Hi!
Who has OWASP Benchmark results for SonarQube 9.8.0?
Trying to get my hands on .XML/.JSON-formatted results of the analysis to be used in OWASP Benchmark.
I saw this thread but i want to run a test
I have installed and configured the following components:
- Apache Maven 3.8.6 (required Version: 3.2.3 or newer works.)
Maven home: /opt/maven
Java version: 1.8.0_352, vendor: Private Build, runtime: /usr/lib/jvm/java-8-openjdk-amd64/jre - Openjdk version “1.8.0_352” (64-bit) (required Java 7 or 8) (64-bit)
- Git
I used a script “runSonarQube_wDocker.sh” the description of which says:
# this script will
# - create a sonarqube server using the default configuration
# - setup basic things (account, project, token)
# - start a scan (takes >= 1 hour on mac)
# - create a report file
# - shutdown sonarqube server
Script uses:
SonarScanner 4.7.0.2747
Java 11.0.17 Alpine (64-bit)
SonarQube 9.8.0.63668
As a result, the report file (Benchmark_1.2-sonarqube-v9.8.0.63668.json) weighs 1 kb or is not created.
Please tell me how to fix this.
root@sonarqube:/home/user/BenchmarkJava# ./scripts/runSonarQube_wDocker.sh
Creating temporary SonarQube instance
Using default tag: latest
latest: Pulling from library/sonarqube
Digest: sha256:d01fc01edd48c0fcdd8841255cfc30eb05b43e160b4c1b9056ca0c75d32ac285
Status: Image is up to date for sonarqube:latest
docker.io/library/sonarqube:latest
Waiting for instance to come up
Setting up instance
Starting scan (might take some time!)
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/user/BenchmarkJava/sonar-project.properties
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.17 Alpine (64-bit)
INFO: Linux 5.4.0-135-generic amd64
INFO: SONAR_SCANNER_OPTS=-Xmx4g
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/user/BenchmarkJava/sonar-project.properties
INFO: Analyzing on SonarQube server 9.8.0.63668
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=177ms
INFO: Server id: 147B411E-AYU6haJqzkHKN7X7ifXy
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=168ms
INFO: Load/download plugins (done) | time=2874ms
INFO: Process project properties
INFO: Process project properties (done) | time=9ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: benchmark
INFO: Base dir: /home/user/BenchmarkJava
INFO: Working dir: /home/user/BenchmarkJava/.scannerwork
INFO: Load project settings for component key: 'benchmark'
INFO: Load project settings for component key: 'benchmark' (done) | time=92ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=270ms
INFO: Load active rules
INFO: Load active rules (done) | time=3280ms
INFO: Load analysis cache
INFO: Load analysis cache (404) | time=40ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=45ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: results/**, scorecard/**, scripts/**, tools/**, VMs/**
INFO: 8293 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for java: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for web: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module benchmark
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=57ms
INFO: Sensor JavaSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
INFO: JavaClasspath initialization (done) | time=2ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=10ms
INFO: Server-side caching is enabled. The Java analyzer will not try to leverage data from a previous analysis.
INFO: Using ECJ batch to parse 2763 Main java source files with batch size 207 KB.
INFO: Starting batch processing.
INFO: The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.
INFO: 100% analyzed
INFO: Batch processing: Done.
INFO: Did not optimize analysis for any files, performed a full analysis for all 2763 files.
WARN: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
WARN: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
WARN: Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
INFO: No "Test" source files to scan.
INFO: No "Generated" source files to scan.
INFO: Sensor JavaSensor [java] (done) | time=151400ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=14ms
INFO: Sensor JavaScript analysis [javascript]
INFO: 1 source file to be analyzed
INFO: 1/1 source file has been analyzed
INFO: Hit the cache for 0 out of 1
INFO: Miss the cache for 1 out of 1: ANALYSIS_MODE_INELIGIBLE [1/1]
INFO: Sensor JavaScript analysis [javascript] (done) | time=6225ms
INFO: Sensor TypeScript analysis [javascript]
INFO: No input files found for analysis
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor TypeScript analysis [javascript] (done) | time=14ms
INFO: Sensor CSS Rules [javascript]
INFO: 2756 source files to be analyzed
INFO: 1535/2756 files analyzed, current file: /home/user/BenchmarkJava/src/main/webapp/cmdi-01/BenchmarkTest00968.html
INFO: 2756/2756 source files have been analyzed
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor CSS Rules [javascript] (done) | time=16522ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics [javascript] (done) | time=66ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=5ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=19ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [/home/user/BenchmarkJava/target/surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=2ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=4827ms
INFO: Sensor XML Sensor [xml]
INFO: 2761 source files to be analyzed
INFO: 2761/2761 source files have been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=7701ms
INFO: Sensor Text Sensor [text]
INFO: 8281 source files to be analyzed
INFO: 8281/8281 source files have been analyzed
INFO: Sensor Text Sensor [text] (done) | time=1175ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=3ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=25ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=362ms
INFO: Sensor Java CPD Block Indexer
INFO: Sensor Java CPD Block Indexer (done) | time=1664ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 8281 source files to be analyzed
INFO: 18/8281 source files have been analyzed
______and after 1 hour_________________________________________________
INFO: 8281/8281 source files have been analyzed
WARN: Too many duplication references on file src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02214.java for block at line 30. Keep only the first 100 references.
WARN: Too many duplication references on file src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02214.java for block at line 55. Keep only the first 100 references.
many similar lines------------------------------
WARN: Too many duplication references on file src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02133.java for block at line 30. Keep only the first 100 references.
INFO: CPD Executor CPD calculation finished (done) | time=12811ms
INFO: Analysis report generated in 988ms, dir size=47.8 MB
INFO: Analysis report compressed in 7744ms, zip size=27.5 MB
INFO: Analysis report uploaded in 415ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: http://localhost:9876/dashboard?id=benchmark
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9876/api/ce/task?id=AYU6vMqzzkHKN7X7ipOr
INFO: Analysis total time: 59:23.740 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 59:29.450s
INFO: Final Memory: 83M/1591M
INFO: ------------------------------------------------------------------------
Waiting for SonarQube CE to finish task
Generating report...
./scripts/runSonarQube_wDocker.sh: line 98: /usr/bin/jq: Argument list too long
./scripts/runSonarQube_wDocker.sh: line 106: /usr/bin/jq: Argument list too long
./scripts/runSonarQube_wDocker.sh: line 106: /usr/bin/jq: Argument list too long
Shutting down SonarQube
Error response from daemon: cannot stop container: e125e7bb513d5044511fc9fe0b1e66b5213a0eca249a9df05a5f1c6c0f735f9f: permission denied