Scanner reports 0% coverage for GO since yesterday

Hi,

We have suddenly seen a coverage of 0% on all our Go repositories reporting from Jenkins using sonar-scanner 7.0.2. Please note that our ecosystem has not changed and it was all right until yesterday Jan 20.

We run Go tests and get the coverage as explained in the documentation resulting in a file like this:

mode: set
github.com/xxx/yyy/cmd/main.go:11.13,16.16 4 1
github.com/xxx/yyy/cmd/main.go:16.16,18.3 1 0
github.com/xxx/yyy/cmd/main.go:20.2,20.49 1 1
github.com/xxx/yyy/cmd/main.go:20.49,22.3 1 1

and the properties are

sonar.host.url=https://sonarcloud.io
sonar.token=x
sonar.projectKey=x
sonar.projectName=x
sonar.organization=x

sonar.pullrequest.provider=x
sonar.pullrequest.github.repository=x
sonar.pullrequest.github.endpoint=x

sonar.sourceEncoding=UTF-8
sonar.sources=.
sonar.inclusions=cmd/**/*,internal/**/*,pkg/**/*
sonar.exclusions=**/*_test.go

sonar.tests=.
sonar.test.inclusions=**/*_test.go
sonar.test.exclusions=**/mocks_test.go

sonar.go.golangci-lint.reportPaths=report.xml
sonar.go.coverage.reportPaths=coverage.out

The scanner finds the coverage file but the analysis ends up in 0%.

Do you guys have any idea what could have changed and cause this regression ?

Thanks

EDIT: this may be the root cause because it seems that the file coverage files are mapped to the GOPATH files which are outside the project, but again I don’t know why this would have changed.

16:05:14  15:05:14.284 INFO  Sensor Go Cover sensor for Go coverage [go]
16:05:14  15:05:14.285 INFO  Load coverage report from 'xxx/coverage.out'
16:05:14  15:05:14.433 WARN  File 'x/go/src/github.com/y/...' is not included in the project, ignoring coverage
16:05:14  15:05:14.433 WARN  File 'x/go/src/github.com/y/...' is not included in the project, ignoring coverage
16:05:14  15:05:14.433 WARN  File 'x/go/src/github.com/y/...' is not included in the project, ignoring coverage
16:05:14  15:05:14.433 WARN  File 'x/go/src/github.com/y/...' is not included in the project, ignoring coverage
16:05:14  15:05:14.434 WARN  File 'x/go/src/github.com/y/...' is not included in the project, ignoring coverage

Hello,

We are having problems with the coverage reporting from the scanner since yesterday in Golang projects.

The config has been running fine for years, suddenly today all Golang PRs are failing because of 0% coverage.

We run the pipelines in Jenkins with sonarsource/sonar-scanner-cli docker image (we use version 11.4 but today we tried also 11.5 and 12.0 with same behaviour)

Comparing the output of successful builds from monday to the ones failing today, the only differences we found is that after each line loading the coverage reports

10:13:49.902 INFO  Load coverage report from '/app/coverage-unit.out'

we can see one line like the following one per each project *.go file

10:13:49.923 WARN  File 'xxx/cmd/http/server/xxx.go' is not included in the project, ignoring coverage

Since yesterday we did not change any config in Sonarcloud or in the sonar properties file. All our Golang repositories have the problem.

We are experiencing same issue, no changes on our side

seems to be same issue as Coverage is broken for Golang projects since yesterday

Hi,

Welcome to the community and thanks for this report!

Could you add -Dsonar.verbose=true to your analysis command line and post the resulting analysis log, redacted as necessary?

 
Thx,
Ann

HI all,

@Nathaniel_Ritholtz I’ve combined your report into this slightly older thread to make things easier.

I declared an incident for this, and it’s spinning up now. It turns out we deployed a new version of the sensor yesterday, so I think we’ve found our smoking gun. I’ll post more when I know what path we’ll take.

 
Ann

@ganncamp I need to remove some content from it so it will take some time. In the mean time, I’ve checked the latest version of the Go plugin timestamp. It corresponds to the time where we started having issues. Where can I find the changelog of the plugin ?

image532×343 27.1 KB

Is it possible to tell the scanner to take another version ?

