Main Branch does not reflect latest analyses

SonarQube Cloud
1
  • ALM used (GitHub)
  • CI system used (GitHub Actions)
  • Scanner command used when applicable (uses: sonarsource/sonarcloud-github-action@master)
  • Languages of the repository (TypeScript)

Hi All,

I’m looking for help with a SonarCloud org project that has an issue on its Main Branch. The project was configured previously and working fine, but the sonarcloud github action had been mistakenly removed from the workflow, which has since been put back.

We are seeing analysis on every PR and on our Main Branch “develop” but when merges go into the Main Branch (develop), the Summary of the Main Branch page still reflects commits from 4 months ago, which had a failed Quality Gate.

I’m wondering why we don’t see more recent analysis from develop (our Main Branch)?

Screen Shot 2022-05-16 at 6.27.49 PM
Screen Shot 2022-05-16 at 6.27.49 PM1920×1054 72.7 KB

^Main Branch showing Failed Quality Gate.

Screen Shot 2022-05-16 at 6.28.14 PM
Screen Shot 2022-05-16 at 6.28.14 PM1920×933 34.3 KB

^Branches page showing our Main Branch develop failed 4 months ago.

Screen Shot 2022-05-16 at 6.28.42 PM
Screen Shot 2022-05-16 at 6.28.42 PM1920×1027 93.9 KB

^Analysis showing on other branches, including develop.

Please help make sense of it? I’m not sure if we need to delete and re-analyze the project, or something else.

Best Regards,

Sean

2

Hey there.

How is your GitHub Actions YAML configured (can you paste it here?)

3

Yes of course! Here it is, I removed some sensitive ENV VAR which are needed for the test steps.

name: SonarCloud

on:
  pull_request:
    types:
      - opened
      - reopened
      - synchronize
  push:
    branches:
      - develop
      - master

jobs:
  scan:
    if: github.head_ref != 'master' && startsWith(github.head_ref, 'meta/stub-version-') == false
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - uses: actions/setup-node@v1
        with:
          node-version: 14.x

      - name: Install dependencies
        run: yarn install --check-files

      - name: Build
        run: npx projen build

      - name: Test
        run: yarn jest --coverage

      - name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_TOKEN }}
4

Thanks.

Now, check the actions that have run for your develop branch.

  • Do you see that this job has run? If not – you are going to have to adjust the workflow to make sure it’s actually running when the develop branch is pushed.
  • If it is running, what’s the output of the SonarCloud Scan step?

If you get stuck, feel free to attach the logs of a GitHub action run from your develop branch.

5

This job runs on push to develop. I’ll paste the SonarCloud Scan output from the most recent push to develop branch here. I’ve looked over logs from past runs and while a couple things stand out as odd (probably due to my limited knowledge of SonarCloud), nothing throws a huge red flag that we are doing something wrong. Hence, confusion and appreciation for your assistance and second opinion.

