

Hi,

To be clear, it’s the Vulnerability that’s no longer found in either project?

For the analysis log, I was hoping for a log from each project so I could compare/contrast. However, the single log you’ve provided may actually provide the answer: This is a PR analysis. PR analysis only covers what’s new in the PR. If the vulnerability code wasn’t added or edited in the PR, then it’s normal and expected that no issue is raised.

 
Ann

Oh yes, that’s true!
To be thorough and force an analysis of the code in question, this is what I just did:

Steps Taken:

1. On both the originally working and not working repositories, I updated the code to force the PR analysis to catch the error if it exists.

New Results:

• Working Repository: Both errors were caught:

  • Security: tssecurity:S5696
  • Quality: typescript:S2004

• Not Working Repository:

  • Security: Not Caught
  • Quality: typescript:S2004

New Code Added to Both Repositories:

try {
  const rootEl2: any = document.getElementById('root');
  const queryParams2 = new URLSearchParams(document.location.search);
  const input2 = queryParams2.get('input');
  rootEl2.innerHTML = input2; // Noncompliant
} catch (error) {
  console.error(error);
}

const test2 = () => {
  const items = ['1', '2', '4', '5'];
  const test = items.map(() => {
    return items.filter((item) => {
      console.log(() => {
        console.log(() => {
          console.log(() => {
            console.log('item', item);
            console.log(() => {
              'test';
            });
          });
        });
      });
    });
  });
  return test;
};
test2();

Logs:

Pipeline Logs of the Working Repository:

2025-01-27T16:23:09.5204748Z ##[section]Starting: SonarCloudAnalyze
2025-01-27T16:23:09.5209582Z ==============================================================================
2025-01-27T16:23:09.5209774Z Task         : Run Code Analysis
2025-01-27T16:23:09.5209875Z Description  : Run scanner and upload the results to SonarQube Cloud.
2025-01-27T16:23:09.5210019Z Version      : 3.1.1
2025-01-27T16:23:09.5210120Z Author       : sonarsource
2025-01-27T16:23:09.5210213Z Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
2025-01-27T16:23:09.5210525Z ==============================================================================
2025-01-27T16:23:09.8375067Z [command]/home/vsts/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/3.1.1/sonar-scanner/bin/sonar-scanner
2025-01-27T16:23:10.6730089Z 16:23:10.663 WARN  Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-27T16:23:10.6731975Z 16:23:10.672 INFO  Scanner configuration file: /home/vsts/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/3.1.1/sonar-scanner/conf/sonar-scanner.properties
2025-01-27T16:23:10.6748779Z 16:23:10.673 WARN  Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-27T16:23:10.6749654Z 16:23:10.674 INFO  Project root configuration file: NONE
2025-01-27T16:23:10.6760336Z 16:23:10.674 WARN  Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-27T16:23:10.6970082Z 16:23:10.696 INFO  SonarScanner CLI 6.2.1.4610
2025-01-27T16:23:10.6992852Z 16:23:10.697 INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
2025-01-27T16:23:10.7005404Z 16:23:10.700 INFO  Linux 6.5.0-1025-azure amd64
2025-01-27T16:23:10.7462371Z 16:23:10.745 INFO  User cache: /home/vsts/.sonar/cache
2025-01-27T16:23:11.6096073Z 16:23:11.608 INFO  JRE provisioning: os[linux], arch[x86_64]
2025-01-27T16:23:16.4224188Z 16:23:16.421 INFO  Communicating with SonarCloud
2025-01-27T16:23:16.7764605Z 16:23:16.774 INFO  Starting SonarScanner Engine...
2025-01-27T16:23:16.7774475Z 16:23:16.776 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
2025-01-27T16:23:16.8403860Z 16:23:16.838 WARN  Ignoring property 'sonar.token' from env variable 'SONARQUBE_SCANNER_PARAMS' because it is already defined
2025-01-27T16:23:17.8358965Z 16:23:17.834 INFO  Load global settings
2025-01-27T16:23:18.3346913Z 16:23:18.331 INFO  Load global settings (done) | time=497ms
2025-01-27T16:23:18.3451264Z 16:23:18.339 INFO  Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2025-01-27T16:23:18.5554107Z 16:23:18.552 INFO  Loading required plugins
2025-01-27T16:23:18.5560634Z 16:23:18.553 INFO  Load plugins index
2025-01-27T16:23:18.7612385Z 16:23:18.760 INFO  Load plugins index (done) | time=207ms
2025-01-27T16:23:18.7616634Z 16:23:18.760 INFO  Load/download plugins
2025-01-27T16:23:19.9810791Z 16:23:19.980 INFO  Load/download plugins (done) | time=1219ms
2025-01-27T16:23:20.5268746Z 16:23:20.525 INFO  Found an active CI vendor: 'Azure DevOps'
2025-01-27T16:23:20.5466316Z 16:23:20.545 INFO  Load project settings for component key: '[REDACTED]'
2025-01-27T16:23:20.7310831Z 16:23:20.730 INFO  Load project settings for component key: '[REDACTED]' (done) | time=183ms
2025-01-27T16:23:20.7384078Z 16:23:20.737 INFO  Process project properties
2025-01-27T16:23:20.7543718Z 16:23:20.753 INFO  Project key: [REDACTED]
2025-01-27T16:23:20.7544602Z 16:23:20.753 INFO  Base dir: /home/vsts/work/1/s
2025-01-27T16:23:20.7545107Z 16:23:20.753 INFO  Working dir: /home/vsts/work/1/s/.scannerwork
2025-01-27T16:23:20.7626953Z 16:23:20.761 INFO  Load project branches
2025-01-27T16:23:21.0693787Z 16:23:21.068 INFO  Load project branches (done) | time=307ms
2025-01-27T16:23:21.0736087Z 16:23:21.073 INFO  Check ALM binding of project '[REDACTED]'
2025-01-27T16:23:21.2475070Z 16:23:21.246 INFO  Detected project binding: BOUND
2025-01-27T16:23:21.2501116Z 16:23:21.248 INFO  Check ALM binding of project '[REDACTED]' (done) | time=175ms
2025-01-27T16:23:21.2509406Z 16:23:21.250 INFO  Load project pull requests
2025-01-27T16:23:21.5980261Z 16:23:21.597 INFO  Load project pull requests (done) | time=347ms
2025-01-27T16:23:21.6012034Z 16:23:21.600 INFO  Load branch configuration
2025-01-27T16:23:22.2516653Z 16:23:22.250 INFO  Load branch configuration (done) | time=650ms
2025-01-27T16:23:22.2593157Z 16:23:22.258 INFO  Load quality profiles
2025-01-27T16:23:22.6723218Z 16:23:22.671 INFO  Load quality profiles (done) | time=412ms
2025-01-27T16:23:22.6791057Z 16:23:22.677 INFO  Load active rules
2025-01-27T16:23:34.6447082Z 16:23:34.643 INFO  Load active rules (done) | time=11965ms
2025-01-27T16:23:34.8543543Z 16:23:34.852 INFO  Organization key: [REDACTED]
2025-01-27T16:23:34.8587233Z 16:23:34.858 INFO  Pull request 9559 for merge into dev from [REDACTED]
2025-01-27T16:23:34.8780818Z 16:23:34.877 INFO  Preprocessing files...
2025-01-27T16:23:35.3968187Z 16:23:35.396 INFO  6 languages detected in 172 preprocessed files
2025-01-27T16:23:35.3980369Z 16:23:35.397 INFO  0 files ignored because of inclusion/exclusion patterns
2025-01-27T16:23:35.3984488Z 16:23:35.397 INFO  0 files ignored because of scm ignore settings
2025-01-27T16:23:35.5439074Z 16:23:35.543 INFO  Loading plugins for detected languages
2025-01-27T16:23:35.5443569Z 16:23:35.543 INFO  Load/download plugins
2025-01-27T16:23:37.5626065Z 16:23:37.560 INFO  Load/download plugins (done) | time=2016ms
2025-01-27T16:23:37.7945519Z 16:23:37.792 INFO  Load project repositories
2025-01-27T16:23:38.0229352Z 16:23:38.020 INFO  Load project repositories (done) | time=229ms
2025-01-27T16:23:38.0253994Z 16:23:38.024 INFO  SCM collecting changed files in the branch
2025-01-27T16:23:38.0359168Z 16:23:38.034 WARN  Could not find ref: dev in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-27T16:23:38.0434904Z 16:23:38.041 INFO  SCM collecting changed files in the branch (done) | time=16ms
2025-01-27T16:23:38.0529845Z 16:23:38.052 INFO  Indexing files...
2025-01-27T16:23:38.0555868Z 16:23:38.054 INFO  Project configuration:
2025-01-27T16:23:38.0556666Z 16:23:38.055 INFO    Excluded sources: **/build-wrapper-dump.json
2025-01-27T16:23:38.2330899Z 16:23:38.232 INFO  171 files indexed
2025-01-27T16:23:38.2399597Z 16:23:38.238 INFO  Quality profile for css: Sonar way
2025-01-27T16:23:38.2400055Z 16:23:38.238 INFO  Quality profile for js: Sonar way
2025-01-27T16:23:38.2400332Z 16:23:38.238 INFO  Quality profile for json: Sonar way
2025-01-27T16:23:38.2400612Z 16:23:38.239 INFO  Quality profile for ts: REPORTS ONLY TEST
2025-01-27T16:23:38.2400889Z 16:23:38.239 INFO  Quality profile for web: Sonar way
2025-01-27T16:23:38.2401159Z 16:23:38.239 INFO  Quality profile for yaml: Sonar way
2025-01-27T16:23:38.2401700Z 16:23:38.239 INFO  ------------- Run sensors on module [REDACTED]
2025-01-27T16:23:38.3104471Z 16:23:38.309 INFO  Load metrics repository
2025-01-27T16:23:38.4988024Z 16:23:38.498 INFO  Load metrics repository (done) | time=188ms
2025-01-27T16:23:38.5060037Z 16:23:38.505 INFO  Sensor cache enabled
2025-01-27T16:23:38.6439633Z 16:23:38.643 INFO  Load sensor cache
2025-01-27T16:23:41.2307830Z 16:23:41.229 INFO  Load sensor cache (379 KB) | time=2587ms
2025-01-27T16:23:41.8542187Z 16:23:41.853 INFO  Sensor HTML [web]
2025-01-27T16:23:41.8543031Z 16:23:41.853 INFO  Sensor HTML is restricted to changed files only
2025-01-27T16:23:41.8630091Z 16:23:41.862 INFO  Sensor HTML [web] (done) | time=9ms
2025-01-27T16:23:41.8687886Z 16:23:41.867 INFO  Sensor JaCoCo XML Report Importer [jacoco]
2025-01-27T16:23:41.8689054Z 16:23:41.867 INFO  'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2025-01-27T16:23:41.8690012Z 16:23:41.867 INFO  No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2025-01-27T16:23:41.8691230Z 16:23:41.868 INFO  Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
2025-01-27T16:23:41.8692390Z 16:23:41.868 INFO  Sensor IaC Ansible Sensor [iacenterprise]
2025-01-27T16:23:41.9934780Z 16:23:41.992 INFO  0 source files to be analyzed
2025-01-27T16:23:42.0007989Z 16:23:42.000 INFO  0/0 source files have been analyzed
2025-01-27T16:23:42.0017348Z 16:23:42.001 INFO  Sensor IaC Ansible Sensor [iacenterprise] (done) | time=133ms
2025-01-27T16:23:42.0033800Z 16:23:42.001 INFO  Sensor IaC CloudFormation Sensor [iac]
2025-01-27T16:23:42.0249384Z 16:23:42.024 INFO  0 source files to be analyzed
2025-01-27T16:23:42.0264268Z 16:23:42.025 INFO  0/0 source files have been analyzed
2025-01-27T16:23:42.0264975Z 16:23:42.026 INFO  Sensor IaC CloudFormation Sensor [iac] (done) | time=25ms
2025-01-27T16:23:42.0274816Z 16:23:42.027 INFO  Sensor IaC Kubernetes Sensor [iac]
2025-01-27T16:23:42.1576059Z 16:23:42.156 INFO  0 source files to be parsed
2025-01-27T16:23:42.1586753Z 16:23:42.158 INFO  0/0 source files have been parsed
2025-01-27T16:23:42.1608019Z 16:23:42.160 INFO  0 source files to be analyzed
2025-01-27T16:23:42.1608746Z 16:23:42.160 INFO  0/0 source files have been analyzed
2025-01-27T16:23:42.1651816Z 16:23:42.163 INFO  0 source files to be checked
2025-01-27T16:23:42.1652405Z 16:23:42.163 INFO  0/0 source files have been checked
2025-01-27T16:23:42.1653132Z 16:23:42.164 INFO  Sensor IaC Kubernetes Sensor [iac] (done) | time=135ms
2025-01-27T16:23:42.1653620Z 16:23:42.164 INFO  Sensor IaC AzureResourceManager Sensor [iac]
2025-01-27T16:23:42.1654341Z 16:23:42.164 INFO  Sensor IaC AzureResourceManager Sensor is restricted to changed files only
2025-01-27T16:23:42.2831765Z 16:23:42.282 INFO  0 source files to be analyzed
2025-01-27T16:23:42.2848068Z 16:23:42.284 INFO  0/0 source files have been analyzed
2025-01-27T16:23:42.2922838Z 16:23:42.291 INFO  Sensor IaC AzureResourceManager Sensor [iac] (done) | time=124ms
2025-01-27T16:23:42.2923501Z 16:23:42.291 INFO  Sensor Java Config Sensor [iac]
2025-01-27T16:23:42.3037379Z 16:23:42.303 INFO  0 source files to be analyzed
2025-01-27T16:23:42.3044858Z 16:23:42.304 INFO  0/0 source files have been analyzed
2025-01-27T16:23:42.3101026Z 16:23:42.309 INFO  Sensor Java Config Sensor [iac] (done) | time=19ms
2025-01-27T16:23:42.3101635Z 16:23:42.309 INFO  Sensor JavaScript/TypeScript analysis [javascript]
2025-01-27T16:23:42.4921019Z 16:23:42.491 INFO  Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
2025-01-27T16:23:42.4951275Z 16:23:42.494 INFO  Deploy location /home/vsts/.sonar/js/node-runtime, tagetRuntime: /home/vsts/.sonar/js/node-runtime/node,  version: /home/vsts/.sonar/js/node-runtime/version.txt
2025-01-27T16:23:46.5709162Z 16:23:46.569 INFO  Using embedded Node.js runtime.
2025-01-27T16:23:46.5710273Z 16:23:46.570 INFO  Using Node.js executable: '/home/vsts/.sonar/js/node-runtime/node'.
2025-01-27T16:23:48.8726487Z 16:23:48.871 INFO  Memory configuration: OS (6921 MB), Node.js (2096 MB).
2025-01-27T16:23:51.3066817Z 16:23:51.304 WARN  Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-27T16:23:51.3072468Z 16:23:51.305 WARN  Access to the multi-values/property set property 'sonar.typescript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-27T16:23:51.3218905Z 16:23:51.321 INFO  Found 1 tsconfig.json file(s): [/home/vsts/work/1/s/tsconfig.json]
2025-01-27T16:23:51.3241121Z 16:23:51.323 INFO  Creating TypeScript program
2025-01-27T16:23:51.3241915Z 16:23:51.323 INFO  TypeScript configuration file /home/vsts/work/1/s/tsconfig.json
2025-01-27T16:23:51.3244662Z 16:23:51.324 INFO  113 source files to be analyzed
2025-01-27T16:23:52.1149623Z 16:23:52.114 INFO  Starting analysis with current program
2025-01-27T16:23:52.8957015Z 16:23:52.894 INFO  Analyzed 110 file(s) with current program
2025-01-27T16:23:52.9023669Z 16:23:52.899 INFO  Creating TypeScript program
2025-01-27T16:23:52.9024730Z 16:23:52.900 INFO  TypeScript configuration file /home/vsts/work/1/s/tsconfig.node.json
2025-01-27T16:23:53.1657287Z 16:23:53.164 INFO  Starting analysis with current program
2025-01-27T16:23:53.1681798Z 16:23:53.167 INFO  Analyzed 1 file(s) with current program
2025-01-27T16:23:53.1769664Z 16:23:53.176 INFO  Found 2 file(s) not part of any tsconfig.json: they will be analyzed without type information
