No code for analysis in pull request

SonarQube Server / Community Build
, , ,
1

“No code files found for analysis” is reported by SonaqQube for a pull request analysis.

what are you trying to achieve
Integrate issues detected by SonarQube into the Gitlab merge request.

what have you tried so far to achieve this

  1. specify CI variable GIT_STRATEGY with the value clone instead of fetch
  2. specify sonar.pullrequest properties (key, branch, base) with environment variable SONAR_SCANNER_OPTS

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

  • Gitlab server (self-managed) v13.12.15
  • Gitlab CI runner v13.12.0
  • SonarQube 9.4.0.54424 (Developer edition, license for 250k LoC)
  • SonarScanner 4.7.0.2747
  • SonarQube server 5.6

Below is the contents of the scanner dump file:

Summary 
## Generated by a SonarScanner
#Thu Oct 13 05:21:33 GMT 2022
awt.toolkit=sun.awt.X11.XToolkit
java.specification.version=11
sun.cpu.isalist=
sun.jnu.encoding=UTF-8
sonar.host.url=https\://sonarqube_server_hostname\:9001
sun.arch.data.model=64
java.vendor.url=link
sun.boot.library.path=/usr/lib/jvm/java-11-openjdk/lib
sun.java.command=org.sonarsource.scanner.cli.Main
sonar.sourceEncoding=UTF-8
jdk.debug=release
java.specification.vendor=Oracle Corporation
java.version.date=2022-04-19
java.home=/usr/lib/jvm/java-11-openjdk
file.separator=/
java.vm.compressedOopsMode=Zero based
line.separator=\n
java.vm.specification.vendor=Oracle Corporation
java.specification.name=Java Platform API Specification
sonar.pullrequest.key=5
sonar.pullrequest.base=master
javax.net.ssl.trustStore=/usr/lib/jvm/java-11-openjdk/lib/security/cacerts
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
java.runtime.version=11.0.15+10-alpine-r0
user.name=root
sonar.scanner.dumpToFile=scanner.dump
sonar.scanner.appVersion=4.7.0.2747
file.encoding=UTF-8
sonar.eslint.reportPaths=eslint-report.json
sonar.projectBaseDir=/builds/project/path
java.io.tmpdir=/tmp
java.version=11.0.15
java.vm.specification.name=Java Virtual Machine Specification
java.awt.printerjob=sun.print.PSPrinterJob
sun.os.patch.level=unknown
sonar.projectKey=project_AYOwPWdHDgd_g3dZlxD-
java.library.path=/usr/lib/jvm/java-11-openjdk/lib/server\:/usr/lib/jvm/java-11-openjdk/lib\:/usr/lib/jvm/java-11-openjdk/../lib\:/usr/java/packages/lib\:/usr/lib64\:/lib64\:/lib\:/usr/lib
java.vendor=Alpine
sun.io.unicode.encoding=UnicodeLittle
java.class.path=/opt/sonar-scanner/lib/sonar-scanner-cli-4.7.0.2747.jar
java.vm.vendor=Alpine
sonar.qualitygate.wait=true
user.timezone=
os.name=Linux
java.vm.specification.version=11
scanner.home=/opt/sonar-scanner
sun.java.launcher=SUN_STANDARD
user.country=US
sonar.scanner.app=ScannerCLI
sun.cpu.endian=little
user.home=/root
user.language=en
java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment
java.awt.headless=true
path.separator=\:
os.version=4.18.0-372.9.1.el8.x86_64
java.runtime.name=OpenJDK Runtime Environment
java.vm.name=OpenJDK 64-Bit Server VM
sonar.pullrequest.branch=1892-add-sonarqube-scan-to-ci
java.vendor.url.bug=link
user.dir=/builds/project/path
os.arch=amd64
sonar.working.directory=/builds/project/path/.scannerwork
java.vm.info=mixed mode
java.vm.version=11.0.15+10-alpine-r0
java.class.version=55.0

Below is the contents of sonar-project.properties

Summary 
sonar.projectKey=project_AYOwPWdHDgd_g3dZlxD-
sonar.qualitygate.wait=true
sonar.eslint.reportPaths=eslint-report.json

Below is the job configuration for sonar-scanner in Gitlab CI

Summary 
sonarqube-check:
  image:
  name: "${REGISTRY}/sonar-scanner-cli:4.7.0"
  entrypoint: [""]
  stage: scan
  interruptible: true
  allow_failure: true
  dependencies:
    - eslint
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  before_script:
    - export SONAR_SCANNER_OPTS="
      -Djavax.net.ssl.trustStore=$(readlink -f
/usr/lib/jvm/default-jvm)/lib/security/cacerts
      -Dsonar.pullrequest.key=${CI_MERGE_REQUEST_IID}
      -Dsonar.pullrequest.branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
      -Dsonar.pullrequest.base=${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}"
    - env -0 | while IFS= read -r -d ''; do printf '%s\n' "$REPLY"; done
      | sort -d
  script:
    - sonar-scanner
  only:
    - merge_requests
    - "${CI_DEFAULT_BRANCH}"

Please assist resolving this issue.
With kind regards,
Said

2

Hi,

Would you also mind sharing your analysis log?

Also, could you characterize the kinds of changes that were made in this PR? Was it changes to code? Versus, say comments or config files.

