Is it possible to skip JavaSquidSensor and Findbugs Sensor during Sonar scan?

SonarQube Server / Community Build
,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 8.2(build 32929)
    Sonar-maven-plugin:3.8.0.2131:sonar
  • what are you trying to achieve
    I want to get new code coverage and duplication info from sonar scan and bugs, vulnerabilities, code smells are not needed. So I want to skip or disable JavaSquidSensor and FindBugs Sensor for sonar scan.
  • what have you tried so far to achieve this
    I make java quality profile of the project to empty. However, the sonar scan with empty rules cost too much time as well. Here is the log:
14:11:58  + mvn -U clean package sonar:sonar
14:16:51  [INFO] test and package done.
14:16:58  [INFO] --- sonar-maven-plugin:3.8.0.2131:sonar (default-cli) @ project 
14:16:59  [INFO] SonarQube version: 8.2.0
14:17:03  [INFO] 1448 files indexed
14:17:05  [INFO] Load project repositories (done) | time=157ms
14:19:01  [INFO] 951/951 source files have been analyzed
14:19:01  [INFO] Java Main Files AST scan (done) | time=115457ms
14:19:19  [INFO] 150/150 source files have been analyzed
14:19:19  [INFO] Java Test Files AST scan (done) | time=18692ms
14:19:19  [INFO] Sensor JavaSquidSensor [java] (done) | time=134323ms
14:19:39  [INFO] Sensor FindBugs Sensor [findbugs]
14:20:49  [INFO] Sensor FindBugs Sensor [findbugs] (done) | time=62128ms
14:21:01  [INFO] Analysis report uploaded in 714ms
14:21:01  [INFO] ANALYSIS SUCCESSFUL, you can browse https://my.sonar.url
14:21:01  [INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
14:21:01  [INFO] More about the report processing at https://my.sonar.url
14:21:02  [INFO] Analysis total time: 4:02.695 s

It shows that java AST scan takes about 2 mins(for duplication info and it’s needed), Sensor JavaSquidSensor takes 2+ mins and Sensor FindBugs takes 1 mins.

Because I make java quality profile of the project to empty, I think JavaSquidSensor and FindBugsSensor are not needed during sonar scan.

So how can I skip or disable JavaSquidSensor and FindBugs Sensor for sonar scan?

Thank you!

2

Hey there.

Files still need to be parsed by SonarQube even if no rules are being applied (which seems like a way to get very little value out of SonarQube :smiley:).

I suppose you can remove the Findbugs plugin from your instance to stop the Finddbugs sensor from running (famously, there’s no other way for it not to run). But you won’t get out of the JavaSquidSensor.

1 Like
3

Thank you for your answer! I’ll try to remove Findbugs plugin.

I understand that Java files need to be parsed by SonarQube to get duplication info. But JavaSquidSensor has no use for empty rule case, right?

4

To even know what lines should be covered by tests (for reporting code coverage), the code needs to be parsed. All metric calculation, symbol highlighting, etc requires the sensor. Sorry, there’s no getting out of it.

1 Like
5

I got it. Thank you!

1 Like
6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.