@ganncamp here’s the output:

17:07:23  16:07:23.404 INFO  Scanner configuration file: /usr/lib/sonar-scanner/conf/sonar-scanner.properties
17:07:23  16:07:23.407 INFO  Project root configuration file: /home/jenkins/agent/workspace/x/.sonarcloud.properties
17:07:23  16:07:23.423 INFO  SonarScanner CLI 7.0.2.4839
17:07:23  16:07:23.424 INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
17:07:23  16:07:23.425 INFO  Linux 6.8.0-79-generic amd64
17:07:23  16:07:23.434 DEBUG Scanner max available memory: 29 GB
17:07:23  16:07:23.461 DEBUG uname -m returned 'x86_64'
17:07:23  16:07:23.463 DEBUG Using JVM default truststore: /usr/lib/sonar-scanner/jre/lib/security/cacerts
17:07:23  16:07:23.465 DEBUG Create: /root/.sonar/cache
17:07:23  16:07:23.465 INFO  User cache: /root/.sonar/cache
17:07:23  16:07:23.465 DEBUG Create: /root/.sonar/cache/_tmp
17:07:23  16:07:23.562 DEBUG Loading OS trusted SSL certificates...
17:07:23  16:07:23.563 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:24  16:07:23.803 DEBUG Loaded [438] system trusted certificates
17:07:24  16:07:23.996 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:24  16:07:24.165 INFO  JRE provisioning: os[linux], arch[x86_64]
17:07:24  16:07:24.191 DEBUG --> GET https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64
17:07:24  16:07:24.492 DEBUG <-- 200 https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64 (300ms, 471-byte body)
17:07:24  16:07:24.535 DEBUG Download https://scanner.sonarcloud.io/jres/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz to /root/.sonar/cache/_tmp/fileCache8816065180299106382.tmp
17:07:24  16:07:24.536 DEBUG --> GET https://scanner.sonarcloud.io/jres/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz
17:07:24  16:07:24.594 DEBUG <-- 200 https://scanner.sonarcloud.io/jres/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz (57ms, 51952734-byte body)
17:07:26  16:07:26.329 DEBUG Executing: /root/.sonar/cache/aeab55d064a1a27a3744b0880b9b414077b4ed2b1790817eea3df60aec946431/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz_extracted/jdk-21.0.9+10-jre/bin/java --version
17:07:26  16:07:26.387 DEBUG openjdk 21.0.9 2025-10-21 LTS
17:07:26  16:07:26.388 DEBUG OpenJDK Runtime Environment Temurin-21.0.9+10 (build 21.0.9+10-LTS)
17:07:26  16:07:26.388 DEBUG OpenJDK 64-Bit Server VM Temurin-21.0.9+10 (build 21.0.9+10-LTS, mixed mode, sharing)
17:07:26  16:07:26.395 DEBUG --> GET https://api.sonarcloud.io/analysis/engine
17:07:26  16:07:26.494 DEBUG <-- 200 https://api.sonarcloud.io/analysis/engine (98ms, 302-byte body)
17:07:26  16:07:26.496 DEBUG Download https://scanner.sonarcloud.io/engines/sonarcloud-scanner-engine-12.12.0.2299-all.jar to /root/.sonar/cache/_tmp/fileCache3742677025349868446.tmp
17:07:26  16:07:26.496 DEBUG --> GET https://scanner.sonarcloud.io/engines/sonarcloud-scanner-engine-12.12.0.2299-all.jar
17:07:26  16:07:26.504 DEBUG <-- 200 https://scanner.sonarcloud.io/engines/sonarcloud-scanner-engine-12.12.0.2299-all.jar (8ms, 38288049-byte body)
17:07:26  16:07:26.770 INFO  Communicating with SonarQube Cloud
17:07:26  16:07:26.771 DEBUG Work directory: /home/jenkins/agent/workspace/x/.scannerwork
17:07:26  16:07:26.778 DEBUG Executing: /root/.sonar/cache/aeab55d064a1a27a3744b0880b9b414077b4ed2b1790817eea3df60aec946431/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz_extracted/jdk-21.0.9+10-jre/bin/java -Dorg.bouncycastle.pkcs12.ignore_useless_passwd=true -jar /root/.sonar/cache/e7d643d62098e0503daa28b3e9f7b367d715c113dea878f5b0def8a54f3423f9/sonarcloud-scanner-engine-12.12.0.2299-all.jar