2022-05-16T19:16:55.5562114Z ##[group]Run sonarsource/sonarcloud-github-action@master
2022-05-16T19:16:55.5562483Z with:
2022-05-16T19:16:55.5562736Z   projectBaseDir: .
2022-05-16T19:16:55.5562994Z env:
2022-05-16T19:16:55.5563432Z   GITHUB_TOKEN: ***
2022-05-16T19:16:55.5563789Z   SONAR_TOKEN: ***
2022-05-16T19:16:55.5564044Z ##[endgroup]
2022-05-16T19:16:55.5762092Z ##[command]/usr/bin/docker run --name d994f651119024590a67029e592479adc_07a65c --label 08450d --workdir /github/workspace --rm -e GITHUB_TOKEN -e SONAR_TOKEN -e INPUT_ARGS -e INPUT_PROJECTBASEDIR -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/sdk/sdk":"/github/workspace" 08450d:994f651119024590a67029e592479adc
2022-05-16T19:16:56.0472746Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-05-16T19:16:56.0479390Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-05-16T19:16:56.0838334Z INFO: SonarScanner 4.6.2.2472
2022-05-16T19:16:56.0841437Z INFO: Java 11.0.14 Alpine (64-bit)
2022-05-16T19:16:56.0841940Z INFO: Linux 5.13.0-1022-azure amd64
2022-05-16T19:16:56.3735417Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-05-16T19:16:58.7721612Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-05-16T19:16:58.7725145Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-05-16T19:16:58.7736052Z INFO: Analyzing on SonarCloud
2022-05-16T19:16:58.7736734Z INFO: Default locale: "en_US", source code encoding: "UTF-8"
2022-05-16T19:16:59.2497301Z INFO: Load global settings
2022-05-16T19:16:59.8249134Z INFO: Load global settings (done) | time=577ms
2022-05-16T19:16:59.8310010Z INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2022-05-16T19:16:59.8488881Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-05-16T19:16:59.8563549Z INFO: Load/download plugins
2022-05-16T19:16:59.8563958Z INFO: Load plugins index
2022-05-16T19:16:59.9973456Z INFO: Load plugins index (done) | time=141ms
2022-05-16T19:17:29.7847346Z INFO: Load/download plugins (done) | time=29928ms
2022-05-16T19:17:30.2083732Z INFO: Loaded core extensions: developer-scanner
2022-05-16T19:17:30.7015879Z INFO: Found an active CI vendor: 'Github Actions'
2022-05-16T19:17:30.7229591Z INFO: Load project settings for component key: '{org-name}_sdk'
2022-05-16T19:17:30.8361027Z INFO: Load project settings for component key: '{org-name}_sdk' (done) | time=113ms
2022-05-16T19:17:30.8414349Z INFO: Process project properties
2022-05-16T19:17:30.8492409Z INFO: Execute project builders
2022-05-16T19:17:30.8513436Z INFO: Execute project builders (done) | time=2ms
2022-05-16T19:17:30.8541244Z INFO: Project key: {org-name}_sdk
2022-05-16T19:17:30.8547510Z INFO: Base dir: /github/workspace
2022-05-16T19:17:30.8553364Z INFO: Working dir: /github/workspace/.scannerwork
2022-05-16T19:17:30.9480260Z INFO: Load project branches
2022-05-16T19:17:31.0695548Z INFO: Load project branches (done) | time=121ms
2022-05-16T19:17:31.0716246Z INFO: Check ALM binding of project '{org-name}_sdk'
2022-05-16T19:17:31.1727087Z INFO: Detected project binding: BOUND
2022-05-16T19:17:31.1728468Z INFO: Check ALM binding of project '{org-name}_sdk' (done) | time=101ms
2022-05-16T19:17:31.1745173Z INFO: Load project pull requests
2022-05-16T19:17:31.3014165Z INFO: Load project pull requests (done) | time=126ms
2022-05-16T19:17:31.3033919Z INFO: Load branch configuration
2022-05-16T19:17:31.3047515Z INFO: Github event: push
2022-05-16T19:17:31.5535238Z INFO: Auto-configuring pull request 47
2022-05-16T19:17:32.1711452Z INFO: Load branch configuration (done) | time=867ms
2022-05-16T19:17:32.2239108Z INFO: Load quality profiles
2022-05-16T19:17:32.3805482Z INFO: Load quality profiles (done) | time=156ms
2022-05-16T19:17:32.3861035Z INFO: Load active rules
2022-05-16T19:17:36.5435965Z INFO: Load active rules (done) | time=4157ms
2022-05-16T19:17:36.6125542Z INFO: Organization key: {org-name}
2022-05-16T19:17:36.6129122Z INFO: Pull request 47 for merge into main from develop
2022-05-16T19:17:36.6493107Z INFO: Load project repositories
2022-05-16T19:17:36.7621662Z INFO: Load project repositories (done) | time=113ms
2022-05-16T19:17:36.7640998Z INFO: SCM collecting changed files in the branch
2022-05-16T19:17:37.0706397Z INFO: SCM collecting changed files in the branch (done) | time=306ms
2022-05-16T19:17:37.1008977Z INFO: Indexing files...
2022-05-16T19:17:37.1009435Z INFO: Project configuration:
2022-05-16T19:17:37.1010414Z INFO:   Excluded sources: **/build-wrapper-dump.json, jest-playwright.config.js, test/**/*
2022-05-16T19:17:42.2999502Z INFO: 53 files indexed
2022-05-16T19:17:42.3013987Z INFO: 7 files ignored because of inclusion/exclusion patterns
2022-05-16T19:17:42.3028561Z INFO: 25241 files ignored because of scm ignore settings
2022-05-16T19:17:42.3095108Z INFO: Quality profile for json: Sonar way
2022-05-16T19:17:42.3098521Z INFO: Quality profile for ts: Sonar way recommended
2022-05-16T19:17:42.3106256Z INFO: Quality profile for yaml: Sonar way
2022-05-16T19:17:42.3655598Z INFO: ------------- Run sensors on module {org-name}_sdk
2022-05-16T19:17:42.5278721Z INFO: Load metrics repository
2022-05-16T19:17:42.6383284Z INFO: Load metrics repository (done) | time=110ms
2022-05-16T19:17:45.2155744Z INFO: Sensor IaC CloudFormation Sensor [iac]
2022-05-16T19:17:45.2431748Z INFO: 0 source files to be analyzed
2022-05-16T19:17:45.2554958Z INFO: 0/0 source files have been analyzed
2022-05-16T19:17:45.2577561Z INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=41ms
2022-05-16T19:17:45.2583079Z INFO: Sensor C# Project Type Information [csharp]
2022-05-16T19:17:45.2598770Z INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
2022-05-16T19:17:45.2603026Z INFO: Sensor C# Analysis Log [csharp]
2022-05-16T19:17:45.2749950Z INFO: Sensor C# Analysis Log [csharp] (done) | time=15ms
2022-05-16T19:17:45.2754779Z INFO: Sensor C# Properties [csharp]
2022-05-16T19:17:45.2757784Z INFO: Sensor C# Properties [csharp] (done) | time=0ms
2022-05-16T19:17:45.2765980Z INFO: Sensor HTML [web]
2022-05-16T19:17:45.2768314Z INFO: Sensor HTML is restricted to changed files only
2022-05-16T19:17:45.2814875Z INFO: Sensor HTML [web] (done) | time=6ms
2022-05-16T19:17:45.2820837Z INFO: Sensor Text Sensor [text]
2022-05-16T19:17:45.3002912Z INFO: 47 source files to be analyzed
2022-05-16T19:17:45.3374653Z INFO: 47/47 source files have been analyzed
2022-05-16T19:17:45.3383421Z INFO: Sensor Text Sensor [text] (done) | time=56ms
2022-05-16T19:17:45.3388181Z INFO: Sensor VB.NET Project Type Information [vbnet]
2022-05-16T19:17:45.3404273Z INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
2022-05-16T19:17:45.3410460Z INFO: Sensor VB.NET Analysis Log [vbnet]
2022-05-16T19:17:45.3552052Z INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=14ms
2022-05-16T19:17:45.3556455Z INFO: Sensor VB.NET Properties [vbnet]
2022-05-16T19:17:45.3559747Z INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
2022-05-16T19:17:45.3568731Z INFO: Sensor JaCoCo XML Report Importer [jacoco]
2022-05-16T19:17:45.3596408Z INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2022-05-16T19:17:45.3603531Z INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2022-05-16T19:17:45.3605744Z INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
2022-05-16T19:17:45.3609986Z INFO: Sensor TypeScript analysis [javascript]
2022-05-16T19:17:46.6476877Z INFO: Deploying custom rules bundle jar:file:/opt/sonar-scanner/.sonar/cache/407d827e66c5794ecc2c8947635359f7/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /github/workspace/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules764032138556326897
2022-05-16T19:17:49.4411130Z INFO: Found 2 tsconfig.json file(s): [/github/workspace/tsconfig.json, /github/workspace/dist/tsconfig.json]
2022-05-16T19:17:49.4418897Z INFO: Creating TypeScript program