2025-01-27T16:23:53.1867827Z 16:23:53.186 INFO  113/113 source files have been analyzed
2025-01-27T16:23:53.1899229Z 16:23:53.189 INFO  Hit the cache for 112 out of 113
2025-01-27T16:23:53.1938276Z 16:23:53.192 INFO  Miss the cache for 1 out of 113: FILE_CHANGED [1/113]
2025-01-27T16:23:53.1950986Z 16:23:53.194 INFO  Sensor JavaScript/TypeScript analysis [javascript] (done) | time=10889ms
2025-01-27T16:23:53.1966859Z 16:23:53.195 INFO  Sensor JavaScript inside YAML analysis [javascript]
2025-01-27T16:23:53.2066378Z 16:23:53.206 INFO  No input files found for analysis
2025-01-27T16:23:53.2077614Z 16:23:53.207 INFO  Hit the cache for 0 out of 0
2025-01-27T16:23:53.2085399Z 16:23:53.208 INFO  Miss the cache for 0 out of 0
2025-01-27T16:23:53.2091543Z 16:23:53.208 INFO  Sensor JavaScript inside YAML analysis [javascript] (done) | time=13ms
2025-01-27T16:23:53.2103324Z 16:23:53.209 INFO  Sensor JavaScript inside HTML analysis [javascript]
2025-01-27T16:23:53.2312053Z 16:23:53.229 INFO  2 source files to be analyzed
2025-01-27T16:23:53.2413380Z 16:23:53.240 INFO  2/2 source files have been analyzed
2025-01-27T16:23:53.2433990Z 16:23:53.242 INFO  Hit the cache for 2 out of 2
2025-01-27T16:23:53.2467573Z 16:23:53.243 INFO  Miss the cache for 0 out of 2
2025-01-27T16:23:53.2482455Z 16:23:53.247 INFO  Sensor JavaScript inside HTML analysis [javascript] (done) | time=38ms
2025-01-27T16:23:53.2494430Z 16:23:53.249 INFO  Sensor CSS Rules [javascript]
2025-01-27T16:23:53.2509654Z 16:23:53.250 INFO  Sensor CSS Rules is restricted to changed files only
2025-01-27T16:23:53.2520974Z 16:23:53.251 INFO  No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2025-01-27T16:23:53.2527549Z 16:23:53.252 INFO  Sensor CSS Rules [javascript] (done) | time=4ms
2025-01-27T16:23:53.2541708Z 16:23:53.253 INFO  Sensor CSS Metrics [javascript]
2025-01-27T16:23:53.2552434Z 16:23:53.254 INFO  Sensor CSS Metrics is restricted to changed files only
2025-01-27T16:23:53.2563765Z 16:23:53.256 INFO  Sensor CSS Metrics [javascript] (done) | time=2ms
2025-01-27T16:23:53.2571281Z 16:23:53.256 INFO  Sensor IaC Docker Sensor [iac]
2025-01-27T16:23:53.2626387Z 16:23:53.257 INFO  Sensor IaC Docker Sensor is restricted to changed files only
2025-01-27T16:23:53.3187529Z 16:23:53.318 INFO  0 source files to be analyzed
2025-01-27T16:23:53.3199314Z 16:23:53.319 INFO  0/0 source files have been analyzed
2025-01-27T16:23:53.3207453Z 16:23:53.320 INFO  Sensor IaC Docker Sensor [iac] (done) | time=64ms
2025-01-27T16:23:53.3216712Z 16:23:53.321 INFO  Sensor Serverless configuration file sensor [security]
2025-01-27T16:23:53.3230078Z 16:23:53.322 INFO  0 Serverless function entries were found in the project
2025-01-27T16:23:53.3264863Z 16:23:53.324 INFO  0 Serverless function handlers were kept as entrypoints
2025-01-27T16:23:53.3276426Z 16:23:53.326 INFO  Sensor Serverless configuration file sensor [security] (done) | time=5ms
2025-01-27T16:23:53.3291734Z 16:23:53.328 INFO  Sensor AWS SAM template file sensor [security]
2025-01-27T16:23:53.3322609Z 16:23:53.331 INFO  Sensor AWS SAM template file sensor [security] (done) | time=3ms
2025-01-27T16:23:53.3330768Z 16:23:53.332 INFO  Sensor AWS SAM Inline template file sensor [security]
2025-01-27T16:23:53.3356386Z 16:23:53.335 INFO  Sensor AWS SAM Inline template file sensor [security] (done) | time=3ms
2025-01-27T16:23:53.3365361Z 16:23:53.336 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise]
2025-01-27T16:23:53.3371251Z 16:23:53.336 INFO  Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
2025-01-27T16:23:53.3379951Z 16:23:53.337 INFO  Available processors: 2
2025-01-27T16:23:53.3392008Z 16:23:53.338 INFO  Using 2 threads for analysis.
2025-01-27T16:23:53.9638165Z 16:23:53.962 INFO  The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
2025-01-27T16:23:53.9666574Z   * The filename starts with "test"
2025-01-27T16:23:53.9706293Z   * The filename contains "test." or "tests."
2025-01-27T16:23:53.9707218Z   * Any directory in the file path is named: "doc", "docs", "test" or "tests"
2025-01-27T16:23:53.9707814Z   * Any directory in the file path has a name ending in "test" or "tests"
2025-01-27T16:23:53.9708239Z 
2025-01-27T16:23:53.9955422Z 16:23:53.994 INFO  Using git CLI to retrieve untracked files
2025-01-27T16:23:54.0267007Z 16:23:54.026 INFO  Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
2025-01-27T16:23:54.0475911Z 16:23:54.047 INFO  1 source file to be analyzed
2025-01-27T16:23:54.1188603Z 16:23:54.115 INFO  1/1 source file has been analyzed
2025-01-27T16:23:54.1189504Z 16:23:54.116 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=780ms
2025-01-27T16:23:54.1190124Z 16:23:54.116 INFO  Sensor JavaSecuritySensor [security]
2025-01-27T16:23:54.1247871Z 16:23:54.123 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
2025-01-27T16:23:54.1257025Z 16:23:54.124 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T16:23:54.1257931Z 16:23:54.125 INFO  Load type hierarchy: Starting
2025-01-27T16:23:54.1258300Z 16:23:54.125 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/java
2025-01-27T16:23:54.1258632Z 16:23:54.125 INFO  Read 0 type definitions
2025-01-27T16:23:54.1275022Z 16:23:54.126 INFO  Load type hierarchy: Time spent was 00:00:00.001
2025-01-27T16:23:54.1275761Z 16:23:54.126 INFO  Load UCFGs: Starting
2025-01-27T16:23:54.1276375Z 16:23:54.126 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1276773Z 16:23:54.127 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.002
2025-01-27T16:23:54.1277082Z 16:23:54.127 INFO  No UCFGs have been included for analysis.
2025-01-27T16:23:54.1420146Z 16:23:54.141 INFO  java security sensor: Time spent was 00:00:00.021
2025-01-27T16:23:54.1468815Z 16:23:54.142 INFO  java security sensor: Begin: 2025-01-27T16:23:54.118135043Z, End: 2025-01-27T16:23:54.139953840Z, Duration: 00:00:00.021
2025-01-27T16:23:54.1469566Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T16:23:54.123854647Z, End: 2025-01-27T16:23:54.126678198Z, Duration: 00:00:00.002
2025-01-27T16:23:54.1470127Z     Load type hierarchy: Begin: 2025-01-27T16:23:54.123925148Z, End: 2025-01-27T16:23:54.125377975Z, Duration: 00:00:00.001
2025-01-27T16:23:54.1470675Z     Load UCFGs: Begin: 2025-01-27T16:23:54.126339992Z, End: 2025-01-27T16:23:54.126531696Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1471131Z 16:23:54.143 INFO  java security sensor peak memory: 177 MB
2025-01-27T16:23:54.1471521Z 16:23:54.143 INFO  Sensor JavaSecuritySensor [security] (done) | time=26ms
2025-01-27T16:23:54.1485530Z 16:23:54.148 INFO  Sensor CSharpSecuritySensor [security]
2025-01-27T16:23:54.1563230Z 16:23:54.149 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
2025-01-27T16:23:54.1609771Z 16:23:54.149 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T16:23:54.1610356Z 16:23:54.149 INFO  Load type hierarchy: Starting
2025-01-27T16:23:54.1611747Z 16:23:54.149 INFO  Reading type hierarchy from: /home/vsts/work/1/s/ucfg2/cs
2025-01-27T16:23:54.1612065Z 16:23:54.149 INFO  Read 0 type definitions
2025-01-27T16:23:54.1612744Z 16:23:54.149 INFO  Load type hierarchy: Time spent was 00:00:00.000
2025-01-27T16:23:54.1613158Z 16:23:54.150 INFO  Load UCFGs: Starting
2025-01-27T16:23:54.1613434Z 16:23:54.150 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1613841Z 16:23:54.150 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1614230Z 16:23:54.150 INFO  No UCFGs have been included for analysis.
2025-01-27T16:23:54.1614550Z 16:23:54.156 INFO  csharp security sensor: Time spent was 00:00:00.002
2025-01-27T16:23:54.1615036Z 16:23:54.156 INFO  csharp security sensor: Begin: 2025-01-27T16:23:54.148031688Z, End: 2025-01-27T16:23:54.150426531Z, Duration: 00:00:00.002
2025-01-27T16:23:54.1615585Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T16:23:54.149186809Z, End: 2025-01-27T16:23:54.150055425Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1616108Z     Load type hierarchy: Begin: 2025-01-27T16:23:54.149210409Z, End: 2025-01-27T16:23:54.149406013Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1616767Z     Load UCFGs: Begin: 2025-01-27T16:23:54.149789920Z, End: 2025-01-27T16:23:54.149838421Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1617207Z 16:23:54.156 INFO  csharp security sensor peak memory: 177 MB
2025-01-27T16:23:54.1617592Z 16:23:54.156 INFO  Sensor CSharpSecuritySensor [security] (done) | time=4ms
2025-01-27T16:23:54.1617974Z 16:23:54.157 INFO  Sensor PhpSecuritySensor [security]
2025-01-27T16:23:54.1618453Z 16:23:54.157 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
2025-01-27T16:23:54.1618924Z 16:23:54.157 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T16:23:54.1619286Z 16:23:54.157 INFO  Load type hierarchy: Starting
2025-01-27T16:23:54.1619671Z 16:23:54.157 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/php
2025-01-27T16:23:54.1620056Z 16:23:54.157 INFO  Read 0 type definitions
2025-01-27T16:23:54.1620432Z 16:23:54.157 INFO  Load type hierarchy: Time spent was 00:00:00.000
2025-01-27T16:23:54.1620821Z 16:23:54.157 INFO  Load UCFGs: Starting
2025-01-27T16:23:54.1621181Z 16:23:54.157 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1621581Z 16:23:54.157 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.001
2025-01-27T16:23:54.1621974Z 16:23:54.157 INFO  No UCFGs have been included for analysis.
2025-01-27T16:23:54.1622358Z 16:23:54.158 INFO  php security sensor: Time spent was 00:00:00.001
2025-01-27T16:23:54.1622836Z 16:23:54.158 INFO  php security sensor: Begin: 2025-01-27T16:23:54.151353048Z, End: 2025-01-27T16:23:54.153079580Z, Duration: 00:00:00.001
2025-01-27T16:23:54.1623382Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T16:23:54.151579752Z, End: 2025-01-27T16:23:54.152754574Z, Duration: 00:00:00.001
2025-01-27T16:23:54.1623907Z     Load type hierarchy: Begin: 2025-01-27T16:23:54.151601553Z, End: 2025-01-27T16:23:54.152504369Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1624420Z     Load UCFGs: Begin: 2025-01-27T16:23:54.152634072Z, End: 2025-01-27T16:23:54.152664672Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1624861Z 16:23:54.158 INFO  php security sensor peak memory: 177 MB
2025-01-27T16:23:54.1625455Z 16:23:54.158 INFO  Sensor PhpSecuritySensor [security] (done) | time=4ms
2025-01-27T16:23:54.1625846Z 16:23:54.158 INFO  Sensor PythonSecuritySensor [security]
2025-01-27T16:23:54.1629426Z 16:23:54.162 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
2025-01-27T16:23:54.1639664Z 16:23:54.163 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T16:23:54.1642948Z 16:23:54.164 INFO  Load type hierarchy: Starting
2025-01-27T16:23:54.1645977Z 16:23:54.164 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/python
2025-01-27T16:23:54.1666566Z 16:23:54.166 INFO  Read 0 type definitions
2025-01-27T16:23:54.1748485Z 16:23:54.166 INFO  Load type hierarchy: Time spent was 00:00:00.000
2025-01-27T16:23:54.1755009Z 16:23:54.175 INFO  Load UCFGs: Starting
2025-01-27T16:23:54.1758045Z 16:23:54.175 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1760604Z 16:23:54.175 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
2025-01-27T16:23:54.1764022Z 16:23:54.176 INFO  No UCFGs have been included for analysis.
2025-01-27T16:23:54.1767028Z 16:23:54.176 INFO  python security sensor: Time spent was 00:00:00.001
2025-01-27T16:23:54.1773790Z 16:23:54.177 INFO  python security sensor: Begin: 2025-01-27T16:23:54.156741647Z, End: 2025-01-27T16:23:54.158314175Z, Duration: 00:00:00.001
2025-01-27T16:23:54.1774417Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T16:23:54.156996151Z, End: 2025-01-27T16:23:54.157957969Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1774946Z     Load type hierarchy: Begin: 2025-01-27T16:23:54.157015352Z, End: 2025-01-27T16:23:54.157582462Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1775719Z     Load UCFGs: Begin: 2025-01-27T16:23:54.157716964Z, End: 2025-01-27T16:23:54.157752365Z, Duration: 00:00:00.000
2025-01-27T16:23:54.1829713Z 16:23:54.182 INFO  python security sensor peak memory: 177 MB