 
Ann

3

Dear Ann,

thank you for the reply.
Posting the analysis log as follows:

Sonar analysis log 
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/project/path/sonar-project.properties
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.15 Alpine (64-bit)
INFO: Linux 4.18.0-372.9.1.el8.x86_64 amd64
INFO: SONAR_SCANNER_OPTS= -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-11-openjdk/lib/security/cacerts -Dsonar.pullrequest.key=5 -Dsonar.pullrequest.branch=1892-add-sonarqube-scan-to-ci -Dsonar.pullrequest.base=master
INFO: User cache: /builds/project/path/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /builds/project/path/sonar-project.properties
INFO: Analyzing on SonarQube server 9.4.0
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=162ms
INFO: Server id: C3D19B47-AX6tozKm9oLf4Hhj_cXt
INFO: User cache: /builds/project/path/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: Load/download plugins (done) | time=2619ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=0ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=4ms
INFO: Project key: project_AYOwPWdHDgd_g3dZlxD-
INFO: Base dir: /builds/project/path
INFO: Working dir: /builds/project/path/.scannerwork
INFO: Load project settings for component key: 'project_AYOwPWdHDgd_g3dZlxD-'
INFO: Load project settings for component key: 'project_AYOwPWdHDgd_g3dZlxD-' (done) | time=27ms
INFO: Load project branches
INFO: Load project branches (done) | time=23ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=25ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=5ms
INFO: Auto-configuring with CI 'Gitlab CI'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=95ms
INFO: Load active rules
INFO: Load active rules (done) | time=1534ms
INFO: Pull request 5 for merge into master from 1892-add-sonarqube-scan-to-ci
INFO: Load project repositories
INFO: Load project repositories (done) | time=25ms
INFO: SCM collecting changed files in the branch
INFO: Merge base sha1: cdd8c1b85b90429ada2a150015acdcee47c8b94b
INFO: SCM collecting changed files in the branch (done) | time=231ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 18 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Custom way
INFO: Quality profile for json: Sonar way
INFO: Quality profile for web: Sonar way
INFO: ------------- Run sensors on module project_AYOwPWdHDgd_g3dZlxD-
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=33ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=106ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=17ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=4ms
INFO: Sensor Text Sensor [text]
INFO: 14 source files to be analyzed
INFO: 14/14 source files have been analyzed
INFO: Sensor Text Sensor [text] (done) | time=25ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=22ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor JavaScript analysis [javascript]
INFO: Deploying custom rules bundle jar:file:/builds/project/path/.sonar/cache/407d827e66c5794ecc2c8947635359f7/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /builds/project/path/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules12160956593995438155
INFO: 8 source files to be analyzed
INFO: 8/8 source files have been analyzed
INFO: Sensor JavaScript analysis [javascript] (done) | time=5221ms
INFO: Sensor TypeScript analysis [javascript]
INFO: No input files found for analysis
INFO: Sensor TypeScript analysis [javascript] (done) | time=2ms
INFO: Sensor Import of ESLint issues [javascript]
INFO: Importing /builds/project/path/eslint-report.json
INFO: Sensor Import of ESLint issues [javascript] (done) | time=44ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=1ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=0ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=3ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/project/path/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/project/path/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/project/path/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/project/path/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/project/path/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/project/path/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/project/path/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/project/path/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /builds/project/path/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /builds/project/path/.scannerwork/ucfg2/js
INFO: 05:25:54.568341 Building Runtime Type propagation graph
INFO: 05:25:54.576017 Running Tarjan on 116 nodes
INFO: 05:25:54.579946 Tarjan found 116 components
INFO: 05:25:54.582056 Variable type analysis: done
INFO: 05:25:54.584862 Building Runtime Type propagation graph
INFO: 05:25:54.587667 Running Tarjan on 116 nodes
INFO: 05:25:54.587987 Tarjan found 116 components
INFO: 05:25:54.588551 Variable type analysis: done
INFO: Analyzing 14 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 9
INFO: Running symbolic analysis for 'JS'
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=634ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=15ms
INFO: CPD Executor 5 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 3 files
INFO: CPD Executor CPD calculation finished (done) | time=10ms
INFO: SCM writing changed lines
INFO: Merge base sha1: cdd8c1b85b90429ada2a150015acdcee47c8b94b
INFO: SCM writing changed lines (done) | time=6ms
INFO: Analysis report generated in 82ms, dir size=162.2 kB
INFO: Analysis report compressed in 14ms, zip size=28.3 kB
INFO: Analysis report uploaded in 78ms
INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: QUALITY GATE STATUS: PASSED - View details on https://dci2cq01.dc.japannext.co.jp:9001/dashboard?id=project_AYOwPWdHDgd_g3dZlxD-&pullRequest=5
INFO: Executing post-job 'Final report'
INFO: Turn debug info on to get more details (sonar-scanner -X -Dsonar.verbose=true ...).
INFO: Analysis total time: 22.634 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 27.814s
INFO: Final Memory: 37M/176M
INFO: ------------------------------------------------------------------------

As to the kind of changes - the PR contained the addition of the config files for Gitlab CI, SonarQube .properties file and a config for ESLint tool.

Actually, now that you brought this to my attention, I’m going to go ahead and change one of the target source filesin this very PR and see if that is reflected in the resulting analysis summary.

1 Like
4

Dear Ann,

I feel so silly now.
It did work once I included the change in the actual target source file.

I’ll close this thread, since there is no issue.
Thank you for the hint about the kind of changes in the PR!

1 Like
5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.