2022-05-16T19:17:49.4423132Z INFO: TypeScript configuration file /github/workspace/tsconfig.json
2022-05-16T19:17:49.4505358Z INFO: 42 source files to be analyzed
2022-05-16T19:17:50.7296691Z INFO: Creating TypeScript program (done) | time=1287ms
2022-05-16T19:17:50.7297249Z INFO: Starting analysis with current program
2022-05-16T19:17:54.7437455Z INFO: Analyzed 37 file(s) with current program
2022-05-16T19:17:54.7470973Z INFO: Creating TypeScript program
2022-05-16T19:17:54.7471858Z INFO: TypeScript configuration file /github/workspace/dist/tsconfig.json
2022-05-16T19:17:55.5092639Z INFO: Creating TypeScript program (done) | time=762ms
2022-05-16T19:17:55.5093180Z INFO: Starting analysis with current program
2022-05-16T19:17:55.5186818Z INFO: Analyzed 0 file(s) with current program
2022-05-16T19:17:55.5445295Z INFO: Skipped 5 file(s) because they were not part of any tsconfig (enable debug logs to see the full list)
2022-05-16T19:17:55.5626790Z INFO: 42/42 source files have been analyzed
2022-05-16T19:17:55.5629235Z INFO: Sensor TypeScript analysis [javascript] (done) | time=10202ms
2022-05-16T19:17:55.5635997Z INFO: Sensor JavaScript/TypeScript Coverage [javascript]
2022-05-16T19:17:55.5642010Z INFO: Analysing [/github/workspace/./coverage/lcov.info]
2022-05-16T19:17:55.6037733Z INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=40ms
2022-05-16T19:17:55.6044616Z INFO: Sensor CSS Rules [javascript]
2022-05-16T19:17:55.6045130Z INFO: Sensor CSS Rules is restricted to changed files only
2022-05-16T19:17:55.6052896Z INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2022-05-16T19:17:55.6053455Z INFO: Sensor CSS Rules [javascript] (done) | time=0ms
2022-05-16T19:17:55.6058593Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
2022-05-16T19:17:55.6085061Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=3ms
2022-05-16T19:17:55.6090753Z INFO: Sensor Serverless configuration file sensor [security]
2022-05-16T19:17:55.6100284Z INFO: 0 Serverless function entries were found in the project
2022-05-16T19:17:55.6137679Z INFO: 0 Serverless function handlers were kept as entrypoints
2022-05-16T19:17:55.6145556Z INFO: Sensor Serverless configuration file sensor [security] (done) | time=6ms
2022-05-16T19:17:55.6153486Z INFO: Sensor AWS SAM template file sensor [security]
2022-05-16T19:17:55.6171568Z INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
2022-05-16T19:17:55.6178880Z INFO: Sensor javabugs [dbd]
2022-05-16T19:17:55.6188066Z INFO: Reading IR files from: /github/workspace/.scannerwork/ir/java
2022-05-16T19:17:55.6188563Z INFO: No IR files have been included for analysis.
2022-05-16T19:17:55.6188989Z INFO: Sensor javabugs [dbd] (done) | time=1ms
2022-05-16T19:17:55.6195260Z INFO: Sensor JavaSecuritySensor [security]
2022-05-16T19:17:55.6210294Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/java
2022-05-16T19:17:55.6210736Z INFO: Read 0 type definitions
2022-05-16T19:17:55.6245742Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/java
2022-05-16T19:17:55.6256535Z INFO: No UCFGs have been included for analysis.
2022-05-16T19:17:55.6257046Z INFO: Sensor JavaSecuritySensor [security] (done) | time=6ms
2022-05-16T19:17:55.6264450Z INFO: Sensor CSharpSecuritySensor [security]
2022-05-16T19:17:55.6271844Z INFO: Reading type hierarchy from: /github/workspace/ucfg_cs2
2022-05-16T19:17:55.6272281Z INFO: Read 0 type definitions
2022-05-16T19:17:55.6272697Z INFO: Reading UCFGs from: /github/workspace/ucfg_cs2
2022-05-16T19:17:55.6273150Z INFO: No UCFGs have been included for analysis.
2022-05-16T19:17:55.6273619Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
2022-05-16T19:17:55.6282228Z INFO: Sensor PhpSecuritySensor [security]
2022-05-16T19:17:55.6282772Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/php
2022-05-16T19:17:55.6283182Z INFO: Read 0 type definitions
2022-05-16T19:17:55.6283646Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/php
2022-05-16T19:17:55.6284093Z INFO: No UCFGs have been included for analysis.
2022-05-16T19:17:55.6284556Z INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
2022-05-16T19:17:55.6293274Z INFO: Sensor PythonSecuritySensor [security]
2022-05-16T19:17:55.6293852Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/python
2022-05-16T19:17:55.6294310Z INFO: Read 0 type definitions
2022-05-16T19:17:55.6294770Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/python
2022-05-16T19:17:55.6295235Z INFO: No UCFGs have been included for analysis.
2022-05-16T19:17:55.6295717Z INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
2022-05-16T19:17:55.6301901Z INFO: Sensor JsSecuritySensor [security]
2022-05-16T19:17:55.6306470Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/js
2022-05-16T19:17:55.6342501Z INFO: Read 0 type definitions
2022-05-16T19:17:55.6343014Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/js
2022-05-16T19:17:55.7938103Z INFO: 19:17:55.791423 Building Runtime Type propagation graph
2022-05-16T19:17:55.8118618Z INFO: 19:17:55.808696 Running Tarjan on 1319 nodes
2022-05-16T19:17:55.8166873Z INFO: 19:17:55.815682 Tarjan found 1319 components
2022-05-16T19:17:55.8279582Z INFO: 19:17:55.827067 Variable type analysis: done
2022-05-16T19:17:55.8309415Z INFO: 19:17:55.830388 Building Runtime Type propagation graph
2022-05-16T19:17:55.8420315Z INFO: 19:17:55.841323 Running Tarjan on 1319 nodes
2022-05-16T19:17:55.8432562Z INFO: 19:17:55.84272 Tarjan found 1319 components
2022-05-16T19:17:55.8459979Z INFO: 19:17:55.845485 Variable type analysis: done
2022-05-16T19:17:55.8473650Z INFO: Analyzing 185 ucfgs to detect vulnerabilities.
2022-05-16T19:17:56.0657125Z INFO: Taint analysis starting. Entrypoints: 38
2022-05-16T19:17:56.0657986Z INFO: Running symbolic analysis for 'JS'
2022-05-16T19:17:56.5050931Z INFO: Taint analysis: done.
2022-05-16T19:17:56.5051520Z INFO: Sensor JsSecuritySensor [security] (done) | time=875ms
2022-05-16T19:17:56.5082007Z INFO: ------------- Run sensors on project
2022-05-16T19:17:56.5278736Z INFO: Sensor Zero Coverage Sensor
2022-05-16T19:17:56.5285011Z INFO: Sensor Zero Coverage Sensor (done) | time=1ms
2022-05-16T19:17:56.5307659Z INFO: SCM Publisher SCM provider for this project is: git
2022-05-16T19:17:56.5355176Z INFO: SCM Publisher 9 source files to be analyzed
2022-05-16T19:17:56.7123123Z INFO: SCM Publisher 9/9 source files have been analyzed (done) | time=176ms
2022-05-16T19:17:56.7206153Z INFO: CPD Executor 8 files had no CPD blocks
2022-05-16T19:17:56.7206665Z INFO: CPD Executor Calculating CPD for 29 files
2022-05-16T19:17:56.7379999Z INFO: CPD Executor CPD calculation finished (done) | time=11ms
2022-05-16T19:17:56.8085355Z INFO: SCM writing changed lines
2022-05-16T19:17:56.8525359Z INFO: SCM writing changed lines (done) | time=44ms
2022-05-16T19:17:56.9198239Z INFO: Analysis report generated in 179ms, dir size=238 KB
2022-05-16T19:17:56.9766793Z INFO: Analysis report compressed in 56ms, zip size=82 KB
2022-05-16T19:17:57.3417128Z INFO: Analysis report uploaded in 364ms
2022-05-16T19:17:57.3438834Z INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id={org-name}_sdk&pullRequest=47
2022-05-16T19:17:57.3439684Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2022-05-16T19:18:02.6910478Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AYDOTkNlOvqhK2h8-aX-
2022-05-16T19:18:02.6911101Z INFO: Analysis total time: 32.482 s
2022-05-16T19:18:02.6943046Z INFO: ------------------------------------------------------------------------
2022-05-16T19:18:02.6943603Z INFO: EXECUTION SUCCESS
2022-05-16T19:18:02.6944442Z INFO: ------------------------------------------------------------------------
2022-05-16T19:18:02.6944935Z INFO: Total time: 1:06.648s
2022-05-16T19:18:02.8309187Z INFO: Final Memory: 43M/147M
2022-05-16T19:18:02.8310268Z INFO: ------------------------------------------------------------------------
6