2025-01-27T16:23:54.1833067Z 16:23:54.183 INFO  Sensor PythonSecuritySensor [security] (done) | time=2ms
2025-01-27T16:23:54.1835738Z 16:23:54.183 INFO  Sensor JsSecuritySensor [security]
2025-01-27T16:23:54.1838350Z 16:23:54.183 INFO  Enabled taint analysis rules: S2076, S2083, S2631, S3649, S5131, S5144, S5146, S5147, S5334, S5696, S5883, S6096, S6105, S6287, S6350
2025-01-27T16:23:54.1840687Z 16:23:54.183 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T16:23:54.1843819Z 16:23:54.184 INFO  Load type hierarchy: Starting
2025-01-27T16:23:54.1846733Z 16:23:54.184 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-27T16:23:54.1849289Z 16:23:54.184 INFO  Read 0 type definitions
2025-01-27T16:23:54.1852479Z 16:23:54.185 INFO  Load type hierarchy: Time spent was 00:00:00.005
2025-01-27T16:23:54.1855000Z 16:23:54.185 INFO  Load UCFGs: Starting
2025-01-27T16:23:54.1859727Z 16:23:54.185 INFO  Reading UCFGs from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-27T16:23:54.7043648Z 16:23:54.703 INFO  Load UCFGs: Time spent was 00:00:00.537
2025-01-27T16:23:54.7108625Z 16:23:54.704 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.544
2025-01-27T16:23:54.7192727Z 16:23:54.718 INFO  Analyzing 545 UCFGs to detect vulnerabilities.
2025-01-27T16:23:54.7197669Z 16:23:54.719 INFO  Check cache: Starting
2025-01-27T16:23:54.7204060Z 16:23:54.720 INFO  Load cache: Starting
2025-01-27T16:23:54.7231644Z 16:23:54.722 INFO  Load cache: Time spent was 00:00:00.002
2025-01-27T16:23:54.7240555Z 16:23:54.723 INFO  Compare cache: Starting
2025-01-27T16:23:54.7263778Z 16:23:54.725 INFO  Cache loaded: SecuritySensorCache{ucfgsHashes.count=538, typeDefinitionsHashes.count=0}
2025-01-27T16:23:54.7266511Z 16:23:54.726 INFO  Compare cache: Time spent was 00:00:00.002
2025-01-27T16:23:54.7281299Z 16:23:54.726 INFO  Check cache: Time spent was 00:00:00.007
2025-01-27T16:23:54.7286453Z 16:23:54.728 INFO  Create runtime call graph: Starting
2025-01-27T16:23:54.7303415Z 16:23:54.730 INFO  Variable Type Analysis #1: Starting
2025-01-27T16:23:54.7316439Z 16:23:54.731 INFO  Create runtime type propagation graph: Starting
2025-01-27T16:23:54.7935159Z 16:23:54.791 INFO  Create runtime type propagation graph: Time spent was 00:00:00.060
2025-01-27T16:23:54.7935830Z 16:23:54.792 INFO  Run SCC (Tarjan) on 3584 nodes: Starting
2025-01-27T16:23:54.8051049Z 16:23:54.803 INFO  Run SCC (Tarjan) on 3584 nodes: Time spent was 00:00:00.011
2025-01-27T16:23:54.8051676Z 16:23:54.803 INFO  Tarjan found 3584 strongly connected components
2025-01-27T16:23:54.8052093Z 16:23:54.803 INFO  Propagate runtime types to strongly connected components: Starting
2025-01-27T16:23:54.8200795Z 16:23:54.818 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.014
2025-01-27T16:23:54.8207213Z 16:23:54.820 INFO  Variable Type Analysis #1: Time spent was 00:00:00.090
2025-01-27T16:23:54.8233652Z 16:23:54.823 INFO  Variable Type Analysis #2: Starting
2025-01-27T16:23:54.8245946Z 16:23:54.824 INFO  Create runtime type propagation graph: Starting
2025-01-27T16:23:54.8572554Z 16:23:54.856 INFO  Create runtime type propagation graph: Time spent was 00:00:00.031
2025-01-27T16:23:54.8578551Z 16:23:54.857 INFO  Run SCC (Tarjan) on 3584 nodes: Starting
2025-01-27T16:23:54.8716468Z 16:23:54.871 INFO  Run SCC (Tarjan) on 3584 nodes: Time spent was 00:00:00.013
2025-01-27T16:23:54.8727260Z 16:23:54.872 INFO  Tarjan found 3584 strongly connected components
2025-01-27T16:23:54.8835061Z 16:23:54.882 INFO  Propagate runtime types to strongly connected components: Starting
2025-01-27T16:23:54.8835663Z 16:23:54.882 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.006
2025-01-27T16:23:54.8836514Z 16:23:54.882 INFO  Variable Type Analysis #2: Time spent was 00:00:00.056
2025-01-27T16:23:54.8836928Z 16:23:54.883 INFO  Create runtime call graph: Time spent was 00:00:00.152
2025-01-27T16:23:54.8837315Z 16:23:54.883 INFO  Load config: Starting
2025-01-27T16:23:54.9984097Z 16:23:54.997 INFO  Load config: Time spent was 00:00:00.116
2025-01-27T16:23:54.9997588Z 16:23:54.999 INFO  Compute entry points: Starting
2025-01-27T16:23:55.0156349Z 16:23:55.015 INFO  Compute entry points: Time spent was 00:00:00.015
2025-01-27T16:23:55.0164995Z 16:23:55.016 INFO  All rules entry points : 114
2025-01-27T16:23:55.0170590Z 16:23:55.016 INFO  Slice call graph: Starting
2025-01-27T16:23:55.0177569Z 16:23:55.017 INFO  Slice call graph: Time spent was 00:00:00.000
2025-01-27T16:23:55.0183363Z 16:23:55.018 INFO  Live variable analysis: Starting
2025-01-27T16:23:55.1699796Z 16:23:55.169 INFO  Live variable analysis: Time spent was 00:00:00.150
2025-01-27T16:23:55.1711430Z 16:23:55.170 INFO  Taint analysis for js: Starting
2025-01-27T16:23:56.6848805Z 16:23:56.684 INFO  0 / 545 UCFGs simulated, memory usage: 131 MB
2025-01-27T16:23:57.5456414Z 16:23:57.544 INFO  122 / 545 UCFGs simulated, memory usage: 103 MB
2025-01-27T16:23:57.5457344Z 16:23:57.545 INFO  Taint analysis for js: Time spent was 00:00:02.374
2025-01-27T16:23:57.5457808Z 16:23:57.545 INFO  Report issues: Starting
2025-01-27T16:23:57.5626637Z 16:23:57.561 WARN  Failed to find InputFile for __unknown_file, check exclusions.
2025-01-27T16:23:57.5760972Z 16:23:57.575 INFO  Report issues: Time spent was 00:00:00.027
2025-01-27T16:23:57.5778656Z 16:23:57.577 INFO  Store cache: Starting
2025-01-27T16:23:57.5778990Z 16:23:57.577 INFO  Store cache: Time spent was 00:00:00.000
2025-01-27T16:23:57.5835696Z 16:23:57.583 INFO  js security sensor: Time spent was 00:00:03.423
2025-01-27T16:23:57.5885407Z 16:23:57.587 INFO  js security sensor: Begin: 2025-01-27T16:23:54.159143890Z, End: 2025-01-27T16:23:57.583032305Z, Duration: 00:00:03.423
2025-01-27T16:23:57.5886292Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T16:23:54.160208710Z, End: 2025-01-27T16:23:54.704322929Z, Duration: 00:00:00.544
2025-01-27T16:23:57.5886950Z     Load type hierarchy: Begin: 2025-01-27T16:23:54.160229210Z, End: 2025-01-27T16:23:54.165535307Z, Duration: 00:00:00.005
2025-01-27T16:23:57.5887525Z     Load UCFGs: Begin: 2025-01-27T16:23:54.165633709Z, End: 2025-01-27T16:23:54.703149708Z, Duration: 00:00:00.537
2025-01-27T16:23:57.5888154Z   Check cache: Begin: 2025-01-27T16:23:54.719265302Z, End: 2025-01-27T16:23:54.726615436Z, Duration: 00:00:00.007
2025-01-27T16:23:57.5888660Z     Load cache: Begin: 2025-01-27T16:23:54.719958014Z, End: 2025-01-27T16:23:54.722512461Z, Duration: 00:00:00.002
2025-01-27T16:23:57.5956078Z     Compare cache: Begin: 2025-01-27T16:23:54.723395277Z, End: 2025-01-27T16:23:54.726036925Z, Duration: 00:00:00.002
2025-01-27T16:23:57.5956636Z   Create runtime call graph: Begin: 2025-01-27T16:23:54.728125463Z, End: 2025-01-27T16:23:54.880457140Z, Duration: 00:00:00.152
2025-01-27T16:23:57.5957124Z     Variable Type Analysis #1: Begin: 2025-01-27T16:23:54.729850095Z, End: 2025-01-27T16:23:54.820049839Z, Duration: 00:00:00.090
2025-01-27T16:23:57.5957961Z       Create runtime type propagation graph: Begin: 2025-01-27T16:23:54.731159319Z, End: 2025-01-27T16:23:54.791192813Z, Duration: 00:00:00.060
2025-01-27T16:23:57.5958419Z       Run SCC (Tarjan) on 3584 nodes: Begin: 2025-01-27T16:23:54.791686822Z, End: 2025-01-27T16:23:54.803058929Z, Duration: 00:00:00.011
2025-01-27T16:23:57.5958895Z       Propagate runtime types to strongly connected components: Begin: 2025-01-27T16:23:54.803337634Z, End: 2025-01-27T16:23:54.818115704Z, Duration: 00:00:00.014
2025-01-27T16:23:57.5959363Z     Variable Type Analysis #2: Begin: 2025-01-27T16:23:54.822825190Z, End: 2025-01-27T16:23:54.879222718Z, Duration: 00:00:00.056
2025-01-27T16:23:57.5959815Z       Create runtime type propagation graph: Begin: 2025-01-27T16:23:54.824075113Z, End: 2025-01-27T16:23:54.855909793Z, Duration: 00:00:00.031
2025-01-27T16:23:57.5960402Z       Run SCC (Tarjan) on 3584 nodes: Begin: 2025-01-27T16:23:54.857255617Z, End: 2025-01-27T16:23:54.870672162Z, Duration: 00:00:00.013
2025-01-27T16:23:57.5960879Z       Propagate runtime types to strongly connected components: Begin: 2025-01-27T16:23:54.872714799Z, End: 2025-01-27T16:23:54.879034414Z, Duration: 00:00:00.006
2025-01-27T16:23:57.5961341Z   Load config: Begin: 2025-01-27T16:23:54.880634944Z, End: 2025-01-27T16:23:54.997045766Z, Duration: 00:00:00.116
2025-01-27T16:23:57.5961765Z   Compute entry points: Begin: 2025-01-27T16:23:54.999075903Z, End: 2025-01-27T16:23:55.014616286Z, Duration: 00:00:00.015
2025-01-27T16:23:57.5962193Z   Slice call graph: Begin: 2025-01-27T16:23:55.016642523Z, End: 2025-01-27T16:23:55.017191233Z, Duration: 00:00:00.000
2025-01-27T16:23:57.5962619Z   Live variable analysis: Begin: 2025-01-27T16:23:55.017894146Z, End: 2025-01-27T16:23:55.168691395Z, Duration: 00:00:00.150
2025-01-27T16:23:57.5963064Z   Taint analysis for js: Begin: 2025-01-27T16:23:55.170400326Z, End: 2025-01-27T16:23:57.544460702Z, Duration: 00:00:02.374
2025-01-27T16:23:57.5963492Z   Report issues: Begin: 2025-01-27T16:23:57.544594805Z, End: 2025-01-27T16:23:57.572420611Z, Duration: 00:00:00.027
2025-01-27T16:23:57.5963910Z   Store cache: Begin: 2025-01-27T16:23:57.577154198Z, End: 2025-01-27T16:23:57.577224499Z, Duration: 00:00:00.000
2025-01-27T16:23:57.5964254Z 16:23:57.588 INFO  js security sensor peak memory: 243 MB
2025-01-27T16:23:57.5964549Z 16:23:57.588 INFO  Sensor JsSecuritySensor [security] (done) | time=3428ms
2025-01-27T16:23:57.5964841Z 16:23:57.592 INFO  ------------- Run sensors on project
2025-01-27T16:23:57.8687479Z 16:23:57.868 INFO  Sensor Zero Coverage Sensor
2025-01-27T16:23:57.8860555Z 16:23:57.885 INFO  Sensor Zero Coverage Sensor (done) | time=18ms
2025-01-27T16:23:57.8891159Z 16:23:57.888 INFO  SCM Publisher SCM provider for this project is: git
2025-01-27T16:23:57.8940116Z 16:23:57.893 INFO  SCM Publisher 1 source file to be analyzed
2025-01-27T16:23:57.9056242Z 16:23:57.905 WARN  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
2025-01-27T16:23:57.9109357Z 16:23:57.910 INFO  SCM Publisher 0/1 source files have been analyzed (done) | time=7ms
2025-01-27T16:23:57.9109888Z 16:23:57.910 WARN  Missing blame information for the following files:
2025-01-27T16:23:57.9110252Z 16:23:57.910 WARN    * src/App.tsx
2025-01-27T16:23:57.9110563Z 16:23:57.910 WARN  This may lead to missing/broken features in SonarCloud
2025-01-27T16:23:57.9346484Z 16:23:57.931 INFO  CPD Executor 38 files had no CPD blocks
2025-01-27T16:23:57.9347068Z 16:23:57.932 INFO  CPD Executor Calculating CPD for 75 files
2025-01-27T16:23:58.0062639Z 16:23:58.000 INFO  CPD Executor CPD calculation finished (done) | time=56ms
2025-01-27T16:23:58.1455329Z 16:23:58.144 INFO  SCM writing changed lines
2025-01-27T16:23:58.1480124Z 16:23:58.147 WARN  Could not find ref: dev in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-27T16:23:58.1515390Z 16:23:58.151 INFO  SCM writing changed lines (done) | time=6ms
2025-01-27T16:23:59.4513930Z 16:23:59.450 INFO  Analysis report generated in 1442ms, dir size=266 KB
2025-01-27T16:23:59.6094133Z 16:23:59.608 INFO  Analysis report compressed in 159ms, zip size=84 KB
2025-01-27T16:23:59.9151625Z 16:23:59.914 INFO  Analysis report uploaded in 305ms
2025-01-27T16:23:59.9182294Z 16:23:59.917 INFO  ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=[REDACTED]&pullRequest=9559
2025-01-27T16:23:59.9189979Z 16:23:59.918 INFO  Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2025-01-27T16:23:59.9197113Z 16:23:59.919 INFO  More about the report processing at https://sonarcloud.io/api/ce/task?id=AZSok7PiRd5L7aCoXgFV
2025-01-27T16:23:59.9391092Z 16:23:59.938 INFO  Time spent writing ucfgs 24ms
2025-01-27T16:24:00.0288090Z 16:24:00.028 INFO  Analysis total time: 39.803 s
2025-01-27T16:24:00.0320863Z 16:24:00.031 INFO  SonarScanner Engine completed successfully
2025-01-27T16:24:00.3746537Z 16:24:00.372 INFO  EXECUTION SUCCESS
2025-01-27T16:24:00.3751150Z 16:24:00.374 INFO  Total time: 49.771s
2025-01-27T16:24:00.7099535Z ##[section]Finishing: SonarCloudAnalyze

