Issues not detected with bitbucket sonar pipe, but detected with gradle sonarqube plugin

  • Bitbucket Cloud
  • Bitbucket Pipeline, Circle CI
  • Languages of the repository: Kotlin
  • Constantly reproducible when running it from bitbucket sonar pipe

We were used to run sonar scan from bitbucket pipeline using - pipe: sonarsource/sonarcloud-scan:1.2.0 and it was not detecting any code smells. Now we are moving to use CircleCI, so we integrated gradle sonarqube plugin 3.3 in our Android projects, and when we run sonar scan on same commit using ./gradlew sonarqube command it detects some CodeSmells/Vulnerabilities/SecurityHotspots,
If we run it again from bitbucket pipeline it goes away but if we run it again from CircleCI gradle command it comes back, this is happening to multiple projects and constantly reproducible. We wants to understand why it was not detecting using bitbucket pipelines sonar pipe and started showing with gradle sonarqube.

Hi,

Welcome to the community!

Can you post the full analysis log from the pipeline?

The analysis log is what’s output from the analysis command. Hopefully, the log you provide will include that command as well.

 
Ann

Adding log from bitbucket pipe scan which does not detect issues,

+ umask 000

+ GIT_LFS_SKIP_SMUDGE=1 retry 6 git clone --branch="master" https://x-token-auth:$REPOSITORY_OAUTH_ACCESS_TOKEN@bitbucket.org/$BITBUCKET_REPO_FULL_NAME.git $BUILD_DIR
Cloning into '/opt/atlassian/pipelines/agent/build'...

+ git reset --hard 1ee81c1a0b54e93b097fd30b59538e67788699e7
HEAD is now at 1ee81c1 Merged in circleci_build_bitbucket_sonar (pull request #146)