Thanks. It looks like a pull request analysis is being run, rather than an analysis of a branch. Make sure that the action is being executed outside the context of a PR being raised (such as if you committed directly to develop)

7

Thanks for your help so far. Where in the log does it tell you that its handling the run as a PR not as a PUSH? I want to be able to identify this as well.

We do have an unrelated PR open (PR #47) but this log was from the push commit Sonar Scan actions run, not one triggered by the PR.

I am pasting another run, where I pushed directly to the develop branch, could you tell me how I can fix the issue with it running as PR analysis vs a push to main branch analysis? It seems like Sonarcloud is detecting the open PR and its overriding the push commit to the main branch (is this typical for SC?).

2022-05-31T16:36:09.8426411Z ##[group]Run sonarsource/sonarcloud-github-action@master
2022-05-31T16:36:09.8426743Z with:
2022-05-31T16:36:09.8426973Z   projectBaseDir: .
2022-05-31T16:36:09.8427212Z env:
2022-05-31T16:36:09.8427610Z   GITHUB_TOKEN: ***
2022-05-31T16:36:09.8427928Z   SONAR_TOKEN: ***
2022-05-31T16:36:09.8428159Z ##[endgroup]
2022-05-31T16:36:09.8644232Z ##[command]/usr/bin/docker run --name dae6d7bcfe0da45428c5b604e081bf576_5e3a95 --label 08450d --workdir /github/workspace --rm -e GITHUB_TOKEN -e SONAR_TOKEN -e INPUT_ARGS -e INPUT_PROJECTBASEDIR -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/sdk/sdk":"/github/workspace" 08450d:ae6d7bcfe0da45428c5b604e081bf576
2022-05-31T16:36:10.2919884Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-05-31T16:36:10.2924783Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-05-31T16:36:10.3263171Z INFO: SonarScanner 4.6.2.2472
2022-05-31T16:36:10.3269802Z INFO: Java 11.0.14 Alpine (64-bit)
2022-05-31T16:36:10.3270247Z INFO: Linux 5.13.0-1023-azure amd64
2022-05-31T16:36:10.5949042Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-05-31T16:36:13.8999509Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-05-31T16:36:13.9000979Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-05-31T16:36:13.9013653Z INFO: Analyzing on SonarCloud
2022-05-31T16:36:13.9014305Z INFO: Default locale: "en_US", source code encoding: "UTF-8"
2022-05-31T16:36:14.3625816Z INFO: Load global settings
2022-05-31T16:36:15.0702631Z INFO: Load global settings (done) | time=709ms
2022-05-31T16:36:15.0769417Z INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2022-05-31T16:36:15.0876504Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-05-31T16:36:15.0923751Z INFO: Load/download plugins
2022-05-31T16:36:15.0930785Z INFO: Load plugins index
2022-05-31T16:36:15.2552761Z INFO: Load plugins index (done) | time=162ms
2022-05-31T16:36:46.9173631Z INFO: Load/download plugins (done) | time=31825ms
2022-05-31T16:36:47.3898471Z INFO: Loaded core extensions: developer-scanner
2022-05-31T16:36:47.9126035Z INFO: Found an active CI vendor: 'Github Actions'
2022-05-31T16:36:47.9244458Z INFO: Load project settings for component key: '{org_name}_sdk'
2022-05-31T16:36:48.0682204Z INFO: Load project settings for component key: '{org_name}_sdk' (done) | time=144ms
2022-05-31T16:36:48.0723007Z INFO: Process project properties
2022-05-31T16:36:48.0792193Z INFO: Execute project builders
2022-05-31T16:36:48.0805201Z INFO: Execute project builders (done) | time=2ms
2022-05-31T16:36:48.0829424Z INFO: Project key: {org_name}_sdk
2022-05-31T16:36:48.0829843Z INFO: Base dir: /github/workspace
2022-05-31T16:36:48.0830237Z INFO: Working dir: /github/workspace/.scannerwork
2022-05-31T16:36:48.1494930Z INFO: Load project branches
2022-05-31T16:36:48.2965736Z INFO: Load project branches (done) | time=148ms
2022-05-31T16:36:48.2985478Z INFO: Check ALM binding of project '{org_name}_sdk'
2022-05-31T16:36:48.4266088Z INFO: Detected project binding: BOUND
2022-05-31T16:36:48.4274232Z INFO: Check ALM binding of project '{org_name}_sdk' (done) | time=128ms
2022-05-31T16:36:48.4291026Z INFO: Load project pull requests
2022-05-31T16:36:48.5873868Z INFO: Load project pull requests (done) | time=158ms
2022-05-31T16:36:48.5942998Z INFO: Load branch configuration
2022-05-31T16:36:48.5968906Z INFO: Github event: push
2022-05-31T16:36:48.9496612Z INFO: Auto-configuring pull request 47
2022-05-31T16:36:49.6250462Z INFO: Load branch configuration (done) | time=1028ms
2022-05-31T16:36:49.6771576Z INFO: Load quality profiles
2022-05-31T16:36:49.8584573Z INFO: Load quality profiles (done) | time=181ms
2022-05-31T16:36:49.8618235Z INFO: Load active rules
2022-05-31T16:36:54.9545125Z INFO: Load active rules (done) | time=5092ms
2022-05-31T16:36:54.9804171Z INFO: Organization key: {org_name}
2022-05-31T16:36:54.9816874Z INFO: Pull request 47 for merge into main from develop
2022-05-31T16:36:54.9915930Z INFO: Load project repositories
2022-05-31T16:36:55.1358449Z INFO: Load project repositories (done) | time=144ms
2022-05-31T16:36:55.1376613Z INFO: SCM collecting changed files in the branch
2022-05-31T16:36:55.4485461Z INFO: SCM collecting changed files in the branch (done) | time=311ms
2022-05-31T16:36:55.4913578Z INFO: Indexing files...
2022-05-31T16:36:55.4913986Z INFO: Project configuration:
2022-05-31T16:36:55.4918278Z INFO:   Excluded sources: **/build-wrapper-dump.json, jest-playwright.config.js, test/**/*
2022-05-31T16:36:59.9489791Z INFO: 53 files indexed
2022-05-31T16:36:59.9496482Z INFO: 7 files ignored because of inclusion/exclusion patterns
2022-05-31T16:36:59.9496986Z INFO: 25241 files ignored because of scm ignore settings
2022-05-31T16:36:59.9510587Z INFO: Quality profile for json: Sonar way
2022-05-31T16:36:59.9511069Z INFO: Quality profile for ts: Sonar way recommended
2022-05-31T16:36:59.9511483Z INFO: Quality profile for yaml: Sonar way
2022-05-31T16:36:59.9823456Z INFO: ------------- Run sensors on module {org_name}_sdk
2022-05-31T16:37:00.1964840Z INFO: Load metrics repository
2022-05-31T16:37:00.3370491Z INFO: Load metrics repository (done) | time=140ms
2022-05-31T16:37:03.0281817Z INFO: Sensor IaC CloudFormation Sensor [iac]
2022-05-31T16:37:03.0594917Z INFO: 0 source files to be analyzed
2022-05-31T16:37:03.0652418Z INFO: 0/0 source files have been analyzed
2022-05-31T16:37:03.0671721Z INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=40ms
2022-05-31T16:37:03.0678222Z INFO: Sensor C# Project Type Information [csharp]
2022-05-31T16:37:03.0694937Z INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
2022-05-31T16:37:03.0700662Z INFO: Sensor C# Analysis Log [csharp]
2022-05-31T16:37:03.0834377Z INFO: Sensor C# Analysis Log [csharp] (done) | time=13ms
2022-05-31T16:37:03.0840870Z INFO: Sensor C# Properties [csharp]
2022-05-31T16:37:03.0846068Z INFO: Sensor C# Properties [csharp] (done) | time=1ms
2022-05-31T16:37:03.0852390Z INFO: Sensor HTML [web]
2022-05-31T16:37:03.0852881Z INFO: Sensor HTML is restricted to changed files only
2022-05-31T16:37:03.0908546Z INFO: Sensor HTML [web] (done) | time=6ms
2022-05-31T16:37:03.0914371Z INFO: Sensor Text Sensor [text]
2022-05-31T16:37:03.1047278Z INFO: 47 source files to be analyzed
2022-05-31T16:37:03.1329068Z INFO: 47/47 source files have been analyzed
2022-05-31T16:37:03.1351437Z INFO: Sensor Text Sensor [text] (done) | time=44ms
2022-05-31T16:37:03.1354868Z INFO: Sensor VB.NET Project Type Information [vbnet]
2022-05-31T16:37:03.1370710Z INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
2022-05-31T16:37:03.1375350Z INFO: Sensor VB.NET Analysis Log [vbnet]
2022-05-31T16:37:03.1502806Z INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=12ms
2022-05-31T16:37:03.1514134Z INFO: Sensor VB.NET Properties [vbnet]
2022-05-31T16:37:03.1514659Z INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
2022-05-31T16:37:03.1517721Z INFO: Sensor JaCoCo XML Report Importer [jacoco]
2022-05-31T16:37:03.1539489Z INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2022-05-31T16:37:03.1545085Z INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2022-05-31T16:37:03.1545695Z INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
2022-05-31T16:37:03.1550181Z INFO: Sensor TypeScript analysis [javascript]
2022-05-31T16:37:04.3130772Z INFO: Deploying custom rules bundle jar:file:/opt/sonar-scanner/.sonar/cache/407d827e66c5794ecc2c8947635359f7/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /github/workspace/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules4648368713192984509