Pipeline Logs of the Not Working Repository:

2025-01-27T18:52:28.2609189Z ##[section]Starting: SonarCloudAnalyze
2025-01-27T18:52:28.2614041Z ==============================================================================
2025-01-27T18:52:28.2614210Z Task         : Run Code Analysis
2025-01-27T18:52:28.2614284Z Description  : Run scanner and upload the results to the SonarCloud server.
2025-01-27T18:52:28.2614415Z Version      : 2.3.4
2025-01-27T18:52:28.2614485Z Author       : sonarsource
2025-01-27T18:52:28.2614558Z Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarcloud-extension-for-azure-devops/)
2025-01-27T18:52:28.2614822Z ==============================================================================
2025-01-27T18:52:28.5287061Z [command]/home/vsts/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/2.3.4/sonar-scanner/bin/sonar-scanner
2025-01-27T18:52:29.1198172Z 18:52:29.114 INFO  Scanner configuration file: /home/vsts/work/_tasks/SonarCloudAnalyze_ce096e50-6155-4de8-8800-4221aaeed4a1/2.3.4/sonar-scanner/conf/sonar-scanner.properties
2025-01-27T18:52:29.1216140Z 18:52:29.121 INFO  Project root configuration file: NONE
2025-01-27T18:52:29.1442138Z 18:52:29.143 INFO  SonarScanner CLI 6.2.1.4610
2025-01-27T18:52:29.1455530Z 18:52:29.145 INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
2025-01-27T18:52:29.1461002Z 18:52:29.145 INFO  Linux 6.5.0-1025-azure amd64
2025-01-27T18:52:29.1911039Z 18:52:29.190 INFO  User cache: /home/vsts/.sonar/cache
2025-01-27T18:52:29.9360763Z 18:52:29.935 INFO  JRE provisioning: os[linux], arch[x86_64]
2025-01-27T18:52:33.8456355Z 18:52:33.844 INFO  Communicating with SonarCloud
2025-01-27T18:52:34.1754464Z 18:52:34.174 INFO  Starting SonarScanner Engine...
2025-01-27T18:52:34.1789583Z 18:52:34.177 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
2025-01-27T18:52:35.0743769Z 18:52:35.072 INFO  Load global settings
2025-01-27T18:52:35.5294929Z 18:52:35.527 INFO  Load global settings (done) | time=456ms
2025-01-27T18:52:35.5335981Z 18:52:35.533 INFO  Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2025-01-27T18:52:35.7229272Z 18:52:35.722 INFO  Loading required plugins
2025-01-27T18:52:35.7241982Z 18:52:35.723 INFO  Load plugins index
2025-01-27T18:52:35.8493740Z 18:52:35.848 INFO  Load plugins index (done) | time=124ms
2025-01-27T18:52:35.8524077Z 18:52:35.851 INFO  Load/download plugins
2025-01-27T18:52:36.7504342Z 18:52:36.749 INFO  Load/download plugins (done) | time=898ms
2025-01-27T18:52:37.1948178Z 18:52:37.194 INFO  Found an active CI vendor: 'Azure DevOps'
2025-01-27T18:52:37.2118587Z 18:52:37.211 INFO  Load project settings for component key: [REDACTED]
2025-01-27T18:52:37.3630818Z 18:52:37.362 INFO  Load project settings for component key: [REDACTED] (done) | time=151ms
2025-01-27T18:52:37.3700021Z 18:52:37.369 INFO  Process project properties
2025-01-27T18:52:37.3800173Z 18:52:37.379 INFO  Project key: [REDACTED]
2025-01-27T18:52:37.3810324Z 18:52:37.380 INFO  Base dir: /home/vsts/work/1/s
2025-01-27T18:52:37.3811123Z 18:52:37.380 INFO  Working dir: /home/vsts/work/1/s/.scannerwork
2025-01-27T18:52:37.3865150Z 18:52:37.386 INFO  Load project branches
2025-01-27T18:52:37.6282378Z 18:52:37.626 INFO  Load project branches (done) | time=240ms
2025-01-27T18:52:37.6311495Z 18:52:37.630 INFO  Check ALM binding of project [REDACTED]
2025-01-27T18:52:37.7595990Z 18:52:37.758 INFO  Detected project binding: BOUND
2025-01-27T18:52:37.7623705Z 18:52:37.759 INFO  Check ALM binding of project [REDACTED] (done) | time=128ms
2025-01-27T18:52:37.7624084Z 18:52:37.760 INFO  Load project pull requests
2025-01-27T18:52:37.9901649Z 18:52:37.989 INFO  Load project pull requests (done) | time=228ms
2025-01-27T18:52:37.9929656Z 18:52:37.992 INFO  Load branch configuration
2025-01-27T18:52:38.3977579Z 18:52:38.396 INFO  Load branch configuration (done) | time=404ms
2025-01-27T18:52:38.4051816Z 18:52:38.404 INFO  Load quality profiles
2025-01-27T18:52:38.6901575Z 18:52:38.689 INFO  Load quality profiles (done) | time=285ms
2025-01-27T18:52:38.6958043Z 18:52:38.694 INFO  Load active rules
2025-01-27T18:52:45.0635947Z 18:52:45.062 INFO  Load active rules (done) | time=6367ms
2025-01-27T18:52:45.2020351Z 18:52:45.201 INFO  Organization key: [REDACTED]
2025-01-27T18:52:45.2041765Z 18:52:45.202 INFO  Pull request 9464 for merge into main from sonar-test
2025-01-27T18:52:45.2164988Z 18:52:45.216 INFO  Preprocessing files...
2025-01-27T18:52:49.5687871Z 18:52:48.971 INFO  2 languages detected in 218 preprocessed files
2025-01-27T18:52:49.5694831Z 18:52:48.973 INFO  189522 files ignored because of inclusion/exclusion patterns
2025-01-27T18:52:49.5695279Z 18:52:48.973 INFO  0 files ignored because of scm ignore settings
2025-01-27T18:52:49.5695660Z 18:52:49.002 INFO  Loading plugins for detected languages
2025-01-27T18:52:49.5695969Z 18:52:49.003 INFO  Load/download plugins
2025-01-27T18:52:50.1585116Z 18:52:50.157 INFO  Load/download plugins (done) | time=1153ms
2025-01-27T18:52:50.3392387Z 18:52:50.337 INFO  Load project repositories
2025-01-27T18:52:50.5856146Z 18:52:50.584 INFO  Load project repositories (done) | time=247ms
2025-01-27T18:52:50.5873037Z 18:52:50.586 INFO  SCM collecting changed files in the branch
2025-01-27T18:52:50.5944862Z 18:52:50.594 WARN  Could not find ref: main in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-27T18:52:50.6014424Z 18:52:50.601 INFO  SCM collecting changed files in the branch (done) | time=14ms
2025-01-27T18:52:50.6112361Z 18:52:50.607 INFO  Indexing files...
2025-01-27T18:52:50.6112783Z 18:52:50.607 INFO  Project configuration:
2025-01-27T18:52:50.6113105Z 18:52:50.607 INFO    Included sources: [REDACTED]
2025-01-27T18:52:50.6113448Z 18:52:50.607 INFO    Excluded sources: **/build-wrapper-dump.json, **.json
2025-01-27T18:52:50.6113838Z 18:52:50.608 INFO    Excluded sources for duplication: apps/reports/src/config/**/*
2025-01-27T18:52:50.7964964Z 18:52:50.795 INFO  217 files indexed
2025-01-27T18:52:50.8093550Z 18:52:50.808 INFO  Quality profile for css: Sonar way
2025-01-27T18:52:50.8104289Z 18:52:50.810 INFO  Quality profile for ts: REPORTS ONLY TEST
2025-01-27T18:52:50.8111598Z 18:52:50.810 INFO  ------------- Run sensors on module [REDACTED]
2025-01-27T18:52:50.8588631Z 18:52:50.858 INFO  Load metrics repository
2025-01-27T18:52:50.9670439Z 18:52:50.966 INFO  Load metrics repository (done) | time=108ms
2025-01-27T18:52:50.9764745Z 18:52:50.975 INFO  Sensor cache enabled
2025-01-27T18:52:51.0995146Z 18:52:51.098 INFO  Load sensor cache
2025-01-27T18:52:52.9149096Z 18:52:52.914 INFO  Load sensor cache (659 KB) | time=1816ms
2025-01-27T18:52:53.4562008Z 18:52:53.455 INFO  Sensor JaCoCo XML Report Importer [jacoco]
2025-01-27T18:52:53.4681244Z 18:52:53.457 INFO  'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2025-01-27T18:52:53.4762695Z 18:52:53.471 INFO  No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2025-01-27T18:52:53.4763310Z 18:52:53.472 INFO  Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
2025-01-27T18:52:53.4763651Z 18:52:53.472 INFO  Sensor Java Config Sensor [iac]
2025-01-27T18:52:53.4983279Z 18:52:53.497 INFO  0 source files to be analyzed
2025-01-27T18:52:53.5042918Z 18:52:53.503 INFO  0/0 source files have been analyzed
2025-01-27T18:52:53.5049799Z 18:52:53.504 INFO  Sensor Java Config Sensor [iac] (done) | time=46ms
2025-01-27T18:52:53.5050242Z 18:52:53.504 INFO  Sensor JavaScript/TypeScript analysis [javascript]
2025-01-27T18:52:53.6736873Z 18:52:53.672 INFO  Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
2025-01-27T18:52:53.6743949Z 18:52:53.674 INFO  Deploy location /home/vsts/.sonar/js/node-runtime, tagetRuntime: /home/vsts/.sonar/js/node-runtime/node,  version: /home/vsts/.sonar/js/node-runtime/version.txt
2025-01-27T18:52:56.9568931Z 18:52:56.956 INFO  Using embedded Node.js runtime.
2025-01-27T18:52:56.9587229Z 18:52:56.957 INFO  Using Node.js executable: '/home/vsts/.sonar/js/node-runtime/node'.
2025-01-27T18:52:58.8738213Z 18:52:58.871 INFO  Memory configuration: OS (6921 MB), Node.js (2096 MB).
2025-01-27T18:53:00.9198882Z 18:53:00.918 WARN  Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-27T18:53:00.9199871Z 18:53:00.919 WARN  Access to the multi-values/property set property 'sonar.typescript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
2025-01-27T18:53:00.9698598Z 18:53:00.968 INFO  Found 19 tsconfig.json file(s): [/home/vsts/work/1/s/tsconfig.json, /home/vsts/work/1/s/packages/template-context/tsconfig.json, /home/vsts/work/1/s/packages/theme/tsconfig.json, /home/vsts/work/1/s/packages/config/tsconfig.json, /home/vsts/work/1/s/packages/filters/tsconfig.json, /home/vsts/work/1/s/packages/rte/tsconfig.json, /home/vsts/work/1/s/packages/shared/tsconfig.json, /home/vsts/work/1/s/packages/core/tsconfig.json, /home/vsts/work/1/s/packages/auth/tsconfig.json, /home/vsts/work/1/s/apps/app/tsconfig.json, /home/vsts/work/1/s/apps/experimental/tsconfig.json, /home/vsts/work/1/s/apps/more-data-template/tsconfig.json, /home/vsts/work/1/s/apps/valuation-template/tsconfig.json, /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json, [REDACTED], /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json, /home/vsts/work/1/s/apps/dashboards/tsconfig.json, /home/vsts/work/1/s/apps/reports/tsconfig.json, /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json]
2025-01-27T18:53:00.9718212Z 18:53:00.971 INFO  Creating TypeScript program
2025-01-27T18:53:00.9737690Z 18:53:00.972 INFO  TypeScript configuration file /home/vsts/work/1/s/tsconfig.json
2025-01-27T18:53:00.9752800Z 18:53:00.974 INFO  182 source files to be analyzed
2025-01-27T18:53:10.9806005Z 18:53:10.979 INFO  0/182 files analyzed, current file: [REDACTED]
2025-01-27T18:53:10.9920697Z 18:53:10.991 INFO  Starting analysis with current program
2025-01-27T18:53:15.7629799Z 18:53:15.762 INFO  Analyzed 182 file(s) with current program
2025-01-27T18:53:15.7690101Z 18:53:15.767 INFO  Creating TypeScript program
2025-01-27T18:53:15.7690841Z 18:53:15.768 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/template-context/tsconfig.json
2025-01-27T18:53:16.9395661Z 18:53:16.935 INFO  Starting analysis with current program
2025-01-27T18:53:16.9396370Z 18:53:16.937 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:16.9557685Z 18:53:16.955 INFO  Creating TypeScript program
2025-01-27T18:53:16.9599847Z 18:53:16.956 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/theme/tsconfig.json
2025-01-27T18:53:18.1691787Z 18:53:18.167 INFO  Starting analysis with current program
2025-01-27T18:53:18.1692370Z 18:53:18.168 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:18.1772554Z 18:53:18.176 INFO  Creating TypeScript program
2025-01-27T18:53:18.1773152Z 18:53:18.176 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/config/tsconfig.json
2025-01-27T18:53:20.9492655Z 18:53:20.947 INFO  Starting analysis with current program
2025-01-27T18:53:20.9493512Z 18:53:20.948 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:20.9526242Z 18:53:20.952 INFO  Creating TypeScript program
2025-01-27T18:53:20.9557123Z 18:53:20.953 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/filters/tsconfig.json
2025-01-27T18:53:20.9802985Z 18:53:20.979 INFO  2/182 files analyzed, current file: [REDACTED]
2025-01-27T18:53:22.3907256Z 18:53:22.387 INFO  Starting analysis with current program
2025-01-27T18:53:22.3908521Z 18:53:22.388 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:22.3974495Z 18:53:22.396 INFO  Creating TypeScript program
2025-01-27T18:53:22.3975044Z 18:53:22.397 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/rte/tsconfig.json
2025-01-27T18:53:23.6033736Z 18:53:23.581 INFO  Starting analysis with current program
2025-01-27T18:53:23.6040792Z 18:53:23.582 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:23.6041313Z 18:53:23.587 INFO  Creating TypeScript program
2025-01-27T18:53:23.6041662Z 18:53:23.587 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/shared/tsconfig.json
2025-01-27T18:53:26.6043039Z 18:53:26.266 INFO  Starting analysis with current program
2025-01-27T18:53:26.6059962Z 18:53:26.266 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:26.6060677Z 18:53:26.269 INFO  Creating TypeScript program
2025-01-27T18:53:26.6061026Z 18:53:26.270 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/core/tsconfig.json
2025-01-27T18:53:27.8488152Z 18:53:27.847 INFO  Starting analysis with current program
2025-01-27T18:53:27.8488750Z 18:53:27.848 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:27.8646383Z 18:53:27.863 INFO  Creating TypeScript program
2025-01-27T18:53:27.8647064Z 18:53:27.863 INFO  TypeScript configuration file /home/vsts/work/1/s/packages/auth/tsconfig.json
2025-01-27T18:53:28.7522115Z 18:53:28.750 INFO  Starting analysis with current program
2025-01-27T18:53:28.7522899Z 18:53:28.751 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:28.7736919Z 18:53:28.772 INFO  Creating TypeScript program
2025-01-27T18:53:28.7737747Z 18:53:28.772 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/app/tsconfig.json
2025-01-27T18:53:30.9809506Z 18:53:30.980 INFO  2/182 files analyzed, current file: [REDACTED]
