Hey Henry,
Thanks for the quick response,
we removed every thing from the pom.xml properties and we ran a mvn sonar:sonar to do the analysis to the multi module project. we’ve seen some improvement, but it is still not working properly,
The Sensor will be called once per module, each time with a different SensorContext
, accessing only the files that are part of the module.
as you stated above. how can i via code see the sensor context of each module, that could be helpful as well, we are using this function to return the Inputfiles from the SensorContext:
private Iterable<InputFile> getMainFiles(SensorContext context) {
FileSystem fs = context.fileSystem();
if (fs == null) {
logger.error("File system was not provided.");
return new ArrayList<>();
}
Iterable<InputFile> mainFiles = fs.inputFiles(fs.predicates().hasType(InputFile.Type.MAIN));
if (mainFiles == null) {
logger.info("File system has no Main folder.");
return new ArrayList<>();
}
return mainFiles;
}
is there a way to know if we have another context loaded for different module, or how can i use the ProjectSensor here to get all of the files in the workspace ?
this is the log, of running mvn sonar:sonar on the project after removing all the properties from pom.xml:
C:\Checkmarx\SDK\SDK>mvn sonar:sonar
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] 'profiles.profile[artifactory].repositories.repository.id' must be unique but found duplicate repository with id central @ C:\Users\majdm\.m2\settings.xml
[WARNING] 'profiles.profile[artifactory].repositories.repository.id' must be unique but found duplicate repository with id snapshots @ C:\Users\majdm\.m2\settings.xml
[WARNING]
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] checkmarx-sdk [pom]
[INFO] CX-SDK-Domain [jar]
[INFO] CX-SDK-Application-Contracts [jar]
[INFO] CX-SDK-Application [jar]
[INFO] CX-SDK-API [jar]
[INFO] CX-SDK-OIDC-login [jar]
[INFO]
[INFO] ----------------------< com.cx.sdk:checkmarx-sdk >----------------------
[INFO] Building checkmarx-sdk 2.0 [1/6]
[INFO] --------------------------------[ pom ]---------------------------------
[WARNING] The POM for com.sun.xml.bind:jaxb-impl:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] The POM for com.sun.xml.bind:jaxb-core:jar:2.2.11 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO]
[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ checkmarx-sdk ---
[INFO] User cache: C:\Users\majdm\.sonar\cache
[INFO] SonarQube version: 7.8.0
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=328ms
[INFO] Server id: BF41A1F2-AXNxOPkQ98A5_TTC8Kx2
[INFO] User cache: C:\Users\majdm\.sonar\cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=294ms
[INFO] Load/download plugins (done) | time=340ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=7ms
[INFO] Project key: com.cx.sdk:checkmarx-sdk
[INFO] Base dir: C:\Checkmarx\SDK\SDK
[INFO] Working dir: C:\Checkmarx\SDK\SDK\target\sonar
[INFO] Load project settings for component key: 'com.cx.sdk:checkmarx-sdk'
[INFO] Load project settings for component key: 'com.cx.sdk:checkmarx-sdk' (done) | time=277ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=315ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=7179ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] Indexing files of module 'SDK/API'
[INFO] Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-API
[INFO] Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK/Application'
[INFO] Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Application
[INFO] Source paths: pom.xml, src/main/java
[INFO] Test paths: src/test/java
[INFO] Indexing files of module 'SDK'
[INFO] Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Application-Contracts
[INFO] Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK/Domain'
[INFO] Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-Domain
[INFO] Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK'
[INFO] Base dir: C:\Checkmarx\SDK\SDK\CX-SDK-OIDC-login
[INFO] Source paths: pom.xml, src/main/java
[INFO] Indexing files of module 'SDK'
[INFO] Base dir: C:\Checkmarx\SDK\SDK
[INFO] Source paths: pom.xml
[INFO] 46 files indexed
[INFO] 0 files ignored because of scm ignore settings
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module SDK
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=317ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/majdm/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.Protect
ionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=15ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=5ms
[INFO] Java Main Files AST scan
[INFO] 17 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=382ms
[INFO] 17/17 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=2486ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=7ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=3106ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=7ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
Can be configured by admin at: Project Page > Administration > Checkmarx
[Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=189ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-OIDC-login\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=6ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=4ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=155ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=16ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=119ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/Domain
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=2ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 7 source files to be analyzed
[INFO] 7/7 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=261ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] Java Test Files AST scan (done) | time=7ms
[INFO] 0/0 source files have been analyzed
[INFO] Sensor JavaSquidSensor [java] (done) | time=318ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
Can be configured by admin at: Project Page > Administration > Checkmarx
[Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=47ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Domain\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=5ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=4ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=17ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=4ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=14ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/API
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=8ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=8ms
[INFO] Java Main Files AST scan
[INFO] 10 source files to be analyzed
[INFO] 10/10 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=442ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=4ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=547ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.1.37
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4989 seconds left to timeout
[INFO] - [CHECKMARX] - Rule: :checkmarx_3591is not active or not existing. It will not appear in Checkmarx scan results.