2022-05-31T16:37:06.8295315Z INFO: Found 2 tsconfig.json file(s): [/github/workspace/dist/tsconfig.json, /github/workspace/tsconfig.json]
2022-05-31T16:37:06.8305860Z INFO: Creating TypeScript program
2022-05-31T16:37:06.8310522Z INFO: TypeScript configuration file /github/workspace/dist/tsconfig.json
2022-05-31T16:37:06.8484928Z INFO: 42 source files to be analyzed
2022-05-31T16:37:08.0758808Z INFO: Creating TypeScript program (done) | time=1242ms
2022-05-31T16:37:08.0764287Z INFO: Starting analysis with current program
2022-05-31T16:37:08.0798484Z INFO: Analyzed 0 file(s) with current program
2022-05-31T16:37:08.0891482Z INFO: Creating TypeScript program
2022-05-31T16:37:08.0892010Z INFO: TypeScript configuration file /github/workspace/tsconfig.json
2022-05-31T16:37:08.6159478Z INFO: Creating TypeScript program (done) | time=527ms
2022-05-31T16:37:08.6159992Z INFO: Starting analysis with current program
2022-05-31T16:37:12.3694560Z INFO: Analyzed 37 file(s) with current program
2022-05-31T16:37:12.3743399Z INFO: Skipped 5 file(s) because they were not part of any tsconfig (enable debug logs to see the full list)
2022-05-31T16:37:12.3807008Z INFO: 42/42 source files have been analyzed
2022-05-31T16:37:12.3808069Z INFO: Sensor TypeScript analysis [javascript] (done) | time=9226ms
2022-05-31T16:37:12.3811863Z INFO: Sensor JavaScript/TypeScript Coverage [javascript]
2022-05-31T16:37:12.3817122Z INFO: Analysing [/github/workspace/./coverage/lcov.info]
2022-05-31T16:37:12.3972626Z INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=16ms
2022-05-31T16:37:12.3975263Z INFO: Sensor CSS Rules [javascript]
2022-05-31T16:37:12.3975911Z INFO: Sensor CSS Rules is restricted to changed files only
2022-05-31T16:37:12.3979823Z INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2022-05-31T16:37:12.3980578Z INFO: Sensor CSS Rules [javascript] (done) | time=0ms
2022-05-31T16:37:12.3988391Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
2022-05-31T16:37:12.3997936Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
2022-05-31T16:37:12.4002979Z INFO: Sensor Serverless configuration file sensor [security]
2022-05-31T16:37:12.4010393Z INFO: 0 Serverless function entries were found in the project
2022-05-31T16:37:12.4066714Z INFO: 0 Serverless function handlers were kept as entrypoints
2022-05-31T16:37:12.4073580Z INFO: Sensor Serverless configuration file sensor [security] (done) | time=7ms
2022-05-31T16:37:12.4078159Z INFO: Sensor AWS SAM template file sensor [security]
2022-05-31T16:37:12.4099363Z INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
2022-05-31T16:37:12.4106530Z INFO: Sensor javabugs [dbd]
2022-05-31T16:37:12.4115460Z INFO: Reading IR files from: /github/workspace/.scannerwork/ir/java
2022-05-31T16:37:12.4115939Z INFO: No IR files have been included for analysis.
2022-05-31T16:37:12.4116364Z INFO: Sensor javabugs [dbd] (done) | time=1ms
2022-05-31T16:37:12.4121149Z INFO: Sensor JavaSecuritySensor [security]
2022-05-31T16:37:12.4135434Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/java
2022-05-31T16:37:12.4135870Z INFO: Read 0 type definitions
2022-05-31T16:37:12.4167497Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/java
2022-05-31T16:37:12.4181140Z INFO: No UCFGs have been included for analysis.
2022-05-31T16:37:12.4181619Z INFO: Sensor JavaSecuritySensor [security] (done) | time=6ms
2022-05-31T16:37:12.4187215Z INFO: Sensor CSharpSecuritySensor [security]
2022-05-31T16:37:12.4193878Z INFO: Reading type hierarchy from: /github/workspace/ucfg_cs2
2022-05-31T16:37:12.4194261Z INFO: Read 0 type definitions
2022-05-31T16:37:12.4200950Z INFO: Reading UCFGs from: /github/workspace/ucfg_cs2
2022-05-31T16:37:12.4201383Z INFO: No UCFGs have been included for analysis.
2022-05-31T16:37:12.4201972Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
2022-05-31T16:37:12.4215263Z INFO: Sensor PhpSecuritySensor [security]
2022-05-31T16:37:12.4229489Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/php
2022-05-31T16:37:12.4229910Z INFO: Read 0 type definitions
2022-05-31T16:37:12.4236813Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/php
2022-05-31T16:37:12.4237268Z INFO: No UCFGs have been included for analysis.
2022-05-31T16:37:12.4237722Z INFO: Sensor PhpSecuritySensor [security] (done) | time=2ms
2022-05-31T16:37:12.4252059Z INFO: Sensor PythonSecuritySensor [security]
2022-05-31T16:37:12.4258581Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/python
2022-05-31T16:37:12.4259012Z INFO: Read 0 type definitions
2022-05-31T16:37:12.4265645Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/python
2022-05-31T16:37:12.4266105Z INFO: No UCFGs have been included for analysis.
2022-05-31T16:37:12.4266552Z INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
2022-05-31T16:37:12.4319816Z INFO: Sensor JsSecuritySensor [security]
2022-05-31T16:37:12.4325301Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/js
2022-05-31T16:37:12.4356880Z INFO: Read 0 type definitions
2022-05-31T16:37:12.4357381Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/js
2022-05-31T16:37:12.6087487Z INFO: 16:37:12.605886 Building Runtime Type propagation graph
2022-05-31T16:37:12.6438720Z INFO: 16:37:12.639375 Running Tarjan on 1319 nodes
2022-05-31T16:37:12.6503120Z INFO: 16:37:12.649622 Tarjan found 1319 components
2022-05-31T16:37:12.6581769Z INFO: 16:37:12.657594 Variable type analysis: done
2022-05-31T16:37:12.6601289Z INFO: 16:37:12.659378 Building Runtime Type propagation graph
2022-05-31T16:37:12.6743195Z INFO: 16:37:12.673781 Running Tarjan on 1319 nodes
2022-05-31T16:37:12.6756520Z INFO: 16:37:12.675217 Tarjan found 1319 components
2022-05-31T16:37:12.6782763Z INFO: 16:37:12.677861 Variable type analysis: done
2022-05-31T16:37:12.6797414Z INFO: Analyzing 185 ucfgs to detect vulnerabilities.
2022-05-31T16:37:12.9030878Z INFO: Taint analysis starting. Entrypoints: 38
2022-05-31T16:37:12.9031620Z INFO: Running symbolic analysis for 'JS'
2022-05-31T16:37:13.3277180Z INFO: Taint analysis: done.
2022-05-31T16:37:13.3277989Z INFO: Sensor JsSecuritySensor [security] (done) | time=896ms
2022-05-31T16:37:13.3301955Z INFO: ------------- Run sensors on project
2022-05-31T16:37:13.3720372Z INFO: Sensor Analysis Warnings import [csharp]
2022-05-31T16:37:13.3729584Z INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
2022-05-31T16:37:13.3733301Z INFO: Sensor Zero Coverage Sensor
2022-05-31T16:37:13.3738983Z INFO: Sensor Zero Coverage Sensor (done) | time=1ms
2022-05-31T16:37:13.3757675Z INFO: SCM Publisher SCM provider for this project is: git
2022-05-31T16:37:13.3785020Z INFO: SCM Publisher 9 source files to be analyzed
2022-05-31T16:37:13.5823227Z INFO: SCM Publisher 9/9 source files have been analyzed (done) | time=203ms
2022-05-31T16:37:13.5902104Z INFO: CPD Executor 8 files had no CPD blocks
2022-05-31T16:37:13.5905700Z INFO: CPD Executor Calculating CPD for 29 files
2022-05-31T16:37:13.6016282Z INFO: CPD Executor CPD calculation finished (done) | time=11ms
2022-05-31T16:37:13.6492225Z INFO: SCM writing changed lines
2022-05-31T16:37:13.7286779Z INFO: SCM writing changed lines (done) | time=80ms
2022-05-31T16:37:13.8102907Z INFO: Analysis report generated in 205ms, dir size=238 KB
2022-05-31T16:37:13.9201883Z INFO: Analysis report compressed in 109ms, zip size=82 KB
2022-05-31T16:37:14.3410954Z INFO: Analysis report uploaded in 421ms
2022-05-31T16:37:14.3429315Z INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id={org_name}_sdk&pullRequest=47
2022-05-31T16:37:14.3430440Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2022-05-31T16:37:14.3432142Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AYEa-oN3VT5G3aAo9_1K
2022-05-31T16:37:19.6806411Z INFO: Analysis total time: 32.290 s
2022-05-31T16:37:19.6836077Z INFO: ------------------------------------------------------------------------
2022-05-31T16:37:19.6836514Z INFO: EXECUTION SUCCESS
2022-05-31T16:37:19.6837082Z INFO: ------------------------------------------------------------------------
2022-05-31T16:37:19.6837448Z INFO: Total time: 1:09.393s
2022-05-31T16:37:19.7881026Z INFO: Final Memory: 43M/147M
2022-05-31T16:37:19.7882022Z INFO: ------------------------------------------------------------------------
8

