Ever since March 25 our MSBuild scans (the end part) is running endlessly, while before it took ~40 minutes - I wonder if there was a change in the MSBuild plugin around this date… Also tried to remove the tests/coverage part to see if it helps but we still see huge running time which wasn’t there prior to March 25… initially we just got an out-of-memory exception but then we’ve raised the xmx in SONAR_SCANNER_OPTS to higher limit and since it just runs forever…
On the 25th, 5 new security rules were deployed on SonarCloud along with a new version of “CSharpSecuritySensor” and that’s probably the reason of what you are observing.
Can you share a zip of the content of this directory Z:\Sources\Development.sonarqube\out\ucfg_cs2 and attach it here?
While we will look at the problem, I suggest that you deactivate the rule S2631 on which your scan is stuck. And do the same if the other rules that are executed after S2631 block your scan.
ok, so after removing both S2631 & S2083 my scan can now run…
Can’t add the attachement here but you can download it from here (without S2631) and here (also without S2083).
Can you please let me know when the issue is fixed so I can return to use the original Sonar Way? Also, is there a place to see such releases so I can understand if a certain sensor was updated at a certain date and understand we may have an issue with the sensor due to this change?
Oh, and it is worth noting that another workaround besides deactivating the rule could be to exclude this file from the analysis : I managed to get the analysis to finish in a proper time by excluding this method from the analysis. This might be a nicer compromise than deactivating rules.
Thanks, i’ll give it a try - didn’t know it was a matter of just one file…
The RepaireDatabase method is rather hell-ish, spreading over 2K lines even the scan says its Cognitive Complexity is 1413 (the Cyclomatic Complexity for the whole file is 1254) but if you want a potential nightmare i might be able to send it to a private mail address…