Scan Analysis Multi-Module MVN Project

SonarQube Plugin Development
,
1

Hello :slight_smile: ,
We have a Plugin that works with Sonar that we developed, and within the plugin we try to scan projects. the scan works fine for normal projects, but for Multi Module projects we got no success.
we are using

  • SonarQube Community Edition
  • Version 8.3.1 (build 34397)
    with SonarPluginAPI 6.7
    with SonarScannerMaven V3.7.0.1764

main pom.xml Content and properties

     <properties>
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
            <junit.version>4.12</junit.version>
            <sonar.host.url>http://localhost:9000</sonar.host.url>
            <sonar.login>XXXXX</sonar.login>
            <sonar.password>XXXXXX</sonar.password>
           <!-- <sonar.projectKey>SDK</sonar.projectKey>-->
            <sonar.projectName>SDK</sonar.projectName>
            <sonar.projectVersion>1.0</sonar.projectVersion>
    <!--
            <sonar.modules> ./CX-SDK-Application, ./CX-SDK-Domain,./CX-SDK-Application-Contracts,./CX-SDK-OIDC-login</sonar.modules>
    -->
            <CX-SDK-API.sonar.projectName>p1</CX-SDK-API.sonar.projectName>
            <CX-SDK-API.sonar.sources>pom.xml,src</CX-SDK-API.sonar.sources>
            <CX-SDK-API.sonar.java.binaries>target/classes</CX-SDK-API.sonar.java.binaries>

            <CX-SDK-Application.sonar.projectName>p2</CX-SDK-Application.sonar.projectName>
            <CX-SDK-Application.sources>pom.xml,src</CX-SDK-Application.sources>
            <CX-SDK-Application.java.binaries>target/classes</CX-SDK-Application.java.binaries>

            <CX-SDK-Domain.sonar.projectName>p3</CX-SDK-Domain.sonar.projectName>
            <CX-SDK-Domain.sonar.sources>pom.xml,src</CX-SDK-Domain.sonar.sources>
            <CX-SDK-Domain.sonar.java.binaries>target/classes</CX-SDK-Domain.sonar.java.binaries>

            <CX-SDK-Application-Contracts.sonar.projectName>p4</CX-SDK-Application-Contracts.sonar.projectName>
            <CX-SDK-Application-Contracts.sonar.sources>pom.xml,src</CX-SDK-Application-Contracts.sonar.sources>
            <CX-SDK-Application-Contracts.sonar.java.binaries>target/classes</CX-SDK-Application-Contracts.sonar.java.binaries>
            <CX-SDK-OIDC-login.sonar.projectName>p5</CX-SDK-OIDC-login.sonar.projectName>
            <CX-SDK-OIDC-login.sonar.sources>pom.xml,src</CX-SDK-OIDC-login.sonar.sources>
            <CX-SDK-OIDC-login.sonar.java.binaries>target/classes</CX-SDK-OIDC-login.sonar.java.binaries>
        <!--    <sonar.modules>CX-SDK-API,CX-SDK-OIDC-login</sonar.modules>
            <sonar.sources>.</sonar.sources>
            <CX-SDK-API.sonar.projectName>CX-SDK-API</CX-SDK-API.sonar.projectName>

            <CX-SDK-OIDC-login.sonar.projectName>CX-SDK-OIDC-login</CX-SDK-OIDC-login.sonar.projectName>-->

          <!--  <CX-SDK-API.sonar.projectBaseDir>./</CX-SDK-API.sonar.projectBaseDir>
            <CX-SDK-OIDC-login.sonar.projectBaseDir>./</CX-SDK-OIDC-login.sonar.projectBaseDir>
    -->
        </properties>

the Project Structure :

Modules
Modules346×517 107 KB

while in normal project we get all the files.
ContextPom

the code we are using to get the main files:
private Iterable getMainFiles(SensorContext context) {
FileSystem fs = context.fileSystem();
if (fs == null ) {
logger .error( “File system was not provided.” );
return new ArrayList<>();
}
Iterable mainFiles = fs.inputFiles(fs.predicates().hasType(InputFile.Type. MAIN ));
if (mainFiles == null ) {
logger .info( “File system has no Main folder.” );
return new ArrayList<>();
}
return mainFiles;
}

as we found here the community we found 2 posts that are very close to what we are having, and we tried to apply those solutions, we added to the pom.xml of the main project the following.
we tried some variations also defining inside the submodules pom’s and in the larger one.
we keep getting a weird error, that it can’t find the submodule, it concatinates the submodule name twice in trying to look for the submodule. now it doesnt show any error but FS ( file system ) contains only the pom.xml and i cannot register or save the metrics.
fsPomOnly
we need help setting up the properties correctly in order to be able to perform a multi-module mvn project.
as for code if we try to scan a normal mvn project, inside if of the fs ( fileSystem ) we get all the TYPE.MAIN files in the fileSystem, as for multi-module, we only get the main pom.xml in there, if there is a solution to create an Array(Iterable) of type Inputfile from an array of files or String (paths) that would also help, but I think its preferred to use the properties method and do them correctly, as its the offered solution.
Thanks Allot.
Majd Mahajena