2025-01-27T18:53:31.3622772Z 18:53:31.355 INFO  Starting analysis with current program
2025-01-27T18:53:31.3625560Z 18:53:31.360 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:31.3707542Z 18:53:31.369 INFO  Creating TypeScript program
2025-01-27T18:53:31.3731901Z 18:53:31.372 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/experimental/tsconfig.json
2025-01-27T18:53:32.9053181Z 18:53:32.904 INFO  Starting analysis with current program
2025-01-27T18:53:32.9075967Z 18:53:32.906 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:32.9134352Z 18:53:32.912 INFO  Creating TypeScript program
2025-01-27T18:53:32.9135079Z 18:53:32.912 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:35.7213375Z 18:53:35.720 INFO  Starting analysis with current program
2025-01-27T18:53:35.7214048Z 18:53:35.720 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:35.7329306Z 18:53:35.732 INFO  Creating TypeScript program
2025-01-27T18:53:35.7335217Z 18:53:35.732 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:38.1528450Z 18:53:38.151 INFO  Starting analysis with current program
2025-01-27T18:53:38.1529201Z 18:53:38.152 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:38.1569933Z 18:53:38.156 INFO  Creating TypeScript program
2025-01-27T18:53:38.1570570Z 18:53:38.156 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:40.9859167Z 18:53:40.985 INFO  2/182 files analyzed, current file: [REDACTED]
2025-01-27T18:53:41.1975292Z 18:53:41.195 INFO  Starting analysis with current program
2025-01-27T18:53:41.1975998Z 18:53:41.196 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:41.2035979Z 18:53:41.202 INFO  Creating TypeScript program
2025-01-27T18:53:41.2039487Z 18:53:41.203 INFO  TypeScript configuration file [REDACTED]
2025-01-27T18:53:43.1107363Z 18:53:43.107 INFO  Starting analysis with current program
2025-01-27T18:53:43.1121069Z 18:53:43.108 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:43.1147333Z 18:53:43.113 INFO  Creating TypeScript program
2025-01-27T18:53:43.1147672Z 18:53:43.113 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:46.5916019Z 18:53:46.590 INFO  Starting analysis with current program
2025-01-27T18:53:46.5921909Z 18:53:46.591 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:46.5942718Z 18:53:46.593 INFO  Creating TypeScript program
2025-01-27T18:53:46.5943323Z 18:53:46.594 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:48.1643530Z 18:53:48.163 INFO  Starting analysis with current program
2025-01-27T18:53:48.1644517Z 18:53:48.163 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:48.1675551Z 18:53:48.166 INFO  Creating TypeScript program
2025-01-27T18:53:48.1676196Z 18:53:48.167 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:50.9861287Z 18:53:50.985 INFO  2/182 files analyzed, current file: [REDACTED]
2025-01-27T18:53:51.3285749Z 18:53:51.327 INFO  Starting analysis with current program
2025-01-27T18:53:51.3367393Z 18:53:51.336 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:51.3429080Z 18:53:51.342 INFO  Creating TypeScript program
2025-01-27T18:53:51.3429759Z 18:53:51.342 INFO  TypeScript configuration file /home/vsts/work/1/s/apps/[REDACTED]/tsconfig.json
2025-01-27T18:53:53.1378448Z 18:53:53.136 INFO  Starting analysis with current program
2025-01-27T18:53:53.1379334Z 18:53:53.137 INFO  Analyzed 0 file(s) with current program
2025-01-27T18:53:53.1476910Z 18:53:53.147 INFO  182/182 source files have been analyzed
2025-01-27T18:53:53.1484380Z 18:53:53.148 INFO  Hit the cache for 180 out of 182
2025-01-27T18:53:53.1500017Z 18:53:53.149 INFO  Miss the cache for 2 out of 182: FILE_CHANGED [2/182]
2025-01-27T18:53:53.1500600Z 18:53:53.149 INFO  Sensor JavaScript/TypeScript analysis [javascript] (done) | time=59645ms
2025-01-27T18:53:53.1501157Z 18:53:53.149 INFO  Sensor CSS Rules [javascript]
2025-01-27T18:53:53.1501911Z 18:53:53.149 INFO  Sensor CSS Rules is restricted to changed files only
2025-01-27T18:53:53.1522737Z 18:53:53.151 INFO  No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2025-01-27T18:53:53.1523261Z 18:53:53.151 INFO  Sensor CSS Rules [javascript] (done) | time=2ms
2025-01-27T18:53:53.1523714Z 18:53:53.151 INFO  Sensor CSS Metrics [javascript]
2025-01-27T18:53:53.1524316Z 18:53:53.152 INFO  Sensor CSS Metrics is restricted to changed files only
2025-01-27T18:53:53.1545361Z 18:53:53.154 INFO  Sensor CSS Metrics [javascript] (done) | time=1ms
2025-01-27T18:53:53.1551226Z 18:53:53.154 INFO  Sensor IaC Docker Sensor [iac]
2025-01-27T18:53:53.1560566Z 18:53:53.155 INFO  Sensor IaC Docker Sensor is restricted to changed files only
2025-01-27T18:53:53.2739386Z 18:53:53.273 INFO  0 source files to be analyzed
2025-01-27T18:53:53.2749682Z 18:53:53.274 INFO  0/0 source files have been analyzed
2025-01-27T18:53:53.2789046Z 18:53:53.278 INFO  Sensor IaC Docker Sensor [iac] (done) | time=123ms
2025-01-27T18:53:53.2789625Z 18:53:53.278 INFO  Sensor Serverless configuration file sensor [security]
2025-01-27T18:53:53.2790232Z 18:53:53.278 INFO  0 Serverless function entries were found in the project
2025-01-27T18:53:53.2815660Z 18:53:53.281 INFO  0 Serverless function handlers were kept as entrypoints
2025-01-27T18:53:53.2825270Z 18:53:53.282 INFO  Sensor Serverless configuration file sensor [security] (done) | time=6ms
2025-01-27T18:53:53.2836359Z 18:53:53.283 INFO  Sensor AWS SAM template file sensor [security]
2025-01-27T18:53:53.2854844Z 18:53:53.285 INFO  Sensor AWS SAM template file sensor [security] (done) | time=3ms
2025-01-27T18:53:53.2863252Z 18:53:53.286 INFO  Sensor AWS SAM Inline template file sensor [security]
2025-01-27T18:53:53.2877484Z 18:53:53.287 INFO  Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
2025-01-27T18:53:53.2890188Z 18:53:53.288 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise]
2025-01-27T18:53:53.2898228Z 18:53:53.289 INFO  Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
2025-01-27T18:53:53.2916082Z 18:53:53.290 INFO  Available processors: 2
2025-01-27T18:53:53.2923100Z 18:53:53.292 INFO  Using 2 threads for analysis.
2025-01-27T18:53:53.8520019Z 18:53:53.851 INFO  The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
2025-01-27T18:53:53.8521034Z   * The filename starts with "test"
2025-01-27T18:53:53.8521750Z   * The filename contains "test." or "tests."
2025-01-27T18:53:53.8522054Z   * Any directory in the file path is named: "doc", "docs", "test" or "tests"
2025-01-27T18:53:53.8522310Z   * Any directory in the file path has a name ending in "test" or "tests"
2025-01-27T18:53:53.8522458Z 
2025-01-27T18:53:53.8838491Z 18:53:53.883 INFO  Using git CLI to retrieve untracked files
2025-01-27T18:53:53.9392680Z 18:53:53.938 INFO  Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
2025-01-27T18:53:53.9566549Z 18:53:53.956 INFO  2 source files to be analyzed
2025-01-27T18:53:54.0591323Z 18:53:54.058 INFO  2/2 source files have been analyzed
2025-01-27T18:53:54.0621449Z 18:53:54.061 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=771ms
2025-01-27T18:53:54.0622163Z 18:53:54.061 INFO  Sensor JavaSecuritySensor [security]
2025-01-27T18:53:54.0687628Z 18:53:54.068 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
2025-01-27T18:53:54.0700930Z 18:53:54.069 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T18:53:54.0707796Z 18:53:54.070 INFO  Load type hierarchy: Starting
2025-01-27T18:53:54.0715316Z 18:53:54.071 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/java
2025-01-27T18:53:54.0722760Z 18:53:54.072 INFO  Read 0 type definitions
2025-01-27T18:53:54.0742174Z 18:53:54.073 INFO  Load type hierarchy: Time spent was 00:00:00.003
2025-01-27T18:53:54.0748667Z 18:53:54.074 INFO  Load UCFGs: Starting
2025-01-27T18:53:54.0757405Z 18:53:54.075 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T18:53:54.0765059Z 18:53:54.076 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.006
2025-01-27T18:53:54.0771164Z 18:53:54.076 INFO  No UCFGs have been included for analysis.
2025-01-27T18:53:54.0865575Z 18:53:54.086 INFO  java security sensor: Time spent was 00:00:00.022
2025-01-27T18:53:54.0880819Z 18:53:54.087 INFO  java security sensor: Begin: 2025-01-27T18:53:54.063827Z, End: 2025-01-27T18:53:54.085914722Z, Duration: 00:00:00.022
2025-01-27T18:53:54.0881498Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T18:53:54.069571410Z, End: 2025-01-27T18:53:54.075969932Z, Duration: 00:00:00.006
2025-01-27T18:53:54.0882236Z     Load type hierarchy: Begin: 2025-01-27T18:53:54.070351525Z, End: 2025-01-27T18:53:54.073483485Z, Duration: 00:00:00.003
2025-01-27T18:53:54.0882652Z     Load UCFGs: Begin: 2025-01-27T18:53:54.074472303Z, End: 2025-01-27T18:53:54.075148016Z, Duration: 00:00:00.000
2025-01-27T18:53:54.0889890Z 18:53:54.088 INFO  java security sensor peak memory: 198 MB
2025-01-27T18:53:54.0898778Z 18:53:54.089 INFO  Sensor JavaSecuritySensor [security] (done) | time=29ms
2025-01-27T18:53:54.0908155Z 18:53:54.090 INFO  Sensor CSharpSecuritySensor [security]
2025-01-27T18:53:54.0919868Z 18:53:54.091 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
2025-01-27T18:53:54.0926472Z 18:53:54.092 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T18:53:54.0933269Z 18:53:54.093 INFO  Load type hierarchy: Starting
2025-01-27T18:53:54.0940749Z 18:53:54.093 INFO  Reading type hierarchy from: /home/vsts/work/1/s/ucfg2/cs
2025-01-27T18:53:54.0947202Z 18:53:54.094 INFO  Read 0 type definitions
2025-01-27T18:53:54.0954989Z 18:53:54.095 INFO  Load type hierarchy: Time spent was 00:00:00.002
2025-01-27T18:53:54.0961229Z 18:53:54.095 INFO  Load UCFGs: Starting
2025-01-27T18:53:54.0968975Z 18:53:54.096 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T18:53:54.0976378Z 18:53:54.097 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.004
2025-01-27T18:53:54.0983008Z 18:53:54.098 INFO  No UCFGs have been included for analysis.
2025-01-27T18:53:54.0992610Z 18:53:54.099 INFO  csharp security sensor: Time spent was 00:00:00.007
2025-01-27T18:53:54.1005082Z 18:53:54.100 INFO  csharp security sensor: Begin: 2025-01-27T18:53:54.091107021Z, End: 2025-01-27T18:53:54.098776768Z, Duration: 00:00:00.007
2025-01-27T18:53:54.1005828Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T18:53:54.092234543Z, End: 2025-01-27T18:53:54.097129336Z, Duration: 00:00:00.004
2025-01-27T18:53:54.1006491Z     Load type hierarchy: Begin: 2025-01-27T18:53:54.092914556Z, End: 2025-01-27T18:53:54.094972695Z, Duration: 00:00:00.002
2025-01-27T18:53:54.1006932Z     Load UCFGs: Begin: 2025-01-27T18:53:54.095759810Z, End: 2025-01-27T18:53:54.096387722Z, Duration: 00:00:00.000
2025-01-27T18:53:54.1035146Z 18:53:54.101 INFO  csharp security sensor peak memory: 198 MB
2025-01-27T18:53:54.1036614Z 18:53:54.101 INFO  Sensor CSharpSecuritySensor [security] (done) | time=11ms
2025-01-27T18:53:54.1037159Z 18:53:54.102 INFO  Sensor PhpSecuritySensor [security]
2025-01-27T18:53:54.1037690Z 18:53:54.102 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
2025-01-27T18:53:54.1038101Z 18:53:54.103 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T18:53:54.1039709Z 18:53:54.103 INFO  Load type hierarchy: Starting
2025-01-27T18:53:54.1047470Z 18:53:54.104 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/php
2025-01-27T18:53:54.1053976Z 18:53:54.105 INFO  Read 0 type definitions
2025-01-27T18:53:54.1061137Z 18:53:54.105 INFO  Load type hierarchy: Time spent was 00:00:00.002
2025-01-27T18:53:54.1067510Z 18:53:54.106 INFO  Load UCFGs: Starting
2025-01-27T18:53:54.1075128Z 18:53:54.107 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T18:53:54.1082631Z 18:53:54.108 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.004
2025-01-27T18:53:54.1088646Z 18:53:54.108 INFO  No UCFGs have been included for analysis.
2025-01-27T18:53:54.1098245Z 18:53:54.109 INFO  php security sensor: Time spent was 00:00:00.006
2025-01-27T18:53:54.1109610Z 18:53:54.110 INFO  php security sensor: Begin: 2025-01-27T18:53:54.102422537Z, End: 2025-01-27T18:53:54.109338370Z, Duration: 00:00:00.006
2025-01-27T18:53:54.1110283Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T18:53:54.102968048Z, End: 2025-01-27T18:53:54.107746139Z, Duration: 00:00:00.004
2025-01-27T18:53:54.1110875Z     Load type hierarchy: Begin: 2025-01-27T18:53:54.103333455Z, End: 2025-01-27T18:53:54.105643999Z, Duration: 00:00:00.002
2025-01-27T18:53:54.1111322Z     Load UCFGs: Begin: 2025-01-27T18:53:54.106348312Z, End: 2025-01-27T18:53:54.106994125Z, Duration: 00:00:00.000
2025-01-27T18:53:54.1118757Z 18:53:54.111 INFO  php security sensor peak memory: 198 MB
2025-01-27T18:53:54.1125433Z 18:53:54.112 INFO  Sensor PhpSecuritySensor [security] (done) | time=10ms
2025-01-27T18:53:54.1134892Z 18:53:54.113 INFO  Sensor PythonSecuritySensor [security]
2025-01-27T18:53:54.1144228Z 18:53:54.114 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
2025-01-27T18:53:54.1150431Z 18:53:54.114 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T18:53:54.1156832Z 18:53:54.115 INFO  Load type hierarchy: Starting
2025-01-27T18:53:54.1163811Z 18:53:54.116 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/python
2025-01-27T18:53:54.1169842Z 18:53:54.116 INFO  Read 0 type definitions
2025-01-27T18:53:54.1178552Z 18:53:54.117 INFO  Load type hierarchy: Time spent was 00:00:00.002
