Optimize CD/CD agent / runner to improve sonar analysis performance

Hello Sonar Community,

We’re using SonarQube 8.4 to analyze our Java & Angular JS projects. We’re currently happy with the results that we’re achieving, but we’re not really happy about the performance of the analysis, specially in our biggest project. This project has 516k lines of code (12258 files) and when we run the analysis using the ‘Sonar way’ quality profile for Java code it takes around 55’.

We run our analysis with the following command:

mvn clean package sonar:sonar

This command also runs the UTs (the execution of the UTs takes 7’ if we execute it alone)

Our Jenkins agents are virtual machines with the following flavor:

  • 50 GB HDD (SSD)
  • CPU (8 cores - Intel® Xeon® Gold 5220 CPU @ 2.20GHz)
  • 16 GB RAM

What would be your recommendations in order to achieve a faster build?

  • Adding more RAM to the VM / allocating more RAM to the analysis?
  • Move our analysis to a VM with a better CPUs (frequency? cores?)
  • Any specific configuration on maven or on the sonar analysis?


Javier G.

Hi Javier,

Let’s look into this issue in deeper detail:

  1. Please share the entire logs with profiling and debug mode activated. This will help us understand where does the scanner spend time: mvn clean package sonar:sonar -Dsonar.showProfiling=true -X

  2. According to you, the part that is slow is the scan of the Java part, correct? How many Java lines are scanned? And how many JS lines?


Hello Daniel,

Thanks for your quick response. I enabled the profiling & debug mode, and I have +500 MB in logs - so, I don’t think I can attach that. Is there something in particular that I should check in those logs?

The part that’s slow is Java part - we have ~500K of Java code and normally all of them are scanned (is there a way to check if that’s exact amount ?) - at least on sonar ui it appears as ~500k so, I guess that’s correct


Javier G.

Hello @jgutierrezglez,

Did you manage to go further on this topic? If not, let me try to go one step further on this.
Before going into how to change the hardware/configuration, I think it would be a good idea to understand more precisely what is happening.

In the logs of the analysis, you will find something like this:

[INFO] Sensor JavaSquidSensor [java]
[INFO] Java Main Files AST scan
[INFO] 55 source files to be analyzed
// ...
[INFO] Java Main Files AST scan (done) | time=4413ms
// ...
[INFO] Java Test Files AST scan
[INFO] 19 source files to be analyzed
// ...
[INFO] Java Test Files AST scan (done) | time=1217ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=5998ms

This is an example for Java, you can search for something similar for other languages you are analyzing, for example for Golang:

INFO: Sensor Code Quality and Security for Go [go]

At this point, it could be great if you could give us the differents number (number of files, time) that you found, for the main languages of your project (Java and JS).

First of all, thanks for your response. I didn’t manage to go further - I’ll start to grab all the different figures related to the analysis and share them here as soon as possible.


Javier G.