Performance degradation of findbugs analysis

performance
findbugs

(Stoyan Kanev) #1

Hello,
Template for a good bug report:

  • versions used
    SonarQube 6.7.3
    Maven Scanner 3.4.0.905
    Plugins:
    • SonarJava 5.2.0.13398
    • Findbugs 3.7.0
  • error observed:
    — Sensor FindBugs Sensor [findbugs] (done) | time=240320ms (2 times slower than older version SQ 6.4.0, SoanrJava 4.15.12310, FindBugs 3.6.0)
    We have only squid rules. Is it possible to be disabled FindBugs sensor if there are no finbugs rules into the project assigned quality profile?

Best Regards,
Stoyan


(Nicolas Bontoux) #2

Hi Stoyan,

Please be aware that the FindBugs plugin is a 3rd-party contribution, so we can’t help much with it (we maintain the in-house analyzers, such as SonarJava). If need be you can get in touch with the FindBugs community here: https://github.com/spotbugs/sonar-findbugs .


(Björn Schad) #3

My experience: Newer versions of the FindBugs Sensor also analyse the binaries. We could get back to the previous runtime by having only the class files matching the (module’s) Java sources in the (module’s) binaries path(s).

Imported libraries (not analysed) can be put into the java.library.path.


(Stoyan Kanev) #4

Hi Nikolas,

Thanks for the prompt response! It is strange for me that this query (SonarQube v7.1,
“Sonar way” QProfile) http://localhost:9000/coding_rules?languages=java&q=findsecbugs&repositories=squid returns 17 results of rules. Some of them a part of “Sonar way”
Having a look at the FindBugs plugin: https://github.com/spotbugs/sonar-findbugs/blob/master/src/main/java/org/sonar/plugins/findbugs/FindbugsSensor.java#L109
and ‘activeRule.getRepositoryKey().contains(“findsecbugs”)’ it explains why a FindBugs sensor is activated.
Do you have any proposals how can it be fixed?

-Stoyan