Is it Possible to Limit the Static Analysis Scans in SonarQube?

I’m looking into SonarQube as a solution for making Code Coverage PR Diff reports added as comments in PRs.

This is something SonarQube does, but it also supports many other kinds of static analysis. Although this additional static analysis is useful, it seems to be taking a substantial amount of time to scan and generate. For productivity, CI performance is a critical consideration, so I’d like to see if there are ways of getting better performance out of SonarQube for the purpose of a Code Coverage Diff metric only.

I’m wondering if it is possible to configure SonarQube / SonarScanner to only run the Code Coverage diff report, and not spend time running all of the other static analysis tools.

Hi,

I’m stymied by why you wouldn’t want the additional information (such as the introduction of new reliability or security problems) on your PRs. But if you must do this, then create empty profiles and assign them to your project(s).

Duplication detection will still run, BTW.

 
:frowning:
Ann

The additional information would be great! The primary use case that we’re interested in is PR-level code coverage diffs, but we’d gladly benefit from additional validations. We may decide it’s worth the hit to performance, but we’re seeing a significant performance issue with a particularly large repo. SonarScanner is taking over an hour to run, on top of building and running PR/CI tests, which is a lot.

This “empty profiles” sounds interesting! Are you talking about Quality Profiles?

Would you have any other suggestions worth looking into, to significantly improve performance?

Best,
Evan

Hi Evan,

Incremental analysis should be kicking in for PRs, but it requires that the underlying branch be analyzed first. Is that the case for you?

Yes. But note that the same Quality Profiles are applied for all analyses of a project. So if you want the rules turned off for PRs, you’ll have to turn them off for the entire project - branches too.

Let’s figure out why incremental analysis isn’t kicking in.

 
Ann

I’m finally at a place where I’m back to this question!

Up to now I’ve been focused on daily reports as a stepping stone to PR decorations. For Daily reports, I’m just running against the main branch every time.

For that context, would you expect Incremental analysis to be kicking in? Or should Incremental analysis only be a thing for PR contexts?

Hi,

That would explain why incremental analysis isn’t kicking in! :sweat_smile:
Yes, at this point it’s still only available for PRs.

Assuming you’re in a commercial edition($), I urge you to enable PR analysis, particularly since you’re concerned with performance.

 
Ann