3

Hi @majdma

First issue I see is the properties you have defined in the pom.xml of the project you want to analyze. It looks like you are trying to manually specify your multi-module structure. If you are using the Scanner for Maven (mvn sonar:sonar) then this is useless. The scanner will automatically produce the same properties (and probably more accurately).

On your SonarQube plugin side, you have to understand that Sensors do not see all files of a multi-module project. The Sensor will be called once per module, each time with a different SensorContext, accessing only the files that are part of the module.
If you are not interested to perform your analysis module per-module, but instead to do a one-shot processing of all files, then you can implement the extension point ProjectSensor instead.

1 Like
4

Hey Henry,
Thanks for the quick response,
we removed every thing from the pom.xml properties and we ran a mvn sonar:sonar to do the analysis to the multi module project. we’ve seen some improvement, but it is still not working properly,

The Sensor will be called once per module, each time with a different SensorContext , accessing only the files that are part of the module.

as you stated above. how can i via code see the sensor context of each module, that could be helpful as well, we are using this function to return the Inputfiles from the SensorContext:

private Iterable<InputFile> getMainFiles(SensorContext context) {
    FileSystem fs = context.fileSystem();
    if (fs == null) {
        logger.error("File system was not provided.");
        return new ArrayList<>();
    }

    Iterable<InputFile> mainFiles = fs.inputFiles(fs.predicates().hasType(InputFile.Type.MAIN));
    if (mainFiles == null) {
        logger.info("File system has no Main folder.");
        return new ArrayList<>();
    }
    return mainFiles;
}

is there a way to know if we have another context loaded for different module, or how can i use the ProjectSensor here to get all of the files in the workspace ?

this is the log, of running mvn sonar:sonar on the project after removing all the properties from pom.xml:

