Hello everyone,
Thank you in advance for your time and assistance!
We are currently using a CI-Pipeline that involves GitHub, Jenkins, and SonarQube for a Java-Maven project. Unfortunately, we have been encountering an issue where the new source code, introduced as part of a Pull Request (PR), is not being scanned properly by SonarQube. However, SonarQube successfully scans source code for non-PR branches.
Below, I will provide more information regarding our deployment and the issue at hand:
- SonarQube: Developer Edition, Version 10.0 (build 68432).
- Jenkins: Version 2.401.2, Pipeline Multibranch: 756.v891d88f2cd46
- GitHub: Public Instance (github.com)
Our SonarQube is installed via the zip file.
Our objective is to ensure that the Java source code introduced by a PR is properly scanned by SonarQube.
Here’s a description of the problem:
Currently, a PR report in SonarQube always indicates that 0 lines of code have been scanned.
The relevant stage in our Jenkins Multibranch-Pipeline looks like this:
Our overall system architecture looks like this:
From the Jenkins build logs I can see that sonar-scanner is invoked and the JavaSensor does run:
[2023-06-06T06:33:35.584Z] [INFO] 08:33:35.504 SonarQube version: 10.0.0.68432
...
[2023-06-06T06:33:42.121Z] [DEBUG] 08:33:42.091 '<redacted>/GtFunctionState.java' indexed with language 'java'
...
[2023-06-06T06:33:54.733Z] [DEBUG] 08:33:54.565 '<redacted>/GtFunctionState.java' generated metadata with charset 'UTF-8'
[2023-06-06T06:33:54.733Z] [INFO] 08:33:54.566 Server-side caching is enabled. The Java analyzer was able to leverage cached data from previous analyses for 743 out of 839 files. These files will not be parsed.
[2023-06-06T06:33:54.733Z] [INFO] 08:33:54.566 Using ECJ batch to parse 96 Main java source files with batch size 262 KB.
[2023-06-06T06:33:54.733Z] [INFO] 08:33:54.568 Starting batch processing.
[2023-06-06T06:33:54.983Z] [DEBUG] 08:33:54.874 [SE] Loaded 227 hardcoded method behaviors.
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.149 100% analyzed
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.149 Batch processing: Done.
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.150 Optimized analysis for 85 of 96 files.
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.205 No "Test" source files to scan.
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.205 No "Generated" source files to scan.
[2023-06-06T06:33:57.467Z] [INFO] 08:33:57.206 Sensor JavaSensor [java] (done) | time=3642ms
....
We have tried the following already:
- Removed SONAR_PULLREQUEST_{KEY|SOURCE|Target} from mvn command (did not work)
- Stripped down project to bare essentials & compiled anew (did not work)
- Set up new instances of SonarQube + Jenkins and configured everything from scratch (did not work)
Scanning new source code introduced as part of a PR generally seems to work as we also have projects hosted on GitLab using gitlab-ci to invode sonar-scanner. The combination of using Jenkins and GitHub seems to introduce the issue described above.
Any assistance or guidance to help resolve this issue would be immensely appreciated. Also, kindly inform me if there are any related tickets or discussions that might help in resolving this issue.
I am also wondering whether this is related to:
github issue
Thank you for your time and consideration.