Pull request analysis of Java (maven) project does not generate analysis report in Sonar

SonarQube Server / Community Build
, ,
1

  • Sonar components:

    • SonarQube Server / Enterprise Edition - v10.5.1,
    • SonarScanner CLI 6.2.1.4610
    • Java 17.0.11 Eclipse Adoptium (64-bit)
    • Linux 5.15.115-0515115-generic aarch64

  • How is SonarQube deployed: Helm

  • What are you trying to achieve?
    Perform Pull request based code analysis of Java project using Maven build system.

  • What have you tried so far to achieve this?

    • Configure Jenkins Plugin for Sonar v 2.17.2

    • Execute sonar-scanner CLI passing in command line args for projectKey, custom analysis args and PR properties (this is a pre-merge analysis) and sonar-project.properties file containing java analysis args.

      /home/jenkins/agent/tools/hudson.plugins.sonar.SonarRunnerInstallation/5.0.1/bin/sonar-scanner -Dsonar.projectKey=ndash-cq-validation-int-java-2 -Dproject.baseDir=. -Dsonar.analysis.jobVersionRunId=a258f44b-df72-486c-82c8-a2c60619697b -Dsonar.analysis.pipelineRunId=1b8b49c6-a594-4b8b-b432-2b5ee660b3a8 -Dsonar.qualitygate.wait=false -Dsonar.links.scm=https://gitlab-master.nvidia.com/vishveshv/ndash-cq-validation-int-java-3.git -Dsonar.projectVersion=ae402802 -Dsonar.buildString=a258f44b-df72-486c-82c8-a2c60619697b -Dsonar.links.ci=https://dev.ndash.nvidia.com/v2-dev/v2-dev/applications/sonar-analysis-test/job-runs/a258f44b-df72-486c-82c8-a2c60619697b -Dsonar.pullrequest.key=3 -Dsonar.pullrequest.branch=pkotian-test -Dsonar.pullrequest.base=master -Dproject.settings=./sonar-project.properties

    • The sonar scanner cli executes and performs local analysis as expected: See sonar.log below:

      11:56:00  06:26:00.332 INFO  Scanner configuration file: /home/jenkins/agent/tools/hudson.plugins.sonar.SonarRunnerInstallation/5.0.1/conf/sonar-scanner.properties
11:56:00  06:26:00.369 INFO  Project root configuration file: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/./sonar-project.properties
11:56:00  06:26:00.506 INFO  SonarScanner CLI 6.2.1.4610
11:56:00  06:26:00.531 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
11:56:00  06:26:00.540 INFO  Linux 5.15.115-0515115-generic aarch64
11:56:00  06:26:00.788 INFO  User cache: /home/svcngcc/.sonar/cache
11:56:15  06:26:14.023 INFO  Communicating with SonarQube Server 10.5.1.90531
11:56:17  06:26:16.848 INFO  Load global settings
11:56:19  06:26:19.168 INFO  Load global settings (done) | time=2343ms
11:56:19  06:26:19.384 INFO  Server id: C00CED92-AWlyCvw4VSvNnYFw3U2r
11:56:19  06:26:19.444 INFO  User cache: /home/svcngcc/.sonar/cache
11:56:19  06:26:19.501 INFO  Loading required plugins
11:56:19  06:26:19.505 INFO  Load plugins index
11:56:19  06:26:19.898 INFO  Load plugins index (done) | time=393ms
11:56:19  06:26:19.899 INFO  Load/download plugins
11:56:29  06:26:29.575 INFO  Load/download plugins (done) | time=9676ms
11:56:30  06:26:30.423 INFO  Loaded core extensions: developer-scanner
11:56:32  06:26:32.118 INFO  Process project properties
11:56:32  06:26:32.159 INFO  Process project properties (done) | time=42ms
11:56:32  06:26:32.210 INFO  Project key: ndash-cq-validation-int-java-2
11:56:32  06:26:32.211 INFO  Base dir: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace
11:56:32  06:26:32.212 INFO  Working dir: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork
11:56:32  06:26:32.268 INFO  Load project settings for component key: 'ndash-cq-validation-int-java-2'
11:56:32  06:26:32.509 INFO  Load project settings for component key: 'ndash-cq-validation-int-java-2' (done) | time=240ms
11:56:32  06:26:32.673 INFO  Load project branches
11:56:33  06:26:32.912 INFO  Load project branches (done) | time=238ms
11:56:33  06:26:32.922 INFO  Load branch configuration
11:56:33  06:26:32.930 INFO  Found manual configuration of branch/PR analysis. Skipping automatic configuration.
11:56:33  06:26:32.941 INFO  Load branch configuration (done) | time=20ms
11:56:33  06:26:33.036 INFO  Load quality profiles
11:56:33  06:26:33.358 INFO  Load quality profiles (done) | time=322ms
11:56:33  06:26:33.415 INFO  Auto-configuring with CI 'Jenkins'
11:56:33  06:26:33.758 INFO  Load active rules
11:56:48  06:26:47.115 INFO  Load active rules (done) | time=13356ms
11:56:48  06:26:47.242 INFO  Load analysis cache
11:56:48  06:26:47.479 INFO  Load analysis cache (404) | time=236ms
11:56:48  06:26:48.046 INFO  Pull request 3 for merge into master from pkotian-test
11:56:48  06:26:48.065 WARN  The property 'sonar.login' is deprecated and will be removed in the future. Please use the 'sonar.token' property instead when passing a token.
11:56:48  06:26:48.236 INFO  Preprocessing files...
11:56:51  06:26:50.871 INFO  1 language detected in 1 preprocessed file
11:56:51  06:26:50.876 INFO  0 files ignored because of scm ignore settings
11:56:51  06:26:50.916 INFO  Loading plugins for detected languages
11:56:51  06:26:50.924 INFO  Load/download plugins
11:56:59  06:26:58.043 INFO  Load/download plugins (done) | time=7116ms
11:56:59  06:26:59.399 INFO  Inconsistent constructor declaration on bean with name 'org.sonarsource.scanner.lib.internal.IsolatedClassloader@6bbe2511-org.sonar.scanner.issue.IssueFilters': single autowire-marked constructor flagged as optional - this constructor is effectively required since there is no default constructor to fall back to: public org.sonar.scanner.issue.IssueFilters(org.sonar.api.batch.fs.internal.DefaultInputProject)
11:56:59  06:26:59.525 INFO  Load project repositories
11:56:59  06:26:59.765 INFO  Load project repositories (done) | time=239ms
11:56:59  06:26:59.776 INFO  SCM collecting changed files in the branch
