Performance degradation of findbugs analysis

Template for a good bug report:

  • versions used
    SonarQube 6.7.3
    Maven Scanner
    • SonarJava
    • Findbugs 3.7.0
  • error observed:
    — Sensor FindBugs Sensor [findbugs] (done) | time=240320ms (2 times slower than older version SQ 6.4.0, SoanrJava 4.15.12310, FindBugs 3.6.0)
    We have only squid rules. Is it possible to be disabled FindBugs sensor if there are no finbugs rules into the project assigned quality profile?

Best Regards,

Hi Stoyan,

Please be aware that the FindBugs plugin is a 3rd-party contribution, so we can’t help much with it (we maintain the in-house analyzers, such as SonarJava). If need be you can get in touch with the FindBugs community here: GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube .

My experience: Newer versions of the FindBugs Sensor also analyse the binaries. We could get back to the previous runtime by having only the class files matching the (module’s) Java sources in the (module’s) binaries path(s).

Imported libraries (not analysed) can be put into the java.library.path.

Hi Nikolas,

Thanks for the prompt response! It is strange for me that this query (SonarQube v7.1,
“Sonar way” QProfile) http://localhost:9000/coding_rules?languages=java&q=findsecbugs&repositories=squid returns 17 results of rules. Some of them a part of “Sonar way”
Having a look at the FindBugs plugin:
and ‘activeRule.getRepositoryKey().contains(“findsecbugs”)’ it explains why a FindBugs sensor is activated.
Do you have any proposals how can it be fixed?