+ git config user.name bitbucket-pipelines

+ git config user.email commits-noreply@bitbucket.org

+ git config push.default current

+ git config http.${BITBUCKET_GIT_HTTP_ORIGIN}.proxy http://localhost:29418/

+ git remote set-url origin http://bitbucket.org/$BITBUCKET_REPO_FULL_NAME

+ git reflog expire --expire=all --all

+ echo ".bitbucket/pipelines/generated" >> .git/info/exclude

+ chmod 777 $BUILD_DIR

Cache "sonar": Downloading
Cache "sonar": Not found

Images used:
    build : docker.io/atlassian/default-image@sha256:d4b1cc074a5ac1ee5d9702a536b8a8456554732df70f4b55fd85515e4b106f8d
+ docker container run \
   --volume=/opt/atlassian/pipelines/agent/build:/opt/atlassian/pipelines/agent/build \
   --volume=/opt/atlassian/pipelines/agent/ssh:/opt/atlassian/pipelines/agent/ssh:ro \
   --volume=/usr/local/bin/docker:/usr/local/bin/docker:ro \
   --volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes \
   --volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan \
   --workdir=$(pwd) \
   --label=org.bitbucket.pipelines.system=true \
   --env=BITBUCKET_STEP_TRIGGERER_UUID="$BITBUCKET_STEP_TRIGGERER_UUID" \
   --env=BITBUCKET_REPO_FULL_NAME="$BITBUCKET_REPO_FULL_NAME" \
   --env=BITBUCKET_GIT_HTTP_ORIGIN="$BITBUCKET_GIT_HTTP_ORIGIN" \
   --env=BITBUCKET_PROJECT_UUID="$BITBUCKET_PROJECT_UUID" \
   --env=BITBUCKET_REPO_IS_PRIVATE="$BITBUCKET_REPO_IS_PRIVATE" \
   --env=BITBUCKET_WORKSPACE="$BITBUCKET_WORKSPACE" \
   --env=BITBUCKET_REPO_OWNER_UUID="$BITBUCKET_REPO_OWNER_UUID" \
   --env=BITBUCKET_BRANCH="$BITBUCKET_BRANCH" \
   --env=BITBUCKET_REPO_UUID="$BITBUCKET_REPO_UUID" \
   --env=BITBUCKET_PROJECT_KEY="$BITBUCKET_PROJECT_KEY" \
   --env=BITBUCKET_REPO_SLUG="$BITBUCKET_REPO_SLUG" \
   --env=CI="$CI" \
   --env=BITBUCKET_REPO_OWNER="$BITBUCKET_REPO_OWNER" \
   --env=BITBUCKET_STEP_RUN_NUMBER="$BITBUCKET_STEP_RUN_NUMBER" \
   --env=BITBUCKET_BUILD_NUMBER="$BITBUCKET_BUILD_NUMBER" \
   --env=BITBUCKET_GIT_SSH_ORIGIN="$BITBUCKET_GIT_SSH_ORIGIN" \
   --env=BITBUCKET_PIPELINE_UUID="$BITBUCKET_PIPELINE_UUID" \
   --env=BITBUCKET_COMMIT="$BITBUCKET_COMMIT" \
   --env=BITBUCKET_CLONE_DIR="$BITBUCKET_CLONE_DIR" \
   --env=PIPELINES_JWT_TOKEN="$PIPELINES_JWT_TOKEN" \
   --env=BITBUCKET_STEP_UUID="$BITBUCKET_STEP_UUID" \
   --env=BITBUCKET_DOCKER_HOST_INTERNAL="$BITBUCKET_DOCKER_HOST_INTERNAL" \
   --env=DOCKER_HOST="tcp://host.docker.internal:2375" \
   --env=BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" \
   --env=BITBUCKET_PIPE_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan" \
   --env=SONAR_TOKEN="${SONAR_TOKEN}" \
   --add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" \
   sonarsource/sonarcloud-scan:1.2.0
Unable to find image 'sonarsource/sonarcloud-scan:1.2.0' locally
1.2.0: Pulling from sonarsource/sonarcloud-scan
27833a3ba0a5: Pulling fs layer
16d944e3d00d: Pulling fs layer
6aaf465b8930: Pulling fs layer
0684138f4cb6: Pulling fs layer
67c4e741e688: Pulling fs layer
783178df3a0c: Pulling fs layer
b90e11ae2ca4: Pulling fs layer
9fc517e2c9ac: Pulling fs layer
6d77d62f6ea1: Pulling fs layer
a8301419b002: Pulling fs layer
1d64ab2cd6f5: Pulling fs layer
67c4e741e688: Waiting
783178df3a0c: Waiting
b90e11ae2ca4: Waiting
9fc517e2c9ac: Waiting
6d77d62f6ea1: Waiting
a8301419b002: Waiting
1d64ab2cd6f5: Waiting
0684138f4cb6: Waiting
16d944e3d00d: Verifying Checksum
16d944e3d00d: Download complete
6aaf465b8930: Verifying Checksum
6aaf465b8930: Download complete
27833a3ba0a5: Download complete
0684138f4cb6: Verifying Checksum
0684138f4cb6: Download complete
67c4e741e688: Download complete
9fc517e2c9ac: Verifying Checksum
9fc517e2c9ac: Download complete
b90e11ae2ca4: Verifying Checksum
b90e11ae2ca4: Download complete
27833a3ba0a5: Pull complete
16d944e3d00d: Pull complete
6aaf465b8930: Pull complete
0684138f4cb6: Pull complete
783178df3a0c: Verifying Checksum
783178df3a0c: Download complete
a8301419b002: Download complete
67c4e741e688: Pull complete
1d64ab2cd6f5: Verifying Checksum
1d64ab2cd6f5: Download complete
6d77d62f6ea1: Verifying Checksum
6d77d62f6ea1: Download complete
783178df3a0c: Pull complete
b90e11ae2ca4: Pull complete
9fc517e2c9ac: Pull complete
6d77d62f6ea1: Pull complete
a8301419b002: Pull complete
1d64ab2cd6f5: Pull complete
Digest: sha256:7f39096138d7e6dd1e77d994a44bbdffd5136fd500415f64eebded0c1ce64d83
Status: Downloaded newer image for sonarsource/sonarcloud-scan:1.2.0
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.4.0.2170
INFO: Java 11.0.2 Oracle Corporation (64-bit)
INFO: Linux 5.13.0-1022-aws amd64
INFO: Bitbucket Cloud Pipelines detected
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 8.0.0.29861
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=567ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=135ms
