Since around 4 months ago, sonar stopped analysing my project, even though nothing has changed that would cause this.
I am using github actions with maven to trigger the analysis.
This is the URL for my project: SonarQube Cloud
As you can see it went to 0 issues even though that shouldn’t be the case.
When I try to see the code through sonar, it seems only the pom.xml appears so I assume it’s not detecting the rest of the code. Although it was working well previously with the same configuration. I can’t figure out what’s wrong, so decided to come and ask here.
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
I believe this is the log you are requesting: Fix gradle build · ChanceSD/PvPManager@3e3dd94 · GitHub
At least that’s the most recent one anyway, it runs on every git push. The sonar part is near the end of the Build and analyze task.
It looks like analysis only finds one file, and that’s XML:
448[INFO] 1 language detected in 1 preprocessed file 486[INFO] 1 file indexed
… 554[INFO] Sensor XML Sensor [xml] 555[INFO] 1 source file to be analyzed 556[INFO] 1/1 source file has been analyzed
I suspect this is the cause:
459[INFO] 108 files ignored because of scm ignore settings
Either that or it has something to do with your jar creation making files unavailable before analysis runs(?).
Thank you, a quick google search from that files ignored line led me to this thread: All files excluded by the scm ignore settings - #4 by cobrabr
And “Disable the SCM Sensor” set to true did solve the issue, although I’m not sure what side effects this will have, since false is the SonarQube cloud’s default.
Still leaves the question of why it stopped working, since I didn’t change this configuration and it was on the default of false.
My negation pattern on the gitignore is indeed a bit out of the usual but it works fine with git itself, similar to someone else on that thread.
In the thread linked, even though it’s an old one there is also a comment from November 2024 with a similar problem, so some investigation by sonar might be needed.
Unfortunately ran into a different issue after doing that “Missing blame information for the following files” and it lists all the files.
This is the workflow file currently: Fix sonar analysis · ChanceSD/PvPManager@26ee62b · GitHub
Seems to actually be the same issue as one of the threads I linked earlier: All files excluded by SCM ignore settings - #23 by kapman. Except, it looks like they ended up narrowing it down to a specific gradle plugin, and I’m using maven.
This is going to be about your checkout and the SCM metadata available to analysis. Looking at your logs, your checkout does not look straightforward to me, and I see sparse-checkout in there. I think that’s going to be at least part of the problem. You seem to be doing a very lean, tightly controlled fetch from Git, but analysis needs… “fat” SCM data.