11:57:00  06:27:00.214 INFO  Merge base sha1: d3b9d339783c466e02ac756c5821bb9d00cacc33
11:57:00  06:27:00.359 INFO  SCM collecting changed files in the branch (done) | time=583ms
11:57:00  06:27:00.474 INFO  Indexing files...
11:57:00  06:27:00.476 INFO  Project configuration:
11:57:00  06:27:00.553 INFO  1 file indexed
11:57:00  06:27:00.570 INFO  Quality profile for java: Sonar way
11:57:00  06:27:00.571 INFO  ------------- Run sensors on module ndash-cq-validation-int-java-2
11:57:01  06:27:01.260 INFO  Load metrics repository
11:57:01  06:27:01.531 INFO  Load metrics repository (done) | time=271ms
11:57:09  06:27:08.305 INFO  Sensor JavaSensor [java]
11:57:09  06:27:09.653 INFO  The Java analyzer is running in a context where unchanged files can be skipped. Full analysis is performed for changed files, optimized analysis for unchanged files.
11:57:09  06:27:09.727 INFO  Server-side caching is enabled. The Java analyzer was able to leverage cached data from previous analyses for 0 out of 1 files. These files will not be parsed.
11:57:09  06:27:09.738 INFO  Using ECJ batch to parse 1 Main java source files with batch size 268 KB.
11:57:10  06:27:10.647 INFO  Starting batch processing.
11:57:20  06:27:20.684 INFO  50% analyzed
11:57:21  06:27:21.165 INFO  100% analyzed
11:57:21  06:27:21.166 INFO  Batch processing: Done.
11:57:21  06:27:21.187 INFO  Did not optimize analysis for any files, performed a full analysis for all 1 files.
11:57:21  06:27:21.294 INFO  No "Test" source files to scan.
11:57:21  06:27:21.295 INFO  No "Generated" source files to scan.
11:57:21  06:27:21.296 INFO  Sensor JavaSensor [java] (done) | time=12995ms
11:57:21  06:27:21.297 INFO  Sensor JaCoCo XML Report Importer [jacoco]
11:57:21  06:27:21.452 INFO  Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
11:57:21  06:27:21.692 INFO  Sensor JaCoCo XML Report Importer [jacoco] (done) | time=391ms
11:57:21  06:27:21.697 INFO  Sensor ThymeLeaf template sensor [securityjavafrontend]
11:57:21  06:27:21.737 INFO  Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=40ms
11:57:21  06:27:21.738 INFO  Sensor SurefireSensor [java]
11:57:21  06:27:21.747 INFO  parsing [/home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/target/surefire-reports]
11:57:22  06:27:22.050 INFO  Sensor SurefireSensor [java] (done) | time=313ms
11:57:22  06:27:22.052 INFO  Sensor IaC Docker Sensor [iac]
11:57:22  06:27:22.052 INFO  Sensor IaC Docker Sensor is restricted to changed files only
11:57:22  06:27:22.118 INFO  0 source files to be analyzed
11:57:22  06:27:22.580 INFO  0/0 source files have been analyzed
11:57:22  06:27:22.582 INFO  Sensor IaC Docker Sensor [iac] (done) | time=530ms
11:57:22  06:27:22.582 INFO  Sensor Serverless configuration file sensor [security]
11:57:22  06:27:22.588 INFO  0 Serverless function entries were found in the project
11:57:22  06:27:22.612 INFO  0 Serverless function handlers were kept as entrypoints
11:57:22  06:27:22.613 INFO  Sensor Serverless configuration file sensor [security] (done) | time=31ms
11:57:22  06:27:22.614 INFO  Sensor AWS SAM template file sensor [security]
11:57:22  06:27:22.618 INFO  Sensor AWS SAM template file sensor [security] (done) | time=4ms
11:57:22  06:27:22.620 INFO  Sensor AWS SAM Inline template file sensor [security]
11:57:22  06:27:22.622 INFO  Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
11:57:22  06:27:22.622 INFO  Sensor javabugs [dbd]
11:57:22  06:27:22.754 INFO  Reading IR files from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ir/java
11:57:22  06:27:22.779 INFO  Analyzing 4 functions to detect bugs.
11:57:23  06:27:23.453 INFO  Sensor javabugs [dbd] (done) | time=831ms
11:57:23  06:27:23.454 INFO  Sensor pythonbugs [dbd]
11:57:23  06:27:23.460 INFO  Reading IR files from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ir/python
11:57:23  06:27:23.461 INFO  No IR files have been included for analysis.
11:57:23  06:27:23.461 INFO  Sensor pythonbugs [dbd] (done) | time=7ms
11:57:23  06:27:23.461 INFO  Sensor EnterpriseSecretsSensor [textenterprise]