INFO: Load/download plugins (done) | time=31492ms
INFO: Loaded core extensions: developer-scanner
INFO: Found an active CI vendor: 'Bitbucket Pipelines'
INFO: Detected project key 'xyz_android' from 'Bitbucket Cloud Pipelines'
INFO: Detected organization key 'abc' from 'Bitbucket Cloud Pipelines'
INFO: Load project settings for component key: 'xyz_android'
INFO: Load project settings for component key: 'xyz_android' (done) | time=104ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: xyz_android
INFO: Base dir: /opt/atlassian/pipelines/agent/build
INFO: Working dir: /opt/atlassian/pipelines/agent/build/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=115ms
INFO: Check ALM binding of project 'xyz_android'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'xyz_android' (done) | time=99ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=139ms
INFO: Load branch configuration
INFO: Detected analysis for branch 'master'
INFO: Auto-configuring branch master
INFO: Load branch configuration (done) | time=3ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=150ms
INFO: Load active rules
INFO: Load active rules (done) | time=4019ms
INFO: Organization key: abc
INFO: Branch name: master, type: long-lived
INFO: Load project repositories
INFO: Load project repositories (done) | time=117ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/build-wrapper-dump.json
INFO: 336 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for json: SonarQube Way
INFO: Quality profile for kotlin: Mobile
INFO: Quality profile for xml: Sonar way
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module xyz_android
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=108ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=61ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=13ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=5ms
INFO: Sensor XML Sensor [xml]
INFO: 125 source files to be analyzed
INFO: 125/125 source files have been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=2169ms
INFO: Sensor Text Sensor [text]
INFO: 283 source files to be analyzed
INFO: 283/283 source files have been analyzed
INFO: Sensor Text Sensor [text] (done) | time=248ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=14ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor Kotlin Sensor [kotlin]
WARN: Access to the multi-values/property set property 'sonar.java.binaries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
WARN: Access to the multi-values/property set property 'sonar.java.libraries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
INFO: 154 source files to be analyzed
INFO: 154/154 source files have been analyzed
INFO: Sensor Kotlin Sensor [kotlin] (done) | time=4730ms
INFO: Sensor KotlinSurefireSensor [kotlin]
INFO: parsing [/opt/atlassian/pipelines/agent/build/target/surefire-reports]
INFO: Sensor KotlinSurefireSensor [kotlin] (done) | time=1ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /opt/atlassian/pipelines/agent/build/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=1ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /opt/atlassian/pipelines/agent/build/.scannerwork/ir/python
INFO: No IR files have been included for analysis.
INFO: Sensor pythonbugs [dbd] (done) | time=0ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=2ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=38ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 283 source files to be analyzed
INFO: Blaming files using jgit implementation
INFO: SCM Publisher 283/283 source files have been analyzed (done) | time=2164ms
INFO: CPD Executor 43 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 111 files
INFO: CPD Executor CPD calculation finished (done) | time=46ms
INFO: Analysis report generated in 212ms, dir size=2 MB
INFO: Analysis report compressed in 573ms, zip size=1023 KB
INFO: Analysis report uploaded in 816ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=xyz_android&branch=master
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AYGYlyU7SITACoMzIOBu
INFO: Analysis total time: 20.844 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 56.667s
INFO: Final Memory: 46M/174M
INFO: ------------------------------------------------------------------------
e[32m✔ SonarCloud analysis was successful.e[0m
Assembling contents of new cache 'sonar'
Searching for files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/**
Artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/** matched 1 files with a total size of 9.6 KiB
Compressed files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/** to 2.5 KiB in 0 seconds
Uploading artifact of 2.5 KiB
Successfully uploaded artifact in 0 seconds

