Question, on what task is the performance targeted? Is it the analys task or the complete workflow?
Here is a printscreen of a current workflow wich was ran today 24/9 and yes the analys task went real fast, but build didnt.
Compare that to a build with the same parameters not having sonarcloud analysis configured It;
Could it be because it’s configured to build
/*.csproj instead of a solution? And the build therefore rebuilds the dependancies multiple times making sonarcloud think they are ‘unique’?
The part that was optimized that I’m talking in this announcement is the taint analyzer focusing on detecting injection vulnerabilities. This taint analyzer runs in the “Run Code Analysis” for you.
The other DotNet rules not relying on the taint analyzer run as part of “dotnet build” step and the improvement we did changed nothing on the “dotnet build” step. So it should still run as fast (or slow depending on how you feel things) as before.
On Sonarcloud you now have the ability to run the analysis in concurrent execution mode. This can significantly reduce your analysis time. Just set the following environment variable in the begin step:
We would love to hear if you have tried this, if you have please could you post a comment on this post and tell us how you got on?