C:\Checkmarx\SDK\SDK>mvn sonar:sonar
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] 'profiles.profile[artifactory].repositories.repository.id' must be unique but found duplicate repository with id central @ C:\Users\majdm\.m2\settings.xml
[WARNING] 'profiles.profile[artifactory].repositories.repository.id' must be unique but found duplicate repository with id snapshots @ C:\Users\majdm\.m2\settings.xml
[WARNING]
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] checkmarx-sdk                                                      [pom]
[INFO] CX-SDK-Domain                                                      [jar]
[INFO] CX-SDK-Application-Contracts                                       [jar]
[INFO] CX-SDK-Application                                                 [jar]
[INFO] CX-SDK-API                                                         [jar]
[INFO] CX-SDK-OIDC-login                                                  [jar]
[INFO]
[INFO] ----------------------< com.cx.sdk:checkmarx-sdk >----------------------
[INFO] Building checkmarx-sdk 2.0                                         [1/6]
[INFO] --------------------------------[ pom ]---------------------------------
[WARNING] The POM for com.sun.xml.bind:jaxb-impl:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for com.sun.xml.bind:jaxb-core:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO]
[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ checkmarx-sdk ---
[INFO] User cache: C:\Users\majdm\.sonar\cache
[INFO] SonarQube version: 7.8.0
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=328ms
[INFO] Server id: BF41A1F2-AXNxOPkQ98A5_TTC8Kx2
[INFO] User cache: C:\Users\majdm\.sonar\cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=294ms
[INFO] Load/download plugins (done) | time=340ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=7ms
[INFO] Project key: com.cx.sdk:checkmarx-sdk
[INFO] Base dir: C:\Checkmarx\SDK\SDK
[INFO] Working dir: C:\Checkmarx\SDK\SDK\target\sonar
[INFO] Load project settings for component key: 'com.cx.sdk:checkmarx-sdk'
[INFO] Load project settings for component key: 'com.cx.sdk:checkmarx-sdk' (done) | time=277ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=315ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=7179ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] Indexing files of module 'SDK/API'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-API
[INFO]   Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK/Application'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Application
[INFO]   Source paths: pom.xml, src/main/java
[INFO]   Test paths: src/test/java
[INFO] Indexing files of module 'SDK'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Application-Contracts
[INFO]   Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK/Domain'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Domain
[INFO]   Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-OIDC-login
[INFO]   Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK'
[INFO]   Base dir: C:\Checkmarx\SDK\SDK
[INFO]   Source paths: pom.xml
[INFO] 46 files indexed
[INFO] 0 files ignored because of scm ignore settings
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module SDK
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=317ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/majdm/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.Protect
ionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=15ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=5ms
[INFO] Java Main Files AST scan
[INFO] 17 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=382ms
[INFO] 17/17 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=2486ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=7ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=3106ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=7ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
 Can be configured by admin at: Project Page > Administration > Checkmarx
 [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=189ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-OIDC-login\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=6ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=4ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=155ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=16ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=119ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/Domain
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=2ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 7 source files to be analyzed
[INFO] 7/7 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=261ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] Java Test Files AST scan (done) | time=7ms
[INFO] 0/0 source files have been analyzed
[INFO] Sensor JavaSquidSensor [java] (done) | time=318ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
 Can be configured by admin at: Project Page > Administration > Checkmarx
 [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=47ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Domain\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=5ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=4ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=17ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=4ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=14ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/API
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=8ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=8ms
[INFO] Java Main Files AST scan
[INFO] 10 source files to be analyzed
[INFO] 10/10 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=442ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=4ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=547ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.1.37
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4989 seconds left to timeout
[INFO] - [CHECKMARX] - Rule: :checkmarx_3591is not active or not existing. It will not appear in Checkmarx scan results.
[INFO] - [CHECKMARX] - If rule exists in checkmarx.rules.java rule repository, you can update it to your quality profile.
[WARNING] Storing measures on folders or modules is deprecated. Provided value of metric 'cx.sast.result.details' is ignored.
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=12124ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-API\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=8ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=3ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=13ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=12ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=2ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 3 source files to be analyzed
[INFO] 3/3 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=88ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=4ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=133ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
 Can be configured by admin at: Project Page > Administration > Checkmarx
 [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=28ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Application-Contracts\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=5ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=3ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=13ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=12ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/Application
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=3ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 2 source files to be analyzed
[INFO] 2/2 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=93ms
[INFO] Java Test Files AST scan
[INFO] 1 source files to be analyzed
[INFO] 1/1 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=55ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=184ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.5.80
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4990 seconds left to timeout
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=11337ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Application\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=3ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=1ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=7ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=2ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=7ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=6ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.1.37
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4990 seconds left to timeout
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=11430ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=10ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=30ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=40ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=57ms
[INFO] SCM provider for this project is: git
[INFO] 4 files to be analyzed
[INFO] 0/4 files analyzed
[WARNING] Missing blame information for the following files:
[WARNING]   * CX-SDK-Domain/pom.xml
[WARNING]   * pom.xml
[WARNING]   * CX-SDK-Application/pom.xml
[WARNING]   * CX-SDK-API/pom.xml
[WARNING] This may lead to missing/broken features in SonarQube
[INFO] 17 files had no CPD blocks
[INFO] Calculating CPD for 22 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 83ms, dir size=236 KB
[INFO] Analysis report compressed in 175ms, zip size=114 KB
[INFO] Analysis report uploaded in 263ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=com.cx.sdk%3Acheckmarx-sdk
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AXNxmhLm98A5_TTC8OeY
[INFO] Analysis total time: 52.137 s
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] checkmarx-sdk 2.0 .................................. SUCCESS [ 54.882 s]
[INFO] CX-SDK-Domain ...................................... SKIPPED
[INFO] CX-SDK-Application-Contracts ....................... SKIPPED
[INFO] CX-SDK-Application ................................. SKIPPED
[INFO] CX-SDK-API ......................................... SKIPPED
[INFO] CX-SDK-OIDC-login 2.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 55.121 s
[INFO] Finished at: 2020-07-21T16:39:49+03:00
[INFO] -----------------------------------------------------------------------

and one more question, can i get the context.project ? there are fields that can help, suck as the sub modules number, and all the files in the sub modules with their working dir.
any help would be much appreciated, thanks allot
Majd

5

Hello,
We Are using SonarPluginAPI 6.7 so, the previous way to use the ProjectSensor is to set the ContextSensor to be Global, and thus we get a scan of all the files as ProjectSensor will give us in more advanced Versions 7.6 and up, if I’m not mistaken, but the advice is good, after reading a bit about project sensor and some of the Sonar Java Doc, i was able to find the global config, and its working great.
Thanks for the help
Majd

6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.