17:07:27  16:07:27.103 INFO  Starting SonarScanner Engine...
17:07:27  16:07:27.104 INFO  Java 21.0.9 Eclipse Adoptium (64-bit)
17:07:27  16:07:27.169 DEBUG JVM max available memory: 29 GB
17:07:27  16:07:27.484 DEBUG Sonar User Home: /root/.sonar
17:07:27  16:07:27.495 DEBUG Initialize DefaultScannerWsClient
17:07:27  16:07:27.590 DEBUG Loading OS trusted SSL certificates...
17:07:27  16:07:27.591 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:28  16:07:27.854 DEBUG Loaded [438] system trusted certificates
17:07:28  16:07:28.070 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:28  16:07:28.244 INFO  Load global settings
17:07:28  16:07:28.255 DEBUG --> GET https://sonarcloud.io/api/settings/values.protobuf
17:07:28  16:07:28.670 DEBUG <-- 200 https://sonarcloud.io/api/settings/values.protobuf (414ms, unknown-length body)
17:07:28  16:07:28.699 INFO  Load global settings (done) | time=455ms
17:07:28  16:07:28.768 INFO  Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
17:07:29  16:07:28.776 DEBUG Initialize DownloadPluginsScannerWsClient
17:07:29  16:07:28.779 DEBUG Loading OS trusted SSL certificates...
17:07:29  16:07:28.779 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:29  16:07:28.919 DEBUG Loaded [438] system trusted certificates
17:07:29  16:07:28.953 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:29  16:07:28.966 DEBUG Create : /root/.sonar/_tmp
17:07:29  16:07:28.966 DEBUG User cache: /root/.sonar/cache
17:07:29  16:07:28.976 INFO  Loading required plugins
17:07:29  16:07:28.976 INFO  Load plugins index
17:07:29  16:07:28.977 DEBUG --> GET https://sonarcloud.io/api/plugins/installed
17:07:29  16:07:29.025 DEBUG <-- 200 https://sonarcloud.io/api/plugins/installed (47ms, unknown-length body)
17:07:29  16:07:29.035 INFO  Load plugins index (done) | time=59ms
17:07:29  16:07:29.036 INFO  Load/download plugins
17:07:29  16:07:29.037 DEBUG Download plugin 'iac' to '/root/.sonar/_tmp/fileCache13279362072010310100.tmp'
17:07:29  16:07:29.038 DEBUG --> GET https://scanner.sonarcloud.io/plugins/iac/versions/7169748e1a27fdb5875ca7fb346cf373.jar
17:07:29  16:07:29.099 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/iac/versions/7169748e1a27fdb5875ca7fb346cf373.jar (60ms, 23877741-byte body)
17:07:29  16:07:29.659 DEBUG Download plugin 'textenterprise' to '/root/.sonar/_tmp/fileCache13076159109882535248.tmp'
17:07:29  16:07:29.660 DEBUG --> GET https://scanner.sonarcloud.io/plugins/textenterprise/versions/0ddc1a5d4d73ea2bc8f89d039b0577ab.jar
17:07:29  16:07:29.669 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/textenterprise/versions/0ddc1a5d4d73ea2bc8f89d039b0577ab.jar (8ms, 8094639-byte body)
17:07:30  16:07:29.791 INFO  Load/download plugins (done) | time=755ms
17:07:30  16:07:29.791 DEBUG Plugins not loaded because they are optional: [abap, sonarapex, architecture, architecturejavascriptfrontend, architecturepythonfrontend, architecturecsharpfrontend, architecturejavafrontend, csharpenterprise, cpp, cobol, dart, dbd, dbdjavafrontend, dbdpythonfrontend, dre, flex, go, web, jcl, jacoco, javasymbolicexecution, java, javaa3scontextcollector, javascript, kotlin, php, pli, plsql, python, rpg, ruby, rust, sonarscala, jasmin, swift, tsql, vbnetenterprise, vb, security, securitycsharpfrontend, securitygofrontend, securityjavafrontend, securitykotlinfrontend, securityphpfrontend, securitypythonfrontend, securityvbnetfrontend, xml]
