We have a Sonar CLI code analysis job pushing results to Sonarcloud. The open source code in the project is mostly Python, and the web portal is showing:
0.0% Coverage on New Code
The source code being scanned can be found here:
https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves,general
Our Sonar CLI results are here:
https://sonarcloud.io/dashboard?id=o-ran-sc_smo-ves
We get a link to the task details in our report output:
https://sonarcloud.io/api/ce/task?id=AYSGvbI1-9noGVZ589lH
But this link just shows:
{“errors”:[{“msg”:“Project doesn\u0027t exist”}]}
Can anybody explain why the code coverage is showing 0% and the portal providing apparently inconsistent results?
We are invoking the CLI scanning tool using the following variables/configuration:
SONAR_SCANNER_HOME $WORKSPACE/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
SONAR_SCANNER_OPTS -server
SONAR_SCANNER_VERSION 4.7.0.2747
SONAR_TOKEN [*******]
SONARCLOUD_PROJECT_KEY smo-ves
SONARCLOUD_PROJECT_ORGANIZATION o-ran-sc
Here is the scanner CLI output from our jenkins job/pipeline:
Running sonar-scanner
INFO: Scanner configuration file: /w/workspace/smo-ves-cli-sonar/.sonar/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.7.0.2747
INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
INFO: Linux 4.15.0-192-generic amd64
INFO: SONAR_SCANNER_OPTS=-server
INFO: User cache: /home/jenkins/.sonar/cache
INFO: Scanner configuration file: /w/workspace/smo-ves-cli-sonar/.sonar/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarCloud
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=924ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /home/jenkins/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=910ms
INFO: Load/download plugins (done) | time=3862ms
INFO: Loaded core extensions: developer-scanner
INFO: Found an active CI vendor: 'Jenkins'
INFO: Load project settings for component key: 'o-ran-sc_smo-ves'
INFO: Load project settings for component key: 'o-ran-sc_smo-ves' (done) | time=860ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: o-ran-sc_smo-ves
INFO: Base dir: /w/workspace/smo-ves-cli-sonar
INFO: Working dir: /w/workspace/smo-ves-cli-sonar/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=868ms
INFO: Check ALM binding of project 'o-ran-sc_smo-ves'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'o-ran-sc_smo-ves' (done) | time=844ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=851ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=4ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=910ms
INFO: Load active rules
INFO: Load active rules (done) | time=7699ms
INFO: Organization key: o-ran-sc
INFO: Load project repositories
INFO: Load project repositories (done) | time=949ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/build-wrapper-dump.json
INFO: 106 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 14 files ignored because of scm ignore settings
INFO: Quality profile for json: SonarQube Way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module o-ran-sc_smo-ves
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=881ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=229ms
INFO: Sensor IaC Kubernetes Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=106ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=11ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=5ms
INFO: Sensor XML Sensor [xml]
INFO: 3 source files to be analyzed
INFO: 3/3 source files have been analyzed
INFO: Sensor XML Sensor [xml] (done) | time=500ms
INFO: Sensor Text Sensor [text]
INFO: 40 source files to be analyzed
INFO: 40/40 source files have been analyzed
INFO: Sensor Text Sensor [text] (done) | time=130ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=11ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor Python Sensor [python]
INFO: Starting global symbols computation
INFO: 23 source files to be analyzed
INFO: 23/23 source files have been analyzed
INFO: Starting rules execution
INFO: 23 source files to be analyzed
INFO: 23/23 source files have been analyzed
INFO: Sensor Python Sensor [python] (done) | time=4397ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=169ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=62ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor JavaScript inside YAML analysis [javascript]
INFO: No input files found for analysis
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=7ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=21ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=11ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=4ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=3ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=1ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ir/python
INFO: Analyzing 91 functions to detect bugs.
INFO: Sensor pythonbugs [dbd] (done) | time=423ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=7ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /w/workspace/smo-ves-cli-sonar/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /w/workspace/smo-ves-cli-sonar/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/python
INFO: Read 502 type definitions
INFO: Reading UCFGs from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/python
INFO: 17:58:06.76718 Building Runtime Type propagation graph
INFO: 17:58:06.800357 Running Tarjan on 6360 nodes
INFO: 17:58:06.814717 Tarjan found 6356 components
INFO: 17:58:06.836305 Variable type analysis: done
INFO: 17:58:06.838527 Building Runtime Type propagation graph
INFO: 17:58:06.850855 Running Tarjan on 6208 nodes
INFO: 17:58:06.855894 Tarjan found 6204 components
INFO: 17:58:06.880954 Variable type analysis: done
INFO: Analyzing 2128 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 1
INFO: Retained UCFGs : 27
INFO: Taint analysis starting. Entrypoints: 1
INFO: Running symbolic analysis for 'PYTHON'
INFO: Taint analysis: done.
INFO: Sensor PythonSecuritySensor [security] (done) | time=962ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /w/workspace/smo-ves-cli-sonar/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=25ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 3 source files to be analyzed
INFO: Blaming files using jgit implementation
INFO: Blaming files using jgit implementation (done) | time=0ms
INFO: SCM Publisher 0/3 source files have been analyzed (done) | time=244ms
WARN: Missing blame information for the following files:
WARN: * collector/evel-test-collector/docs/schema/forge.3gpp.org_rep_sa5_MnS_blob_SA88-Rel16_OpenAPI/faultMnS.yaml
WARN: * coverage.xml
WARN: * tmp/tests.xml
WARN: This may lead to missing/broken features in SonarCloud
INFO: CPD Executor 4 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 19 files
INFO: CPD Executor CPD calculation finished (done) | time=39ms
INFO: Analysis report generated in 521ms, dir size=988 KB
INFO: Analysis report compressed in 95ms, zip size=253 KB
INFO: Analysis report uploaded in 1556ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=o-ran-sc_smo-ves
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AYSGvbI1-9noGVZ589lH
INFO: Analysis total time: 27.253 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 40.000s
INFO: Final Memory: 52M/136M
INFO: ------------------------------------------------------------------------