Hey there.

Thanks for the follow-up.

That does seem to be what’s happening, and it appears to be the same problem faced in these other threads:

All of these reports come from the last two weeks, which makes me wonder if something has changed on GitHub’s side (or it could just be a coincidence).

I’ll gather these reports and try to get some attention internally. In the meantime, if it’s possible to close the pull request (in one of the other cases it was obviously an erroneous PR), that should solve the issue.

12

Thank you Colin. The PR was closed yesterday, and I re-ran the SC Actions run from my push commit and it has now been reflected in Main Branch.

Do you know how we can prevent the PRs from causing this?

I am concerned that merges into the main branch will not trigger an analysis while we have PRs open. How does SC determine if a run is PR or Push event, it does not seem to respect the Actions git env always. I’ll paste my successful push run that worked to update main branch in SC.

2022-06-01T17:25:40.1456606Z ##[group]Run sonarsource/sonarcloud-github-action@master
2022-06-01T17:25:40.1456915Z with:
2022-06-01T17:25:40.1457137Z   projectBaseDir: .
2022-06-01T17:25:40.1457367Z env:
2022-06-01T17:25:40.1457734Z   GITHUB_TOKEN: ***
2022-06-01T17:25:40.1458051Z   SONAR_TOKEN: ***
2022-06-01T17:25:40.1458272Z ##[endgroup]
2022-06-01T17:25:40.1653841Z ##[command]/usr/bin/docker run --name da4020c4ee78b47c1940a8922499f7002_d34f05 --label 08450d --workdir /github/workspace --rm -e GITHUB_TOKEN -e SONAR_TOKEN -e INPUT_ARGS -e INPUT_PROJECTBASEDIR -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/sdk/sdk":"/github/workspace" 08450d:a4020c4ee78b47c1940a8922499f7002
2022-06-01T17:25:40.5734450Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-06-01T17:25:40.5742023Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-06-01T17:25:40.6016502Z INFO: SonarScanner 4.6.2.2472
2022-06-01T17:25:40.6019664Z INFO: Java 11.0.14 Alpine (64-bit)
2022-06-01T17:25:40.6020277Z INFO: Linux 5.13.0-1023-azure amd64
2022-06-01T17:25:40.8667833Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-06-01T17:25:44.3739841Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2022-06-01T17:25:44.3742207Z INFO: Project root configuration file: /github/workspace/sonar-project.properties
2022-06-01T17:25:44.3750946Z INFO: Analyzing on SonarCloud
2022-06-01T17:25:44.3754067Z INFO: Default locale: "en_US", source code encoding: "UTF-8"
2022-06-01T17:25:44.8166382Z INFO: Load global settings
2022-06-01T17:25:45.6782136Z INFO: Load global settings (done) | time=862ms
2022-06-01T17:25:45.6840229Z INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
2022-06-01T17:25:45.6923227Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2022-06-01T17:25:45.6981168Z INFO: Load/download plugins
2022-06-01T17:25:45.6985700Z INFO: Load plugins index
2022-06-01T17:25:45.8843215Z INFO: Load plugins index (done) | time=186ms
2022-06-01T17:26:21.9874149Z INFO: Load/download plugins (done) | time=36289ms
2022-06-01T17:26:22.4716279Z INFO: Loaded core extensions: developer-scanner
2022-06-01T17:26:22.9034874Z INFO: Found an active CI vendor: 'Github Actions'
2022-06-01T17:26:22.9221403Z INFO: Load project settings for component key: '{org-name}_sdk'
2022-06-01T17:26:23.0918146Z INFO: Load project settings for component key: '{org-name}_sdk' (done) | time=170ms
2022-06-01T17:26:23.0959506Z INFO: Process project properties
2022-06-01T17:26:23.1022005Z INFO: Execute project builders
2022-06-01T17:26:23.1038668Z INFO: Execute project builders (done) | time=2ms
2022-06-01T17:26:23.1064685Z INFO: Project key: {org-name}_sdk
2022-06-01T17:26:23.1065072Z INFO: Base dir: /github/workspace
2022-06-01T17:26:23.1065455Z INFO: Working dir: /github/workspace/.scannerwork
2022-06-01T17:26:23.1712590Z INFO: Load project branches
2022-06-01T17:26:23.3434070Z INFO: Load project branches (done) | time=172ms
2022-06-01T17:26:23.3448354Z INFO: Check ALM binding of project '{org-name}_sdk'
2022-06-01T17:26:23.5005940Z INFO: Detected project binding: BOUND
2022-06-01T17:26:23.5012193Z INFO: Check ALM binding of project '{org-name}_sdk' (done) | time=156ms
2022-06-01T17:26:23.5025041Z INFO: Load project pull requests
2022-06-01T17:26:23.6807713Z INFO: Load project pull requests (done) | time=178ms
2022-06-01T17:26:23.6827169Z INFO: Load branch configuration
2022-06-01T17:26:23.6840669Z INFO: Github event: push
2022-06-01T17:26:24.0691612Z INFO: Auto-configuring branch develop
2022-06-01T17:26:24.0701687Z INFO: Load branch configuration (done) | time=387ms
2022-06-01T17:26:24.1135494Z INFO: Load quality profiles
2022-06-01T17:26:24.3281483Z INFO: Load quality profiles (done) | time=214ms
2022-06-01T17:26:24.3312376Z INFO: Load active rules
2022-06-01T17:26:30.1368045Z INFO: Load active rules (done) | time=5806ms
2022-06-01T17:26:30.1764765Z INFO: Organization key: {org-name}
2022-06-01T17:26:30.1773611Z INFO: Branch name: develop, type: long-lived
2022-06-01T17:26:30.1912083Z INFO: Load project repositories
2022-06-01T17:26:30.3963700Z INFO: Load project repositories (done) | time=205ms
2022-06-01T17:26:30.4188432Z INFO: Indexing files...
2022-06-01T17:26:30.4190586Z INFO: Project configuration:
2022-06-01T17:26:30.4191473Z INFO:   Excluded sources: **/build-wrapper-dump.json, jest-playwright.config.js, test/**/*
2022-06-01T17:26:34.6159432Z INFO: 53 files indexed
2022-06-01T17:26:34.6162979Z INFO: 7 files ignored because of inclusion/exclusion patterns
2022-06-01T17:26:34.6165085Z INFO: 25241 files ignored because of scm ignore settings
2022-06-01T17:26:34.6175253Z INFO: Quality profile for json: Sonar way
2022-06-01T17:26:34.6177144Z INFO: Quality profile for ts: Sonar way recommended
2022-06-01T17:26:34.6178840Z INFO: Quality profile for yaml: Sonar way
2022-06-01T17:26:34.6506187Z INFO: ------------- Run sensors on module {org-name}_sdk
2022-06-01T17:26:34.7671554Z INFO: Load metrics repository
2022-06-01T17:26:34.9286498Z INFO: Load metrics repository (done) | time=162ms
2022-06-01T17:26:37.4416323Z INFO: Sensor IaC CloudFormation Sensor [iac]
2022-06-01T17:26:37.4723602Z INFO: 0 source files to be analyzed
2022-06-01T17:26:37.4801517Z INFO: 0/0 source files have been analyzed
2022-06-01T17:26:37.4802039Z INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=39ms
2022-06-01T17:26:37.4802491Z INFO: Sensor C# Project Type Information [csharp]
2022-06-01T17:26:37.4810685Z INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
2022-06-01T17:26:37.4811111Z INFO: Sensor C# Analysis Log [csharp]
2022-06-01T17:26:37.4926350Z INFO: Sensor C# Analysis Log [csharp] (done) | time=11ms
2022-06-01T17:26:37.4926763Z INFO: Sensor C# Properties [csharp]
2022-06-01T17:26:37.4927168Z INFO: Sensor C# Properties [csharp] (done) | time=1ms
2022-06-01T17:26:37.4927684Z INFO: Sensor HTML [web]
2022-06-01T17:26:37.4953235Z INFO: Sensor HTML [web] (done) | time=2ms
2022-06-01T17:26:37.4953701Z INFO: Sensor Text Sensor [text]
2022-06-01T17:26:37.5019512Z INFO: 47 source files to be analyzed
2022-06-01T17:26:37.5274397Z INFO: 47/47 source files have been analyzed
2022-06-01T17:26:37.5274914Z INFO: Sensor Text Sensor [text] (done) | time=33ms
2022-06-01T17:26:37.5278491Z INFO: Sensor VB.NET Project Type Information [vbnet]
2022-06-01T17:26:37.5288005Z INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
2022-06-01T17:26:37.5291390Z INFO: Sensor VB.NET Analysis Log [vbnet]
2022-06-01T17:26:37.5411317Z INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=12ms
2022-06-01T17:26:37.5415214Z INFO: Sensor VB.NET Properties [vbnet]
2022-06-01T17:26:37.5417433Z INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
2022-06-01T17:26:37.5421437Z INFO: Sensor JaCoCo XML Report Importer [jacoco]
2022-06-01T17:26:37.5439022Z INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2022-06-01T17:26:37.5447764Z INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2022-06-01T17:26:37.5448872Z INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
2022-06-01T17:26:37.5451363Z INFO: Sensor TypeScript analysis [javascript]