11:57:23  06:27:23.461 INFO  Sensor EnterpriseSecretsSensor is restricted to changed files only
11:57:23  06:27:23.463 INFO  Available processors: 10
11:57:23  06:27:23.463 INFO  Using 10 threads for analysis.
11:57:23  06:27:23.499 INFO  Sensor EnterpriseSecretsSensor [textenterprise] (done) | time=38ms
11:57:23  06:27:23.500 INFO  Sensor TextAndSecretsSensor [text]
11:57:23  06:27:23.500 INFO  Sensor TextAndSecretsSensor is restricted to changed files only
11:57:23  06:27:23.501 INFO  Available processors: 10
11:57:23  06:27:23.501 INFO  Using 10 threads for analysis.
11:57:27  06:27:26.910 INFO  Sensor TextAndSecretsSensor [text] (done) | time=3409ms
11:57:27  06:27:26.919 INFO  Sensor JavaSecuritySensor [security]
11:57:27  06:27:26.956 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549
11:57:27  06:27:26.961 INFO  Load type hierarchy and UCFGs: Starting
11:57:27  06:27:26.962 INFO  Load type hierarchy: Starting
11:57:27  06:27:26.965 INFO  Reading type hierarchy from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ucfg2/java
11:57:27  06:27:27.136 INFO  Read 3 type definitions
11:57:27  06:27:27.161 INFO  Load type hierarchy: Time spent was 00:00:00.196
11:57:27  06:27:27.162 INFO  Load UCFGs: Starting
11:57:27  06:27:27.164 INFO  Reading UCFGs from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ucfg2/java
11:57:27  06:27:27.380 INFO  Load UCFGs: Time spent was 00:00:00.218
11:57:27  06:27:27.382 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.420
11:57:27  06:27:27.382 INFO  Analyzing 2 UCFGs to detect vulnerabilities.
11:57:27  06:27:27.382 INFO  Check cache: Starting
11:57:27  06:27:27.382 INFO  Load cache: Starting
11:57:27  06:27:27.383 INFO  Load cache: Time spent was 00:00:00.000
11:57:27  06:27:27.394 INFO  Check cache: Time spent was 00:00:00.011
11:57:27  06:27:27.394 INFO  Create runtime call graph: Starting
11:57:27  06:27:27.398 INFO  Variable Type Analysis #1: Starting
11:57:27  06:27:27.402 INFO  Create runtime type propagation graph: Starting
11:57:27  06:27:27.415 INFO  Create runtime type propagation graph: Time spent was 00:00:00.012
11:57:27  06:27:27.423 INFO  Run SCC (Tarjan) on 0 nodes: Starting
11:57:27  06:27:27.425 INFO  Run SCC (Tarjan) on 0 nodes: Time spent was 00:00:00.002
11:57:27  06:27:27.426 INFO  Tarjan found 0 strongly connected components
11:57:27  06:27:27.426 INFO  Propagate runtime types to strongly connected components: Starting
11:57:27  06:27:27.427 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.000
11:57:27  06:27:27.427 INFO  Variable Type Analysis #1: Time spent was 00:00:00.029
11:57:27  06:27:27.429 INFO  Variable Type Analysis #2: Starting
11:57:27  06:27:27.429 INFO  Create runtime type propagation graph: Starting
11:57:27  06:27:27.430 INFO  Create runtime type propagation graph: Time spent was 00:00:00.000
11:57:27  06:27:27.430 INFO  Run SCC (Tarjan) on 0 nodes: Starting
11:57:27  06:27:27.431 INFO  Run SCC (Tarjan) on 0 nodes: Time spent was 00:00:00.000
11:57:27  06:27:27.431 INFO  Tarjan found 0 strongly connected components
11:57:27  06:27:27.431 INFO  Propagate runtime types to strongly connected components: Starting
11:57:27  06:27:27.432 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.000
11:57:27  06:27:27.433 INFO  Variable Type Analysis #2: Time spent was 00:00:00.003
11:57:27  06:27:27.437 INFO  Create runtime call graph: Time spent was 00:00:00.042
11:57:27  06:27:27.438 INFO  Load config: Starting
11:57:35  06:27:34.643 INFO  Load config: Time spent was 00:00:07.195
11:57:35  06:27:34.649 INFO  Compute entry points: Starting
11:57:38  06:27:38.178 INFO  Compute entry points: Time spent was 00:00:03.527
11:57:38  06:27:38.179 INFO  No entry points found.
11:57:38  06:27:38.180 INFO  java security sensor: Time spent was 00:00:11.241
11:57:38  06:27:38.270 INFO  java security sensor: Begin: 2024-11-15T06:27:26.939435640Z, End: 2024-11-15T06:27:38.180454602Z, Duration: 00:00:11.241
