Pull Request analysis with submodules shows no issues

Is there a way to run a pull request analysis on a source code that is either fully or partially inside a git submodule? My C++ project has some dependencies in a submodule that I’d need analysed and it would make sense to have them analysed as part of the superproject that handles the configuration and compilation.

The branch analysis works fine and reports are including the sources inside submodules as well, but any pull request analysis shows only 0 issues and no code under “Measures” tab. The analysis seems to run fine for the pull requests as well based on the logs, but no issues are being reported.

Based on my first look this seems to be caused by the scanner seeing the changed submodule but not the changes to the files inside it. For example the analysis log is showing first 3 changed files (I have changes made into the Jenkinsfile, sonar-project.properties and a certain .cpp file inside a submodule).

15:24:25.557 INFO: Load active rules (done) | time=2737ms
15:24:25.565 INFO: Exclusions based on SCM info is disabled by configuration
15:24:25.577 INFO: Pull request 103 for merge into develop from sonar-testing
15:24:25.609 INFO: SCM collecting changed files in the branch
15:24:25.707 DEBUG: Merge base sha1: 4eccc7988782c9c4ee45f6f0b1b94e115a30d381
15:24:25.780 INFO: SCM collecting changed files in the branch (done) | time=171ms
15:24:25.780 DEBUG: SCM reported 3 files changed in the branch

Then once the analysis is done, the log states that no lines in files have been changed

15:46:34.326 INFO: CPD Executor CPD calculation finished (done) | time=4851ms
15:46:34.335 DEBUG: SCM revision ID '7f47d70f4238d54ffa02c85756dcb639cda9d647'
15:46:37.092 INFO: SCM writing changed lines
15:46:37.104 DEBUG: Merge base sha1: 4eccc7988782c9c4ee45f6f0b1b94e115a30d381
15:46:37.105 DEBUG: SCM reported changed lines for 0 files in the branch
15:46:37.105 INFO: SCM writing changed lines (done) | time=13ms
15:46:38.340 INFO: Analysis report generated in 2779ms, dir size=7 MB
15:46:46.618 INFO: Analysis report compressed in 8278ms, zip size=5 MB

My assumption is that this actually means changes being seen in the Jenkinsfile, sonar-project.properties and the submodule sha, instead of the actual changed file.

I have set the sonar.scm.exclusions.disabled to true and have been able to run branch analysis fine. The pull request decorators are showing up in the Bitbucket Server UI but there are no issues being reported.

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube Server 8.9.10, sonar-scanner-

Hey there.

Support for git submodules was introduced in SonarQube v9.9 LTS. I suggest upgrading.

You may find the Upgrade Guide as well as the LTS to LTS release upgrade notes for 8.9 to 9.9 helpful. If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.

Thanks for the suggestion, I had completely missed this possibility. We’ll see if we are able to fix the issue with the upgrade and get back with the results.

1 Like

Hi, did the upgrade fix this for you ? I think we have a similar problem and we are on a 10.x sonar instance.