[INFO] - [CHECKMARX] - If rule exists in checkmarx.rules.java rule repository, you can update it to your quality profile.
[WARNING] Storing measures on folders or modules is deprecated. Provided value of metric 'cx.sast.result.details' is ignored.
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=12124ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-API\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=8ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=3ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=13ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=12ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=2ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 3 source files to be analyzed
[INFO] 3/3 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=88ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=4ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=133ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[ERROR] NOTE: Checkmarx scan is canceled;
Checkmarx settings were not configured.
Can be configured by admin at: Project Page > Administration > Checkmarx
[Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Checkmarx analysis isn't configured, skipping step.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=28ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Application-Contracts\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=5ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=3ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=13ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=12ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK/Application
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=3ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 2 source files to be analyzed
[INFO] 2/2 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=93ms
[INFO] Java Test Files AST scan
[INFO] 1 source files to be analyzed
[INFO] 1/1 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=55ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=184ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.5.80
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4990 seconds left to timeout
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=11337ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [C:\Checkmarx\SDK\SDK\CX-SDK-Application\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=3ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=1ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=7ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=2ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=7ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on module SDK
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=6ms
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx]
[INFO] Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2020.2.42-snapshot]
[INFO] Getting Checkmarx configuration data from sonar Database.
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Sonar server credentials are provided
[INFO] Checkmarx credentials migration not needed
[INFO] Sonar server credentials are provided
[INFO] Resolving Cx setting: checkmarx.server.project_name
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] Connecting to http://10.32.1.37
[INFO] Initializing Cx client [2020.2.2.NO.SCA]
[INFO] Checkmarx server version [9.0.0.32148].
[INFO] Logging into the Checkmarx service.
[INFO] full team path: \CxServer
[INFO] preset name: All
[INFO] ---------------------------------Get Last CxSAST Results:--------------------------------
[INFO] Waiting for server to generate xml report. 4990 seconds left to timeout
[INFO] Sast results retrieval finished.
[INFO] Sensor Import Checkmarx scan results to SonarQube [checkmarx] (done) | time=11430ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=10ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=30ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=40ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=57ms
[INFO] SCM provider for this project is: git
[INFO] 4 files to be analyzed
[INFO] 0/4 files analyzed
[WARNING] Missing blame information for the following files:
[WARNING] * CX-SDK-Domain/pom.xml
[WARNING] * pom.xml
[WARNING] * CX-SDK-Application/pom.xml
[WARNING] * CX-SDK-API/pom.xml
[WARNING] This may lead to missing/broken features in SonarQube
[INFO] 17 files had no CPD blocks
[INFO] Calculating CPD for 22 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 83ms, dir size=236 KB
[INFO] Analysis report compressed in 175ms, zip size=114 KB
[INFO] Analysis report uploaded in 263ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=com.cx.sdk%3Acheckmarx-sdk
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AXNxmhLm98A5_TTC8OeY
[INFO] Analysis total time: 52.137 s
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] checkmarx-sdk 2.0 .................................. SUCCESS [ 54.882 s]
[INFO] CX-SDK-Domain ...................................... SKIPPED
[INFO] CX-SDK-Application-Contracts ....................... SKIPPED
[INFO] CX-SDK-Application ................................. SKIPPED
[INFO] CX-SDK-API ......................................... SKIPPED
[INFO] CX-SDK-OIDC-login 2.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 55.121 s
[INFO] Finished at: 2020-07-21T16:39:49+03:00
[INFO] -----------------------------------------------------------------------
and one more question, can i get the context.project ? there are fields that can help, suck as the sub modules number, and all the files in the sub modules with their working dir.
any help would be much appreciated, thanks allot
Majd