Searching for test report files in directories named [test-results, failsafe-reports, test-reports, TestResults, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.

Hi,

I suppose I should have asked for both logs at once. I was hoping (assuming) something obvious would jump out at me from this first log. Can I also have the log that does produce issues?

 
Thx,
Ann

Here is log from grade sonarqube command running in CircleCI:

./gradlew sonarqube --info
.
.
.
.
<gradle log>
.
.
.
.

> Task :app:compileDebugUnitTestJavaWithJavac NO-SOURCE
file or directory '/home/circleci/project/app/src/testDebug/java', not found
Skipping task ':app:compileDebugUnitTestJavaWithJavac' as it has no source files and no previous output files.
:app:compileDebugUnitTestJavaWithJavac (Thread[Execution worker for ':' Thread 3,5,main]) completed. Took 0.001 secs.
:app:sonarqube (Thread[Execution worker for ':' Thread 3,5,main]) started.

> Task :app:sonarqube
No variant name specified to be used by SonarQube. Default to 'debug'
Caching disabled for task ':app:sonarqube' because:
  Build cache is disabled
Task ':app:sonarqube' is not up-to-date because:
  Task has not declared any outputs despite executing actions.
No variant name specified to be used by SonarQube. Default to 'debug'
User cache: /home/circleci/.sonar/cache
Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
Load global settings
Load global settings (done) | time=568ms
Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
User cache: /home/circleci/.sonar/cache
Load/download plugins
Load plugins index
Load plugins index (done) | time=131ms
Load/download plugins (done) | time=29606ms
Loaded core extensions: developer-scanner
Found an active CI vendor: 'CircleCI'
Load project settings for component key: 'xyz_android'
Load project settings for component key: 'xyz_android' (done) | time=111ms
Process project properties
Execute project builders
Execute project builders (done) | time=1ms
Project key: xyz_android
Base dir: /home/circleci/project/app
Working dir: /home/circleci/project/app/build/sonar
Load project branches
Load project branches (done) | time=120ms
Check ALM binding of project 'xyz_android'
Detected project binding: BOUND
Check ALM binding of project 'xyz_android' (done) | time=101ms
Load project pull requests
Load project pull requests (done) | time=130ms
Load branch configuration
Auto-configuring branch master
Load branch configuration (done) | time=2ms
Load quality profiles
Load quality profiles (done) | time=142ms
Load active rules
Load active rules (done) | time=4029ms
Organization key: abc
Branch name: master, type: long-lived
Load project repositories
Load project repositories (done) | time=199ms
Indexing files...
Project configuration:
  Excluded sources: **/build-wrapper-dump.json
  Excluded sources for coverage: **/BuildConfig.*, **/Manifest*.*, **/*Test*.*, android/**/*.*
316 files indexed

> Task :app:sonarqube
0 files ignored because of inclusion/exclusion patterns
0 files ignored because of scm ignore settings
Quality profile for json: SonarQube Way
Quality profile for kotlin: Mobile
Quality profile for xml: Sonar way
------------- Run sensors on module xyz_android
Load metrics repository
Load metrics repository (done) | time=105ms
Sensor IaC CloudFormation Sensor [iac]

0 source files to be analyzed
0/0 source files have been analyzed
125 source files to be analyzed
125/125 source files have been analyzed
281 source files to be analyzed
281/281 source files have been analyzed

> Task :app:sonarqube
Sensor IaC CloudFormation Sensor [iac] (done) | time=11ms
Sensor C# Project Type Information [csharp]
Sensor C# Project Type Information [csharp] (done) | time=1ms
Sensor C# Analysis Log [csharp]
Sensor C# Analysis Log [csharp] (done) | time=16ms
Sensor C# Properties [csharp]
Sensor C# Properties [csharp] (done) | time=0ms
Sensor HTML [web]
Sensor HTML [web] (done) | time=4ms
Sensor XML Sensor [xml]
Sensor XML Sensor [xml] (done) | time=1128ms
Sensor Text Sensor [text]
Sensor Text Sensor [text] (done) | time=164ms
Sensor VB.NET Project Type Information [vbnet]
Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
Sensor VB.NET Analysis Log [vbnet]
Sensor VB.NET Analysis Log [vbnet] (done) | time=15ms
Sensor VB.NET Properties [vbnet]
Sensor VB.NET Properties [vbnet] (done) | time=0ms
Sensor JaCoCo XML Report Importer [jacoco]
Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
Sensor JaCoCo XML Report Importer [jacoco] (done) | time=30ms
Sensor Kotlin Sensor [kotlin]
Access to the multi-values/property set property 'sonar.java.binaries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
Access to the multi-values/property set property 'sonar.java.libraries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.