2025-01-27T18:53:54.1185871Z 18:53:54.118 INFO  Load UCFGs: Starting
2025-01-27T18:53:54.1193833Z 18:53:54.119 INFO  Load UCFGs: Time spent was 00:00:00.000
2025-01-27T18:53:54.1201004Z 18:53:54.119 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.004
2025-01-27T18:53:54.1207533Z 18:53:54.120 INFO  No UCFGs have been included for analysis.
2025-01-27T18:53:54.1218160Z 18:53:54.121 INFO  python security sensor: Time spent was 00:00:00.007
2025-01-27T18:53:54.1229815Z 18:53:54.122 INFO  python security sensor: Begin: 2025-01-27T18:53:54.113777754Z, End: 2025-01-27T18:53:54.121241497Z, Duration: 00:00:00.007
2025-01-27T18:53:54.1230447Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T18:53:54.114666171Z, End: 2025-01-27T18:53:54.119665667Z, Duration: 00:00:00.004
2025-01-27T18:53:54.1230981Z     Load type hierarchy: Begin: 2025-01-27T18:53:54.115275383Z, End: 2025-01-27T18:53:54.117281521Z, Duration: 00:00:00.002
2025-01-27T18:53:54.1231471Z     Load UCFGs: Begin: 2025-01-27T18:53:54.118220639Z, End: 2025-01-27T18:53:54.118861952Z, Duration: 00:00:00.000
2025-01-27T18:53:54.1238864Z 18:53:54.123 INFO  python security sensor peak memory: 198 MB
2025-01-27T18:53:54.1245713Z 18:53:54.124 INFO  Sensor PythonSecuritySensor [security] (done) | time=11ms
2025-01-27T18:53:54.1254448Z 18:53:54.125 INFO  Sensor JsSecuritySensor [security]
2025-01-27T18:53:54.1267685Z 18:53:54.126 INFO  Enabled taint analysis rules: S2076, S2083, S2631, S3649, S5131, S5144, S5146, S5147, S5334, S5696, S5883, S6096, S6105, S6287, S6350
2025-01-27T18:53:54.1274712Z 18:53:54.127 INFO  Load type hierarchy and UCFGs: Starting
2025-01-27T18:53:54.1280670Z 18:53:54.127 INFO  Load type hierarchy: Starting
2025-01-27T18:53:54.1287685Z 18:53:54.128 INFO  Reading type hierarchy from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-27T18:53:54.1314302Z 18:53:54.131 INFO  Read 0 type definitions
2025-01-27T18:53:54.1321384Z 18:53:54.131 INFO  Load type hierarchy: Time spent was 00:00:00.003
2025-01-27T18:53:54.1327489Z 18:53:54.132 INFO  Load UCFGs: Starting
2025-01-27T18:53:54.1333904Z 18:53:54.133 INFO  Reading UCFGs from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
2025-01-27T18:53:54.7052843Z 18:53:54.704 INFO  Load UCFGs: Time spent was 00:00:00.570
2025-01-27T18:53:54.7053662Z 18:53:54.704 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.576
2025-01-27T18:53:54.7054244Z 18:53:54.704 INFO  Analyzing 808 UCFGs to detect vulnerabilities.
2025-01-27T18:53:54.7055022Z 18:53:54.704 INFO  Check cache: Starting
2025-01-27T18:53:54.7055340Z 18:53:54.704 INFO  Load cache: Starting
2025-01-27T18:53:54.7073768Z 18:53:54.706 INFO  Load cache: Time spent was 00:00:00.002
2025-01-27T18:53:54.7074447Z 18:53:54.707 INFO  Compare cache: Starting
2025-01-27T18:53:54.7089781Z 18:53:54.708 INFO  Cache loaded: SecuritySensorCache{ucfgsHashes.count=801, typeDefinitionsHashes.count=0}
2025-01-27T18:53:54.7090296Z 18:53:54.708 INFO  Compare cache: Time spent was 00:00:00.001
2025-01-27T18:53:54.7096869Z 18:53:54.709 INFO  Check cache: Time spent was 00:00:00.004
2025-01-27T18:53:54.7097354Z 18:53:54.709 INFO  Create runtime call graph: Starting
2025-01-27T18:53:54.7108346Z 18:53:54.710 INFO  Variable Type Analysis #1: Starting
2025-01-27T18:53:54.7124329Z 18:53:54.712 INFO  Create runtime type propagation graph: Starting
2025-01-27T18:53:54.7738729Z 18:53:54.773 INFO  Create runtime type propagation graph: Time spent was 00:00:00.060
2025-01-27T18:53:54.7753269Z 18:53:54.774 INFO  Run SCC (Tarjan) on 5426 nodes: Starting
2025-01-27T18:53:54.7912248Z 18:53:54.790 INFO  Run SCC (Tarjan) on 5426 nodes: Time spent was 00:00:00.015
2025-01-27T18:53:54.7921943Z 18:53:54.791 INFO  Tarjan found 5426 strongly connected components
2025-01-27T18:53:54.7929198Z 18:53:54.792 INFO  Propagate runtime types to strongly connected components: Starting
2025-01-27T18:53:54.8176037Z 18:53:54.816 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.023
2025-01-27T18:53:54.8188082Z 18:53:54.818 INFO  Variable Type Analysis #1: Time spent was 00:00:00.107
2025-01-27T18:53:54.8218415Z 18:53:54.821 INFO  Variable Type Analysis #2: Starting
2025-01-27T18:53:54.8224807Z 18:53:54.822 INFO  Create runtime type propagation graph: Starting
2025-01-27T18:53:54.8833855Z 18:53:54.882 INFO  Create runtime type propagation graph: Time spent was 00:00:00.059
2025-01-27T18:53:54.8834927Z 18:53:54.882 INFO  Run SCC (Tarjan) on 5426 nodes: Starting
2025-01-27T18:53:54.9177200Z 18:53:54.916 INFO  Run SCC (Tarjan) on 5426 nodes: Time spent was 00:00:00.030
2025-01-27T18:53:54.9178078Z 18:53:54.917 INFO  Tarjan found 5426 strongly connected components
2025-01-27T18:53:54.9178778Z 18:53:54.917 INFO  Propagate runtime types to strongly connected components: Starting
2025-01-27T18:53:54.9244722Z 18:53:54.923 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.010
2025-01-27T18:53:54.9245455Z 18:53:54.924 INFO  Variable Type Analysis #2: Time spent was 00:00:00.102
2025-01-27T18:53:54.9267803Z 18:53:54.926 INFO  Create runtime call graph: Time spent was 00:00:00.217
2025-01-27T18:53:54.9268452Z 18:53:54.926 INFO  Load config: Starting
2025-01-27T18:53:55.0159029Z 18:53:55.015 INFO  Load config: Time spent was 00:00:00.088
2025-01-27T18:53:55.0168480Z 18:53:55.016 INFO  Compute entry points: Starting
2025-01-27T18:53:55.0324855Z 18:53:55.032 INFO  Compute entry points: Time spent was 00:00:00.015
2025-01-27T18:53:55.0333252Z 18:53:55.033 INFO  All rules entry points : 183
2025-01-27T18:53:55.0344146Z 18:53:55.034 INFO  Slice call graph: Starting
2025-01-27T18:53:55.0394872Z 18:53:55.034 INFO  Slice call graph: Time spent was 00:00:00.001
2025-01-27T18:53:55.0408288Z 18:53:55.040 INFO  Live variable analysis: Starting
2025-01-27T18:53:55.2746426Z 18:53:55.273 INFO  Live variable analysis: Time spent was 00:00:00.232
2025-01-27T18:53:55.2747376Z 18:53:55.274 INFO  Taint analysis for js: Starting
2025-01-27T18:53:56.3335447Z 18:53:56.332 INFO  0 / 808 UCFGs simulated, memory usage: 86 MB
2025-01-27T18:53:56.7652467Z 18:53:56.764 INFO  184 / 808 UCFGs simulated, memory usage: 100 MB
2025-01-27T18:53:56.7765858Z 18:53:56.775 INFO  Taint analysis for js: Time spent was 00:00:01.501
2025-01-27T18:53:56.7774914Z 18:53:56.777 INFO  Report issues: Starting
2025-01-27T18:53:56.7823096Z 18:53:56.782 INFO  Report issues: Time spent was 00:00:00.004
2025-01-27T18:53:56.7842037Z 18:53:56.783 INFO  Store cache: Starting
2025-01-27T18:53:56.7849680Z 18:53:56.784 INFO  Store cache: Time spent was 00:00:00.000
2025-01-27T18:53:56.7867168Z 18:53:56.786 INFO  js security sensor: Time spent was 00:00:02.660
2025-01-27T18:53:56.7886783Z 18:53:56.788 INFO  js security sensor: Begin: 2025-01-27T18:53:54.125751283Z, End: 2025-01-27T18:53:56.786225419Z, Duration: 00:00:02.660
2025-01-27T18:53:56.7887518Z   Load type hierarchy and UCFGs: Begin: 2025-01-27T18:53:54.127036808Z, End: 2025-01-27T18:53:54.703642424Z, Duration: 00:00:00.576
2025-01-27T18:53:56.7888048Z     Load type hierarchy: Begin: 2025-01-27T18:53:54.127717821Z, End: 2025-01-27T18:53:54.131699197Z, Duration: 00:00:00.003
2025-01-27T18:53:56.7890642Z     Load UCFGs: Begin: 2025-01-27T18:53:54.132372110Z, End: 2025-01-27T18:53:54.703368519Z, Duration: 00:00:00.570
2025-01-27T18:53:56.7890999Z   Check cache: Begin: 2025-01-27T18:53:54.703745626Z, End: 2025-01-27T18:53:54.708572118Z, Duration: 00:00:00.004
2025-01-27T18:53:56.7892044Z     Load cache: Begin: 2025-01-27T18:53:54.703764627Z, End: 2025-01-27T18:53:54.706434078Z, Duration: 00:00:00.002
2025-01-27T18:53:56.7892401Z     Compare cache: Begin: 2025-01-27T18:53:54.706854086Z, End: 2025-01-27T18:53:54.708445616Z, Duration: 00:00:00.001
2025-01-27T18:53:56.7892772Z   Create runtime call graph: Begin: 2025-01-27T18:53:54.708636920Z, End: 2025-01-27T18:53:54.925973872Z, Duration: 00:00:00.217
2025-01-27T18:53:56.7893676Z     Variable Type Analysis #1: Begin: 2025-01-27T18:53:54.710126948Z, End: 2025-01-27T18:53:54.817880607Z, Duration: 00:00:00.107
2025-01-27T18:53:56.7894064Z       Create runtime type propagation graph: Begin: 2025-01-27T18:53:54.712027284Z, End: 2025-01-27T18:53:54.772507240Z, Duration: 00:00:00.060
2025-01-27T18:53:56.7894691Z       Run SCC (Tarjan) on 5426 nodes: Begin: 2025-01-27T18:53:54.774539779Z, End: 2025-01-27T18:53:54.790061675Z, Duration: 00:00:00.015
2025-01-27T18:53:56.7895103Z       Propagate runtime types to strongly connected components: Begin: 2025-01-27T18:53:54.792451221Z, End: 2025-01-27T18:53:54.816362178Z, Duration: 00:00:00.023
2025-01-27T18:53:56.7895503Z     Variable Type Analysis #2: Begin: 2025-01-27T18:53:54.821349673Z, End: 2025-01-27T18:53:54.923539826Z, Duration: 00:00:00.102
2025-01-27T18:53:56.7895911Z       Create runtime type propagation graph: Begin: 2025-01-27T18:53:54.822081187Z, End: 2025-01-27T18:53:54.881862629Z, Duration: 00:00:00.059
2025-01-27T18:53:56.7896403Z       Run SCC (Tarjan) on 5426 nodes: Begin: 2025-01-27T18:53:54.882186135Z, End: 2025-01-27T18:53:54.912268810Z, Duration: 00:00:00.030
2025-01-27T18:53:56.7896812Z       Propagate runtime types to strongly connected components: Begin: 2025-01-27T18:53:54.912588816Z, End: 2025-01-27T18:53:54.923278721Z, Duration: 00:00:00.010
2025-01-27T18:53:56.7897198Z   Load config: Begin: 2025-01-27T18:53:54.926157976Z, End: 2025-01-27T18:53:55.014402462Z, Duration: 00:00:00.088
2025-01-27T18:53:56.7897552Z   Compute entry points: Begin: 2025-01-27T18:53:55.016198896Z, End: 2025-01-27T18:53:55.031487188Z, Duration: 00:00:00.015
2025-01-27T18:53:56.7898017Z   Slice call graph: Begin: 2025-01-27T18:53:55.033574928Z, End: 2025-01-27T18:53:55.034655549Z, Duration: 00:00:00.001
2025-01-27T18:53:56.7898385Z   Live variable analysis: Begin: 2025-01-27T18:53:55.040166854Z, End: 2025-01-27T18:53:55.272470346Z, Duration: 00:00:00.232
2025-01-27T18:53:56.7898744Z   Taint analysis for js: Begin: 2025-01-27T18:53:55.273829870Z, End: 2025-01-27T18:53:56.775450529Z, Duration: 00:00:01.501
2025-01-27T18:53:56.7899104Z   Report issues: Begin: 2025-01-27T18:53:56.776887154Z, End: 2025-01-27T18:53:56.781673138Z, Duration: 00:00:00.004
2025-01-27T18:53:56.7899553Z   Store cache: Begin: 2025-01-27T18:53:56.783713974Z, End: 2025-01-27T18:53:56.784492688Z, Duration: 00:00:00.000
2025-01-27T18:53:56.7905850Z 18:53:56.790 INFO  js security sensor peak memory: 213 MB
2025-01-27T18:53:56.7912994Z 18:53:56.791 INFO  Sensor JsSecuritySensor [security] (done) | time=2665ms
2025-01-27T18:53:56.7952829Z 18:53:56.795 INFO  ------------- Run sensors on project
2025-01-27T18:53:57.0270139Z 18:53:57.026 INFO  Sensor Zero Coverage Sensor
2025-01-27T18:53:57.0354462Z 18:53:57.034 INFO  Sensor Zero Coverage Sensor (done) | time=9ms
2025-01-27T18:53:57.0396448Z 18:53:57.038 INFO  SCM Publisher SCM provider for this project is: git
2025-01-27T18:53:57.0399902Z 18:53:57.039 INFO  SCM Publisher 2 source files to be analyzed
2025-01-27T18:53:57.0427540Z 18:53:57.042 WARN  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
2025-01-27T18:53:57.0459938Z 18:53:57.045 INFO  SCM Publisher 0/2 source files have been analyzed (done) | time=5ms
2025-01-27T18:53:57.0460584Z 18:53:57.045 WARN  Missing blame information for the following files:
2025-01-27T18:53:57.0467473Z 18:53:57.046 WARN    * [REDACTED]
2025-01-27T18:53:57.0469461Z 18:53:57.046 WARN    * apps/reports/src/App.tsx
2025-01-27T18:53:57.0469868Z 18:53:57.046 WARN  This may lead to missing/broken features in SonarCloud
2025-01-27T18:53:57.0718869Z 18:53:57.071 INFO  CPD Executor 79 files had no CPD blocks
2025-01-27T18:53:57.0720164Z 18:53:57.071 INFO  CPD Executor Calculating CPD for 103 files
2025-01-27T18:53:57.1584336Z 18:53:57.157 INFO  CPD Executor CPD calculation finished (done) | time=85ms
2025-01-27T18:53:57.2633365Z 18:53:57.262 INFO  SCM writing changed lines
2025-01-27T18:53:57.2672606Z 18:53:57.266 WARN  Could not find ref: main in refs/heads, refs/remotes/upstream or refs/remotes/origin
2025-01-27T18:53:57.2680354Z 18:53:57.267 INFO  SCM writing changed lines (done) | time=5ms
2025-01-27T18:53:58.0172981Z 18:53:58.016 INFO  Analysis report generated in 854ms, dir size=289 KB
2025-01-27T18:53:58.1375431Z 18:53:58.136 INFO  Analysis report compressed in 119ms, zip size=107 KB
2025-01-27T18:53:58.6556946Z 18:53:58.655 INFO  Analysis report uploaded in 517ms
2025-01-27T18:53:58.6576727Z 18:53:58.657 INFO  ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=[REDACTED]&pullRequest=9464
2025-01-27T18:53:58.6577307Z 18:53:58.657 INFO  Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2025-01-27T18:53:58.6577698Z 18:53:58.657 INFO  More about the report processing at https://sonarcloud.io/api/ce/task?id=AZSpHQN4tMtKOwCh2H8j
2025-01-27T18:53:58.6772744Z 18:53:58.676 INFO  Time spent writing ucfgs 36ms
2025-01-27T18:53:58.9266419Z 18:53:58.925 INFO  Analysis total time: 1:22.010 s
2025-01-27T18:53:58.9274878Z 18:53:58.927 INFO  SonarScanner Engine completed successfully
2025-01-27T18:53:59.2643861Z 18:53:59.263 INFO  EXECUTION SUCCESS
2025-01-27T18:53:59.2661366Z 18:53:59.265 INFO  Total time: 1:30.204s
2025-01-27T18:53:59.6028630Z ##[section]Finishing: SonarCloudAnalyze