11:57:38    Load type hierarchy and UCFGs: Begin: 2024-11-15T06:27:26.961686025Z, End: 2024-11-15T06:27:27.381725751Z, Duration: 00:00:00.420
11:57:38      Load type hierarchy: Begin: 2024-11-15T06:27:26.962184951Z, End: 2024-11-15T06:27:27.158781828Z, Duration: 00:00:00.196
11:57:38      Load UCFGs: Begin: 2024-11-15T06:27:27.162196636Z, End: 2024-11-15T06:27:27.380255612Z, Duration: 00:00:00.218
11:57:38    Check cache: Begin: 2024-11-15T06:27:27.382540737Z, End: 2024-11-15T06:27:27.394125125Z, Duration: 00:00:00.011
11:57:38      Load cache: Begin: 2024-11-15T06:27:27.382726459Z, End: 2024-11-15T06:27:27.383371984Z, Duration: 00:00:00.000
11:57:38    Create runtime call graph: Begin: 2024-11-15T06:27:27.394884676Z, End: 2024-11-15T06:27:27.437140327Z, Duration: 00:00:00.042
11:57:38      Variable Type Analysis #1: Begin: 2024-11-15T06:27:27.398367294Z, End: 2024-11-15T06:27:27.427415356Z, Duration: 00:00:00.029
11:57:38        Create runtime type propagation graph: Begin: 2024-11-15T06:27:27.402148749Z, End: 2024-11-15T06:27:27.415057409Z, Duration: 00:00:00.012
11:57:38        Run SCC (Tarjan) on 0 nodes: Begin: 2024-11-15T06:27:27.422965744Z, End: 2024-11-15T06:27:27.425193400Z, Duration: 00:00:00.002
11:57:38        Propagate runtime types to strongly connected components: Begin: 2024-11-15T06:27:27.426373349Z, End: 2024-11-15T06:27:27.426759371Z, Duration: 00:00:00.000
11:57:38      Variable Type Analysis #2: Begin: 2024-11-15T06:27:27.428979624Z, End: 2024-11-15T06:27:27.432867951Z, Duration: 00:00:00.003
11:57:38        Create runtime type propagation graph: Begin: 2024-11-15T06:27:27.429487688Z, End: 2024-11-15T06:27:27.430097144Z, Duration: 00:00:00.000
11:57:38        Run SCC (Tarjan) on 0 nodes: Begin: 2024-11-15T06:27:27.430715998Z, End: 2024-11-15T06:27:27.430839783Z, Duration: 00:00:00.000
11:57:38        Propagate runtime types to strongly connected components: Begin: 2024-11-15T06:27:27.431539030Z, End: 2024-11-15T06:27:27.431701608Z, Duration: 00:00:00.000
11:57:38    Load config: Begin: 2024-11-15T06:27:27.438136987Z, End: 2024-11-15T06:27:34.634043486Z, Duration: 00:00:07.195
11:57:38    Compute entry points: Begin: 2024-11-15T06:27:34.649535549Z, End: 2024-11-15T06:27:38.177123071Z, Duration: 00:00:03.527
11:57:38  06:27:38.272 INFO  java security sensor peak memory: 410 MB
11:57:38  06:27:38.272 INFO  Sensor JavaSecuritySensor [security] (done) | time=11353ms
11:57:38  06:27:38.273 INFO  Sensor CSharpSecuritySensor [security]
11:57:38  06:27:38.279 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6639, S6641
11:57:38  06:27:38.279 INFO  Load type hierarchy and UCFGs: Starting
11:57:38  06:27:38.279 INFO  Load type hierarchy: Starting
11:57:38  06:27:38.281 INFO  Reading type hierarchy from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/ucfg2/cs
11:57:38  06:27:38.282 INFO  Read 0 type definitions
11:57:38  06:27:38.284 INFO  Load type hierarchy: Time spent was 00:00:00.004
11:57:38  06:27:38.284 INFO  Load UCFGs: Starting
11:57:38  06:27:38.285 INFO  Load UCFGs: Time spent was 00:00:00.000
11:57:38  06:27:38.285 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.006
11:57:38  06:27:38.285 INFO  No UCFGs have been included for analysis.
11:57:38  06:27:38.286 INFO  csharp security sensor: Time spent was 00:00:00.011
11:57:38  06:27:38.287 INFO  Sensor CSharpSecuritySensor [security] (done) | time=14ms
11:57:38  06:27:38.288 INFO  Sensor PhpSecuritySensor [security]
11:57:38  06:27:38.289 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350
11:57:38  06:27:38.289 INFO  Load type hierarchy and UCFGs: Starting
11:57:38  06:27:38.289 INFO  Load type hierarchy: Starting
11:57:38  06:27:38.289 INFO  Reading type hierarchy from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ucfg2/php
11:57:38  06:27:38.290 INFO  Read 0 type definitions
11:57:38  06:27:38.292 INFO  Load type hierarchy: Time spent was 00:00:00.001
11:57:38  06:27:38.292 INFO  Load UCFGs: Starting
11:57:38  06:27:38.292 INFO  Load UCFGs: Time spent was 00:00:00.000