17:07:30  16:07:29.859 DEBUG Plugins loaded:
17:07:30  16:07:29.859 DEBUG   * Text Code Quality and Security 2.38.0.10279 (textenterprise)
17:07:30  16:07:29.860 DEBUG   * IaC Code Quality and Security 2.4.0.18716 (iac)
17:07:30  16:07:29.861 DEBUG --> GET https://sonarcloud.io/api/server/version
17:07:30  16:07:29.914 DEBUG <-- 200 https://sonarcloud.io/api/server/version (51ms, 11-byte body)
17:07:30  16:07:29.916 DEBUG Updated analysis started with a difference of -28 milliseconds
17:07:30  16:07:29.921 DEBUG Started at Wed Jan 21 16:07:28 UTC 2026
17:07:30  16:07:29.962 INFO  Loaded core extensions: a3s, architecture, sca
17:07:30  16:07:29.968 DEBUG Installed scanner extension: a3s
17:07:30  16:07:29.969 DEBUG Installed scanner extension: architecture
17:07:30  16:07:29.971 DEBUG Installed scanner extension: sca
17:07:30  16:07:30.075 DEBUG register org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda/0x000076fa54365580@67b100fe with shutdown hook
17:07:30  16:07:30.261 INFO  Process project properties
17:07:30  16:07:30.269 DEBUG Process project properties (done) | time=9ms
17:07:30  16:07:30.279 INFO  Project key: xxx
17:07:30  16:07:30.279 INFO  Base dir: /home/jenkins/agent/workspace/x
17:07:30  16:07:30.279 INFO  Working dir: /home/jenkins/agent/workspace/x/.scannerwork
17:07:30  16:07:30.279 DEBUG Project global encoding: UTF-8, default locale: en_US
17:07:30  16:07:30.297 INFO  Found an active CI vendor: 'Jenkins'
17:07:30  16:07:30.302 INFO  Load project branches
17:07:30  16:07:30.303 DEBUG --> GET https://sonarcloud.io/api/project_branches/list?project=x
17:07:31  16:07:30.725 DEBUG <-- 200 https://sonarcloud.io/api/project_branches/list?project=x (421ms, unknown-length body)
17:07:31  16:07:30.731 INFO  Load project branches (done) | time=430ms
17:07:31  16:07:30.737 INFO  Load project settings for component key: 'x'
17:07:31  16:07:30.737 DEBUG --> GET https://sonarcloud.io/api/settings/values.protobuf?component=x
17:07:31  16:07:30.922 DEBUG <-- 200 https://sonarcloud.io/api/settings/values.protobuf?component=x (184ms, unknown-length body)
17:07:31  16:07:30.923 INFO  Load project settings for component key: 'x' (done) | time=186ms
17:07:31  16:07:30.932 DEBUG Initialize DomainApiWsClient
17:07:31  16:07:30.933 DEBUG Loading OS trusted SSL certificates...
17:07:31  16:07:30.933 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:31  16:07:31.060 DEBUG Loaded [438] system trusted certificates
17:07:31  16:07:31.080 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:31  16:07:31.092 DEBUG Request URL: https://api.sonarcloud.io/feature-flags-provisioning/feature-flags
17:07:31  16:07:31.093 DEBUG --> GET https://api.sonarcloud.io/feature-flags-provisioning/feature-flags?organizationKey=x
17:07:31  16:07:31.194 DEBUG <-- 200 https://api.sonarcloud.io/feature-flags-provisioning/feature-flags?organizationKey=x (100ms, 475-byte body)
17:07:31  16:07:31.208 DEBUG Response: FeatureFlagResponse[featureFlags={design-architecture-squad-enable-advanced=false, security-insights-enable-asast-csharp=false, security-insights-enable-asast-vbnet=false, cfamily-configure-shallow-mode-threshold=0, cfamily-configure-shallow-mode-max-steps=10000, cloud-security-enable-generic-yaml-and-json-analyzer=true, mobile-security-use-deprecated-swift-analyzer=false, design-architecture-squad-enable-basic=false, analysis-processing-a3s-ci-context-collector-enabled=false}]