Hi,

Thanks for the analysis logs. The only thing that jumps out at me is the shallow clone warning, which can cause a problem with detection of new code. Can you confirm that in both PRs the lines of interest were highlighted as new?

 
Thx,
Ann

Hi Ann,

I’ve included images of both PRs, you’ll notice that one of them also has both Sonar automated comments while the non working one, only has the code quality one.

That being said, the code was def seen as “new” in both PRs.

WORKING PR641×598 21.6 KB

Non Working PR622×637 19 KB

Thanks

Hi,

Thanks for confirming that.

I’m going to flag this for more expert eyes. Since it seems that this is as much about the context as it is about the code, they’ll likely ask you for deeper details of the two projects.

 
Ann

Hey,

That sounds great!

Thanks so much for escalating this. I’ll try my best to share as many details as I can, as long as they aren’t sensitive.

I’ve done my best to compare the repositories, the code I added, the quality profiles, and to remove as many variables as possible that could cause different results. However, I still haven’t been able to get to the bottom of this.

Thanks!

Hi,

Can I have one more pair of screenshots:

The code in question showing up as ‘new’ in SonarQube Cloud?

 
Thx,
Ann

Hopefully these screenshots suffice, I went off of the “New Code” text on the top right

Working Repo

image1712×728 22.2 KB

Non working Repo

image1720×726 24.5 KB

Hi Ann,

Just checking in—are there any additional actions I can take on my end, or should I simply wait for the escalation team to follow up in the forum?

Thanks!

Hi,

All we can do at this point is wait.

 
Ann

Hey,

thanks for reporting this and all the details provided already. As pointed out by Ann, I will ask for more .

So far I can confirm that the security issue should indeed be found.

I recognized a little difference in the screenshots you provided recently.
In case of the “Non working Repo” the screenshot includes the following line

export default function App() {

prior to the noncompliant code.
Is this line also included above the noncompliant code in the “Working Repo”?
If not, this might be the part that makes the difference.

In general, would it be possible to share more details about the files containing the noncompliant code. Ideally, would it be possible to privately share the whole file as it is contained in both repositories?

Thanks in advance for any further information!

Cheers
Felix