11:57:38  06:27:38.293 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.003
11:57:38  06:27:38.293 INFO  No UCFGs have been included for analysis.
11:57:38  06:27:38.293 INFO  php security sensor: Time spent was 00:00:00.005
11:57:38  06:27:38.294 INFO  Sensor PhpSecuritySensor [security] (done) | time=6ms
11:57:38  06:27:38.295 INFO  Sensor PythonSecuritySensor [security]
11:57:38  06:27:38.296 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839
11:57:38  06:27:38.296 INFO  Load type hierarchy and UCFGs: Starting
11:57:38  06:27:38.297 INFO  Load type hierarchy: Starting
11:57:38  06:27:38.297 INFO  Reading type hierarchy from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ucfg2/python
11:57:38  06:27:38.298 INFO  Read 0 type definitions
11:57:38  06:27:38.298 INFO  Load type hierarchy: Time spent was 00:00:00.001
11:57:38  06:27:38.298 INFO  Load UCFGs: Starting
11:57:38  06:27:38.299 INFO  Load UCFGs: Time spent was 00:00:00.000
11:57:38  06:27:38.299 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.002
11:57:38  06:27:38.299 INFO  No UCFGs have been included for analysis.
11:57:38  06:27:38.300 INFO  python security sensor: Time spent was 00:00:00.004
11:57:38  06:27:38.301 INFO  Sensor PythonSecuritySensor [security] (done) | time=7ms
11:57:38  06:27:38.301 INFO  Sensor JsSecuritySensor [security]
11:57:38  06:27:38.302 INFO  Enabled taint analysis rules: S5883, S6105, S2631, S6350, S2076, S3649, S5696, S2083, S5131, S5334, S5144, S6096, S5146, S5147, S6287
11:57:38  06:27:38.302 INFO  Load type hierarchy and UCFGs: Starting
11:57:38  06:27:38.303 INFO  Load type hierarchy: Starting
11:57:38  06:27:38.303 INFO  Reading type hierarchy from: /home/jenkins/agent/pipelinev2/1b8b49c6-a594-4b8b-b432-2b5ee660b3a8/ndash-workspace/.scannerwork/ucfg2/js
11:57:38  06:27:38.303 INFO  Read 0 type definitions
11:57:38  06:27:38.305 INFO  Load type hierarchy: Time spent was 00:00:00.000
11:57:38  06:27:38.306 INFO  Load UCFGs: Starting
11:57:38  06:27:38.307 INFO  Load UCFGs: Time spent was 00:00:00.000
11:57:38  06:27:38.307 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.004
11:57:38  06:27:38.307 INFO  No UCFGs have been included for analysis.
11:57:38  06:27:38.308 INFO  js security sensor: Time spent was 00:00:00.006
11:57:38  06:27:38.309 INFO  Sensor JsSecuritySensor [security] (done) | time=8ms
11:57:38  06:27:38.342 INFO  ------------- Run sensors on project
11:57:38  06:27:38.623 INFO  Sensor Zero Coverage Sensor
11:57:38  06:27:38.626 INFO  Sensor Zero Coverage Sensor (done) | time=3ms
11:57:38  06:27:38.626 INFO  Sensor Java CPD Block Indexer
11:57:39  06:27:39.078 INFO  Sensor Java CPD Block Indexer (done) | time=438ms
11:57:39  06:27:39.506 INFO  CPD Executor 1 file had no CPD blocks
11:57:39  06:27:39.511 INFO  CPD Executor Calculating CPD for 0 files
11:57:39  06:27:39.550 INFO  CPD Executor CPD calculation finished (done) | time=0ms
11:57:39  06:27:39.705 INFO  SCM revision ID 'ae402802ee2ddd9ddc41ff9ae4545c6ad935933a'
11:57:40  06:27:40.345 INFO  SCM writing changed lines
11:57:40  06:27:40.398 INFO  Merge base sha1: d3b9d339783c466e02ac756c5821bb9d00cacc33
11:57:40  06:27:40.403 INFO  SCM writing changed lines (done) | time=58ms
11:57:40  06:27:40.459 INFO  Analysis report generated in 848ms, dir size=243.0 kB
11:57:40  06:27:40.523 INFO  Analysis report compressed in 59ms, zip size=31.8 kB
11:57:41  06:27:41.066 INFO  Analysis report uploaded in 504ms
11:57:41  06:27:41.097 INFO  ANALYSIS SUCCESSFUL, you can find the results at: https://sonar-sw.xyz.com/dashboard?id=ndash-cq-validation-int-java-2&pullRequest=3
11:57:41  06:27:41.097 INFO  Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
11:57:41  06:27:41.098 INFO  More about the report processing at https://sonar-sw.xyz.com/api/ce/task?id=0b638911-d4a7-4d1a-8402-46638b419599
11:57:41  06:27:41.186 INFO  Analysis total time: 1:10.761 s
11:57:41  06:27:41.206 INFO  EXECUTION SUCCESS
11:57:41  06:27:41.212 INFO  Total time: 1:41.136s