17:07:31  16:07:31.213 INFO  Check ALM binding of project 'x'
17:07:31  16:07:31.214 DEBUG --> GET https://sonarcloud.io/api/alm_integration/is_project_bound?project=x
17:07:31  16:07:31.414 DEBUG <-- 200 https://sonarcloud.io/api/alm_integration/is_project_bound?project=x (199ms, unknown-length body)
17:07:31  16:07:31.416 INFO  Detected project binding: BOUND
17:07:31  16:07:31.416 INFO  Check ALM binding of project 'x' (done) | time=203ms
17:07:31  16:07:31.422 INFO  Load project pull requests
17:07:31  16:07:31.423 DEBUG --> GET https://sonarcloud.io/api/project_pull_requests/list?project=x
17:07:31  16:07:31.603 DEBUG <-- 200 https://sonarcloud.io/api/project_pull_requests/list?project=x (179ms, unknown-length body)
17:07:31  16:07:31.609 INFO  Load project pull requests (done) | time=188ms
17:07:31  16:07:31.615 INFO  Load branch configuration
17:07:31  16:07:31.616 DEBUG Found manual configuration of branch/PR analysis. Skipping automatic configuration.
17:07:31  16:07:31.617 DEBUG --> GET https://sonarcloud.io/api/alm_integration/show_pullrequest?project=x&pullrequestKey=29
17:07:32  16:07:32.829 DEBUG <-- 200 https://sonarcloud.io/api/alm_integration/show_pullrequest?project=x&pullrequestKey=29 (1210ms, unknown-length body)
17:07:32  16:07:32.833 INFO  Load branch configuration (done) | time=1217ms
17:07:32  16:07:32.838 DEBUG Creating module hierarchy
17:07:32  16:07:32.838 DEBUG   Init module 'x'
17:07:32  16:07:32.839 DEBUG     Base dir: /home/jenkins/agent/workspace/x
17:07:32  16:07:32.839 DEBUG     Working dir: /home/jenkins/agent/workspace/x/.scannerwork
17:07:32  16:07:32.839 DEBUG     Module global encoding: UTF-8, default locale: en_US
17:07:32  16:07:32.850 INFO  Load quality profiles
17:07:32  16:07:32.852 DEBUG --> GET https://sonarcloud.io/api/qualityprofiles/search.protobuf?projectKey=x&organization=x
17:07:33  16:07:33.339 DEBUG <-- 200 https://sonarcloud.io/api/qualityprofiles/search.protobuf?projectKey=x&organization=x (486ms, 5590-byte body)
17:07:33  16:07:33.353 INFO  Load quality profiles (done) | time=503ms
17:07:33  16:07:33.387 INFO  Create analysis
17:07:33  16:07:33.396 DEBUG Create analysis with parameters CreateAnalysisRequest[organizationKey=x, projectKey=x, projectVersion=not provided, branchName=null, pullRequestKey=29, referenceBranchId=80b577dd-8d7f-4226-9856-822dc05950dc, analysisId=null]
17:07:33  16:07:33.399 DEBUG --> POST https://api.sonarcloud.io/analysis/analyses (190-byte body)
17:07:33  16:07:33.614 DEBUG <-- 201 https://api.sonarcloud.io/analysis/analyses (214ms, 230-byte body)
17:07:33  16:07:33.623 DEBUG Created analysis Analysis[uuid=ae4a6db0-7bf1-431f-86b0-d950d40c60b6, branchId=b45676b5-56bf-44f8-bc3c-344bd0b29a1e, branchType=pull_request, newCodePeriod=null]
17:07:33  16:07:33.623 INFO  Create analysis (done) | time=237ms
17:07:33  16:07:33.626 DEBUG ScaApiWsClient url: https://api.sonarcloud.io
17:07:33  16:07:33.627 DEBUG Loading OS trusted SSL certificates...
17:07:33  16:07:33.627 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:33  16:07:33.718 DEBUG Loaded [438] system trusted certificates
17:07:33  16:07:33.735 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:33  16:07:33.755 INFO  Load active rules
17:07:33  16:07:33.757 DEBUG --> GET https://api.sonarcloud.io/analysis/active-rules?organization=x&project=x
17:07:34  16:07:34.442 DEBUG <-- 200 https://api.sonarcloud.io/analysis/active-rules?organization=x&project=x (685ms, unknown-length body)
17:07:34  16:07:34.622 INFO  Load active rules (done) | time=866ms