128 source files to be analyzed
128/128 source files have been analyzed

> Task :app:sonarqube
Sensor Kotlin Sensor [kotlin] (done) | time=18963ms
Sensor KotlinSurefireSensor [kotlin]
parsing [/home/circleci/project/app/build/test-results/**/*.*]
Reports path not found or is not a directory: /home/circleci/project/app/build/test-results/**/*.*
Sensor KotlinSurefireSensor [kotlin] (done) | time=2ms
Sensor CSS Rules [javascript]
No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
Sensor CSS Rules [javascript] (done) | time=1ms
Sensor ThymeLeaf template sensor [securityjavafrontend]
Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=2ms
Sensor Serverless configuration file sensor [security]
0 Serverless function entries were found in the project
0 Serverless function handlers were kept as entrypoints
Sensor Serverless configuration file sensor [security] (done) | time=3ms
Sensor AWS SAM template file sensor [security]
Sensor AWS SAM template file sensor [security] (done) | time=1ms
Sensor javabugs [dbd]
Reading IR files from: /home/circleci/project/app/build/sonar/ir/java
No IR files have been included for analysis.
Sensor javabugs [dbd] (done) | time=0ms
Sensor pythonbugs [dbd]
Reading IR files from: /home/circleci/project/app/build/sonar/ir/python
No IR files have been included for analysis.
Sensor pythonbugs [dbd] (done) | time=0ms
Sensor JavaSecuritySensor [security]
Reading type hierarchy from: /home/circleci/project/app/build/sonar/ucfg2/java
Read 0 type definitions
Reading UCFGs from: /home/circleci/project/app/build/sonar/ucfg2/java
No UCFGs have been included for analysis.
Sensor JavaSecuritySensor [security] (done) | time=3ms
Sensor CSharpSecuritySensor [security]
Reading type hierarchy from: /home/circleci/project/app/build/ucfg_cs2
Read 0 type definitions
Reading UCFGs from: /home/circleci/project/app/build/ucfg_cs2
No UCFGs have been included for analysis.
Sensor CSharpSecuritySensor [security] (done) | time=0ms
Sensor PhpSecuritySensor [security]
Reading type hierarchy from: /home/circleci/project/app/build/sonar/ucfg2/php
Read 0 type definitions
Reading UCFGs from: /home/circleci/project/app/build/sonar/ucfg2/php
No UCFGs have been included for analysis.
Sensor PhpSecuritySensor [security] (done) | time=0ms
Sensor PythonSecuritySensor [security]
Reading type hierarchy from: /home/circleci/project/app/build/sonar/ucfg2/python
Read 0 type definitions
Reading UCFGs from: /home/circleci/project/app/build/sonar/ucfg2/python
No UCFGs have been included for analysis.
Sensor PythonSecuritySensor [security] (done) | time=0ms
Sensor JsSecuritySensor [security]
Reading type hierarchy from: /home/circleci/project/app/build/sonar/ucfg2/js
Read 0 type definitions
Reading UCFGs from: /home/circleci/project/app/build/sonar/ucfg2/js
No UCFGs have been included for analysis.
Sensor JsSecuritySensor [security] (done) | time=0ms
------------- Run sensors on project
Sensor Analysis Warnings import [csharp]
Sensor Analysis Warnings import [csharp] (done) | time=0ms
Sensor Zero Coverage Sensor
Sensor Zero Coverage Sensor (done) | time=4ms
SCM Publisher SCM provider for this project is: git
SCM Publisher 281 source files to be analyzed
Blaming files using native implementation

SCM Publisher 281/281 source files have been analyzed (done) | time=586ms
CPD Executor CPD calculation finished (done) | time=40ms

> Task :app:sonarqube
CPD Executor 41 files had no CPD blocks
CPD Executor Calculating CPD for 87 files
Analysis report generated in 116ms, dir size=2 MB
Analysis report compressed in 334ms, zip size=983 KB
Analysis report generated in /home/circleci/project/app/build/sonar/scanner-report
Analysis report uploaded in 848ms
------------- Check Quality Gate status
Waiting for the analysis report to be processed (max 300s)

> Task :app:sonarqube FAILED
:app:sonarqube (Thread[Execution worker for ':' Thread 3,5,main]) completed. Took 1 mins 14.581 secs.
AAPT2 aapt2-4.2.2-7147631-linux Daemon #0: shutdown
AAPT2 aapt2-4.2.2-7147631-linux Daemon #1: shutdown

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:sonarqube'.
> QUALITY GATE STATUS: FAILED - View details on https://sonarcloud.io/dashboard?id=xyz_android&branch=master

* Try:
Run with --stacktrace option to get the stack trace. Run with --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/7.0.2/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 1m 45s
39 actionable tasks: 39 executed
Not watching anything anymore
Watching 0 directories to track changes
Some of the file system contents retained in the virtual file system are on file systems that Gradle doesn't support watching. The relevant state was discarded to ensure changes to these locations are properly detected. You can override this by explicitly enabling file system watching.
Watching 0 directories to track changes

Exited with code exit status 1
CircleCI received exit code 1

Hi,

There doesn’t seem to be a compile in the BB pipeline. Is there one in the CircleCI job? Because Kotlin analysis does require compilation.

 
Ann

Yes, I think there wasn’t in BB since it is using only sonar pipe. Though I haven seen it is detecting one code smell which shows last year. But it is not detecting any new while grade sonar scan in CircleCI detects 3 Code Smells, 1 vulnerability and few security hotspots.

Hi,

Can you make sure the code is always compiled, regardless of which kind of pipeline you’re using?

 
Ann

Yes, we have added that as we started using gradle, but in BB why it was detecting one code Smell but not others ?

Also, do we need to scan iOS swift files with compiled code ?

Hi,

So now that you’ve added compilation, the BB-based analysis is also finding issues?

 
Ann

No, we haven’t added compilation in BB, as we are moving from BB to CircleCI.

Hi,

Kotlin analysis requires the compiled class files. If you weren’t compiling on BB and you weren’t getting issues on BB, then that’s more than likely the reason.

 
Ann

But as I said, It is detecting one code smell from last year, but not others.