    • After analysis results on Sonar become available. However the analysis data is empty for the specific PR (see screenshots).
      Note PR based analysis for the Java application does not work with other scanner options. We tried the same analysis using:

      • Sonar scanner for Maven
      • Sonar scanner via Docker

    • The analysis however worked when we used the branch instead of PR args:

    /home/jenkins/agent/tools/hudson.plugins.sonar.SonarRunnerInstallation/5.0.1/bin/sonar-scanner -Dsonar.projectKey=ndash-cq-validation-int-java-2 -Dproject.baseDir=. -Dsonar.analysis.jobVersionRunId=a258f44b-df72-486c-82c8-a2c60619697b -Dsonar.analysis.pipelineRunId=1b8b49c6-a594-4b8b-b432-2b5ee660b3a8 -Dsonar.qualitygate.wait=false -Dsonar.links.scm=https://gitlab-master.nvidia.com/vishveshv/ndash-cq-validation-int-java-3.git -Dsonar.projectVersion=ae402802 -Dsonar.buildString=a258f44b-df72-486c-82c8-a2c60619697b -Dsonar.links.ci=https://dev.ndash.nvidia.com/v2-dev/v2-dev/applications/sonar-analysis-test/job-runs/a258f44b-df72-486c-82c8-a2c60619697b --Dsonar.branch.name=pkotian-test -Dproject.settings=./sonar-project.properties

Screenshot 2024-11-15 at 4.43.33 PM
Screenshot 2024-11-15 at 4.43.33 PM2452×1366 209 KB

Screenshot 2024-11-15 at 4.43.10 PM
Screenshot 2024-11-15 at 4.43.10 PM1648×1476 134 KB

2

Hi,

What changed in the PR? Where there changes to actual code? Or was it whitespace and comments or non-code files?

 
Ann