17:07:34  16:07:34.652 DEBUG --> GET https://sonarcloud.io/api/languages/list
17:07:34  16:07:34.697 DEBUG <-- 200 https://sonarcloud.io/api/languages/list (45ms, unknown-length body)
17:07:34  16:07:34.718 INFO  Organization key: x
17:07:34  16:07:34.718 INFO  Pull request 29 for merge into master from fix/DEV-42546
17:07:34  16:07:34.723 DEBUG Declared patterns of language Kubernetes were converted to sonar.lang.patterns.kubernetes : 
17:07:34  16:07:34.723 DEBUG Declared patterns of language CSS were converted to sonar.lang.patterns.css : **/*.css,**/*.less,**/*.scss,**/*.sass
17:07:34  16:07:34.723 DEBUG Declared patterns of language Scala were converted to sonar.lang.patterns.scala : **/*.scala
17:07:34  16:07:34.723 DEBUG Declared patterns of language JSP were converted to sonar.lang.patterns.jsp : **/*.jsp,**/*.jspf,**/*.jspx
17:07:34  16:07:34.724 DEBUG Declared patterns of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.cjs,**/*.mjs,**/*.vue
17:07:34  16:07:34.724 DEBUG Declared patterns of language Python were converted to sonar.lang.patterns.py : **/*.py
17:07:34  16:07:34.724 DEBUG Declared patterns of language Ansible were converted to sonar.lang.patterns.ansible : 
17:07:34  16:07:34.724 DEBUG Declared patterns of language Apex were converted to sonar.lang.patterns.apex : **/*.cls,**/*.trigger
17:07:34  16:07:34.724 DEBUG Declared patterns of language Docker were converted to sonar.lang.patterns.docker : **/*.dockerfile,**/Dockerfile,**/dockerfile
17:07:34  16:07:34.724 DEBUG Declared patterns of language PL/SQL were converted to sonar.lang.patterns.plsql : **/*.sql,**/*.tab,**/*.pkb
17:07:34  16:07:34.725 DEBUG Declared patterns of language Dart were converted to sonar.lang.patterns.dart : **/*.dart
17:07:34  16:07:34.725 DEBUG Declared patterns of language Rust were converted to sonar.lang.patterns.rust : **/*.rs
17:07:34  16:07:34.725 DEBUG Declared patterns of language JCL were converted to sonar.lang.patterns.jcl : **/*.jcl
17:07:34  16:07:34.725 DEBUG Declared patterns of language Java were converted to sonar.lang.patterns.java : **/*.java,**/*.jav
17:07:34  16:07:34.725 DEBUG Declared patterns of language HTML were converted to sonar.lang.patterns.web : **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml,**/*.cmp,**/*.twig
17:07:34  16:07:34.725 DEBUG Declared patterns of language Flex were converted to sonar.lang.patterns.flex : **/*.as
17:07:34  16:07:34.725 DEBUG Declared patterns of language XML were converted to sonar.lang.patterns.xml : **/*.xml,**/*.xsd,**/*.xsl,**/*.config
17:07:34  16:07:34.725 DEBUG Declared patterns of language JSON were converted to sonar.lang.patterns.json : **/*.json
17:07:34  16:07:34.726 DEBUG Declared patterns of language IPython Notebooks were converted to sonar.lang.patterns.ipynb : **/*.ipynb
17:07:34  16:07:34.726 DEBUG Declared patterns of language Text were converted to sonar.lang.patterns.text : 
17:07:34  16:07:34.726 DEBUG Declared patterns of language VB.NET were converted to sonar.lang.patterns.vbnet : **/*.vb
17:07:34  16:07:34.726 DEBUG Declared patterns of language CloudFormation were converted to sonar.lang.patterns.cloudformation : 
17:07:34  16:07:34.726 DEBUG Declared patterns of language Swift were converted to sonar.lang.patterns.swift : **/*.swift
17:07:34  16:07:34.726 DEBUG Declared patterns of language YAML were converted to sonar.lang.patterns.yaml : **/*.yaml,**/*.yml