2022-06-01T17:26:38.7440870Z INFO: Deploying custom rules bundle jar:file:/opt/sonar-scanner/.sonar/cache/591afb270655c1a4f44be7b99311d96c/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /github/workspace/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules322446206111530701
2022-06-01T17:26:41.2021294Z INFO: Found 2 tsconfig.json file(s): [/github/workspace/dist/tsconfig.json, /github/workspace/tsconfig.json]
2022-06-01T17:26:41.2066227Z INFO: Creating TypeScript program
2022-06-01T17:26:41.2073403Z INFO: TypeScript configuration file /github/workspace/dist/tsconfig.json
2022-06-01T17:26:41.2163555Z INFO: 42 source files to be analyzed
2022-06-01T17:26:42.4633289Z INFO: Creating TypeScript program (done) | time=1256ms
2022-06-01T17:26:42.4638346Z INFO: Starting analysis with current program
2022-06-01T17:26:42.4757849Z INFO: Analyzed 0 file(s) with current program
2022-06-01T17:26:42.4792773Z INFO: Creating TypeScript program
2022-06-01T17:26:42.4796832Z INFO: TypeScript configuration file /github/workspace/tsconfig.json
2022-06-01T17:26:42.9882104Z INFO: Creating TypeScript program (done) | time=505ms
2022-06-01T17:26:42.9885415Z INFO: Starting analysis with current program
2022-06-01T17:26:46.5206552Z INFO: Analyzed 37 file(s) with current program
2022-06-01T17:26:46.5250175Z INFO: Skipped 5 file(s) because they were not part of any tsconfig (enable debug logs to see the full list)
2022-06-01T17:26:46.5307324Z INFO: 42/42 source files have been analyzed
2022-06-01T17:26:46.5312219Z INFO: Sensor TypeScript analysis [javascript] (done) | time=8986ms
2022-06-01T17:26:46.5318901Z INFO: Sensor JavaScript/TypeScript Coverage [javascript]
2022-06-01T17:26:46.5325075Z INFO: Analysing [/github/workspace/./coverage/lcov.info]
2022-06-01T17:26:46.5548922Z INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=23ms
2022-06-01T17:26:46.5560230Z INFO: Sensor CSS Rules [javascript]
2022-06-01T17:26:46.5569921Z INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2022-06-01T17:26:46.5570424Z INFO: Sensor CSS Rules [javascript] (done) | time=1ms
2022-06-01T17:26:46.5582137Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
2022-06-01T17:26:46.5593329Z INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=2ms
2022-06-01T17:26:46.5610301Z INFO: Sensor Serverless configuration file sensor [security]
2022-06-01T17:26:46.5618881Z INFO: 0 Serverless function entries were found in the project
2022-06-01T17:26:46.5643752Z INFO: 0 Serverless function handlers were kept as entrypoints
2022-06-01T17:26:46.5650500Z INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
2022-06-01T17:26:46.5655864Z INFO: Sensor AWS SAM template file sensor [security]
2022-06-01T17:26:46.5671628Z INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
2022-06-01T17:26:46.5681409Z INFO: Sensor javabugs [dbd]
2022-06-01T17:26:46.5686890Z INFO: Reading IR files from: /github/workspace/.scannerwork/ir/java
2022-06-01T17:26:46.5693124Z INFO: No IR files have been included for analysis.
2022-06-01T17:26:46.5693537Z INFO: Sensor javabugs [dbd] (done) | time=2ms
2022-06-01T17:26:46.5697991Z INFO: Sensor JavaSecuritySensor [security]
2022-06-01T17:26:46.5709513Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/java
2022-06-01T17:26:46.5709921Z INFO: Read 0 type definitions
2022-06-01T17:26:46.5732028Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/java
2022-06-01T17:26:46.5740332Z INFO: No UCFGs have been included for analysis.
2022-06-01T17:26:46.5740805Z INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
2022-06-01T17:26:46.5746974Z INFO: Sensor CSharpSecuritySensor [security]
2022-06-01T17:26:46.5759773Z INFO: Reading type hierarchy from: /github/workspace/ucfg_cs2
2022-06-01T17:26:46.5767696Z INFO: Read 0 type definitions
2022-06-01T17:26:46.5768323Z INFO: Reading UCFGs from: /github/workspace/ucfg_cs2
2022-06-01T17:26:46.5768736Z INFO: No UCFGs have been included for analysis.
2022-06-01T17:26:46.5772767Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=2ms
2022-06-01T17:26:46.5780491Z INFO: Sensor PhpSecuritySensor [security]
2022-06-01T17:26:46.5784763Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/php
2022-06-01T17:26:46.5789855Z INFO: Read 0 type definitions
2022-06-01T17:26:46.5790299Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/php
2022-06-01T17:26:46.5790721Z INFO: No UCFGs have been included for analysis.
2022-06-01T17:26:46.5800686Z INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
2022-06-01T17:26:46.5809616Z INFO: Sensor PythonSecuritySensor [security]
2022-06-01T17:26:46.5815046Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/python
2022-06-01T17:26:46.5815445Z INFO: Read 0 type definitions
2022-06-01T17:26:46.5815882Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/python
2022-06-01T17:26:46.5816415Z INFO: No UCFGs have been included for analysis.
2022-06-01T17:26:46.5820781Z INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
2022-06-01T17:26:46.5863904Z INFO: Sensor JsSecuritySensor [security]
2022-06-01T17:26:46.5877288Z INFO: Reading type hierarchy from: /github/workspace/.scannerwork/ucfg2/js
2022-06-01T17:26:46.5907294Z INFO: Read 0 type definitions
2022-06-01T17:26:46.5907766Z INFO: Reading UCFGs from: /github/workspace/.scannerwork/ucfg2/js
2022-06-01T17:26:46.7818777Z INFO: 17:26:46.77508 Building Runtime Type propagation graph
2022-06-01T17:26:46.8228791Z INFO: 17:26:46.812329 Running Tarjan on 1319 nodes
2022-06-01T17:26:46.8309109Z INFO: 17:26:46.829653 Tarjan found 1319 components
2022-06-01T17:26:46.8392604Z INFO: 17:26:46.836845 Variable type analysis: done
2022-06-01T17:26:46.8413474Z INFO: 17:26:46.841069 Building Runtime Type propagation graph
2022-06-01T17:26:46.8501864Z INFO: 17:26:46.849778 Running Tarjan on 1319 nodes
2022-06-01T17:26:46.8516754Z INFO: 17:26:46.851256 Tarjan found 1319 components
2022-06-01T17:26:46.8547719Z INFO: 17:26:46.854443 Variable type analysis: done
2022-06-01T17:26:46.8560731Z INFO: Analyzing 185 ucfgs to detect vulnerabilities.
2022-06-01T17:26:47.0230053Z INFO: Taint analysis starting. Entrypoints: 38
2022-06-01T17:26:47.0234794Z INFO: Running symbolic analysis for 'JS'
2022-06-01T17:26:47.3140103Z INFO: Taint analysis: done.
2022-06-01T17:26:47.3145797Z INFO: Sensor JsSecuritySensor [security] (done) | time=728ms
2022-06-01T17:26:47.3230253Z INFO: ------------- Run sensors on project
2022-06-01T17:26:47.3614850Z INFO: Sensor Analysis Warnings import [csharp]
2022-06-01T17:26:47.3627301Z INFO: Sensor Analysis Warnings import [csharp] (done) | time=2ms
2022-06-01T17:26:47.3634758Z INFO: Sensor Zero Coverage Sensor
2022-06-01T17:26:47.3646132Z INFO: Sensor Zero Coverage Sensor (done) | time=1ms
2022-06-01T17:26:47.3720169Z INFO: SCM Publisher SCM provider for this project is: git
2022-06-01T17:26:47.3754154Z INFO: SCM Publisher 20 source files to be analyzed
2022-06-01T17:26:47.7115011Z INFO: SCM Publisher 20/20 source files have been analyzed (done) | time=329ms
2022-06-01T17:26:47.7199570Z INFO: CPD Executor 8 files had no CPD blocks
2022-06-01T17:26:47.7204950Z INFO: CPD Executor Calculating CPD for 29 files
2022-06-01T17:26:47.7299340Z INFO: CPD Executor CPD calculation finished (done) | time=9ms
2022-06-01T17:26:47.8365559Z INFO: Analysis report generated in 102ms, dir size=328 KB
2022-06-01T17:26:47.9513578Z INFO: Analysis report compressed in 114ms, zip size=139 KB
2022-06-01T17:26:48.6325462Z INFO: Analysis report uploaded in 681ms
2022-06-01T17:26:48.6343081Z INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id={org-name}_sdk&branch=develop
2022-06-01T17:26:48.6346678Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2022-06-01T17:26:48.6347530Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AYEgTkGe0u2FqvUGYjiH
2022-06-01T17:26:53.9804569Z INFO: Analysis total time: 31.508 s
2022-06-01T17:26:53.9837059Z INFO: ------------------------------------------------------------------------
2022-06-01T17:26:53.9837475Z INFO: EXECUTION SUCCESS
2022-06-01T17:26:53.9837989Z INFO: ------------------------------------------------------------------------
2022-06-01T17:26:53.9838347Z INFO: Total time: 1:13.411s
2022-06-01T17:26:54.1025102Z INFO: Final Memory: 43M/150M
2022-06-01T17:26:54.1029663Z INFO: ------------------------------------------------------------------------
14

We’ve released an update on how we configure the analysis on GitHub actions. A push on the main branch should now always trigger a main branch analysis, and never a pull request analysis.

Please let us know on this thread if you still experience this behaviour.

1 Like
16

I think I’m running into this same issue still. I can’t be sure if it’s because of the PRs (and we have far too many open PRs to close right now just for this test.

My main branch is called release-candidate, which I noticed clashes with the default long lived branch name pattern. I wonder if this is the reason why I’m seeing this behavior that I both commit directly (and thru merging PRs) changes to my release-candidate branch, but nothing shows up in SonarCloud (my GitHub Actions run fine on the main branch, with a success message).

INFO: Analysis total time: 4:28.967 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 4:38.766s
INFO: Final Memory: 64M/217M
INFO: ------------------------------------------------------------------------
The SonarScanner CLI has finished

image
image1167×140 10.7 KB

I actually haven’t see a single analysis over my main branch since the import of my repo into SonarCloud.

17

If it helps anyone, I finally discovered what the issue is. Even though the SonarScanner CLI reports EXECUTION SUCCESS (which technically I think it did), the pushing to the server was failing because the project was exceeding my limit of LOC analysis. No error was printed in the output here nor anywhere else… but the output shows a line that looks like this:

INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=SOMERANDOMTASKID

And that JSON happened to have an errorMessage describing the issue.

18

I’m having the same issue, I already check this link https://sonarcloud.io/api/ce/task?id=SOMERANDOMTASKID and it return project doesn’t exist. Why it happen only on my master branch? Anyone can help?
Screenshot 2022-12-20 at 15.09.35

19

I’m running into this same problem, using the CircleCI integration rather than github actions.

context:

  • We have staging and master branches.
  • master branch does not push to sonar
  • most of our PRs/branches are merged to staging
  • we open PRs with source staging, target master in order to deploy to production

SonarCloud correctly identified staging as our main branch, but no analysis is being conducted. Instead, the report from the staging run is always pushed as a pull request analysis, referencing a staging -> master PR from more than one year ago.