17:07:34  16:07:34.726 DEBUG Declared patterns of language C++ were converted to sonar.lang.patterns.cpp : **/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp,**/*.ixx,**/*.mxx,**/*.cppm,**/*.ccm,**/*.cxxm,**/*.c++m
17:07:34  16:07:34.726 DEBUG Declared patterns of language C were converted to sonar.lang.patterns.c : **/*.c,**/*.h
17:07:34  16:07:34.726 DEBUG Declared patterns of language Go were converted to sonar.lang.patterns.go : **/*.go
17:07:34  16:07:34.727 DEBUG Declared patterns of language Kotlin were converted to sonar.lang.patterns.kotlin : **/*.kt,**/*.kts
17:07:34  16:07:34.727 DEBUG Declared patterns of language RPG were converted to sonar.lang.patterns.rpg : **/*.rpg,**/*.rpgle,**/*.sqlrpgle,**/*.rpg,**/*.rpgle,**/*.sqlrpgle
17:07:34  16:07:34.727 DEBUG Declared patterns of language PL/I were converted to sonar.lang.patterns.pli : **/*.pli
17:07:34  16:07:34.727 DEBUG Declared patterns of language T-SQL were converted to sonar.lang.patterns.tsql : **/*.tsql
17:07:34  16:07:34.727 DEBUG Declared patterns of language Vb were converted to sonar.lang.patterns.vb : **/*.bas,**/*.frm,**/*.ctl
17:07:34  16:07:34.727 DEBUG Declared patterns of language Secrets were converted to sonar.lang.patterns.secrets : 
17:07:34  16:07:34.727 DEBUG Declared patterns of language Ruby were converted to sonar.lang.patterns.ruby : **/*.rb
17:07:34  16:07:34.727 DEBUG Declared patterns of language C# were converted to sonar.lang.patterns.cs : **/*.cs,**/*.razor
17:07:34  16:07:34.727 DEBUG Declared patterns of language COBOL were converted to sonar.lang.patterns.cobol : 
17:07:34  16:07:34.727 DEBUG Declared patterns of language Shell were converted to sonar.lang.patterns.shell : **/*.sh,**/*.bash
17:07:34  16:07:34.728 DEBUG Declared patterns of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
17:07:34  16:07:34.728 DEBUG Declared patterns of language Terraform were converted to sonar.lang.patterns.terraform : **/*.tf
17:07:34  16:07:34.728 DEBUG Declared patterns of language Azure Resource Manager were converted to sonar.lang.patterns.azureresourcemanager : **/*.bicep
17:07:34  16:07:34.728 DEBUG Declared patterns of language ABAP were converted to sonar.lang.patterns.abap : **/*.abap,**/*.ab4,**/*.flow,**/*.asprog
17:07:34  16:07:34.728 DEBUG Declared patterns of language GitHub Actions were converted to sonar.lang.patterns.githubactions : 
17:07:34  16:07:34.728 DEBUG Declared patterns of language Objective-C were converted to sonar.lang.patterns.objc : **/*.m
17:07:34  16:07:34.728 DEBUG Declared patterns of language TypeScript were converted to sonar.lang.patterns.ts : **/*.ts,**/*.tsx,**/*.cts,**/*.mts
17:07:34  16:07:34.740 INFO  Preprocessing files...
17:07:34  16:07:34.757 DEBUG loading config FileBasedConfig[/root/.config/jgit/config]
17:07:34  16:07:34.758 DEBUG readpipe [/usr/bin/git, --version],/usr/bin
17:07:35  16:07:34.768 DEBUG readpipe may return 'git version 2.47.3'
17:07:35  16:07:34.769 DEBUG remaining output:
17:07:35  
17:07:35  16:07:34.769 DEBUG readpipe [/usr/bin/git, config, --system, --show-origin, --list, -z],/usr/bin
17:07:35  16:07:34.773 DEBUG readpipe may return 'file:/etc/gitconfigurl.git@github.com:.insteadof'
17:07:35  16:07:34.773 DEBUG remaining output:
17:07:35  
17:07:35  16:07:34.773 DEBUG https://github.com/
17:07:35  16:07:34.774 DEBUG loading config FileBasedConfig[/etc/gitconfig]
17:07:35  16:07:34.774 DEBUG loading config FileBasedConfig[/root/.config/git/config]
17:07:35  16:07:34.774 DEBUG loading config UserConfigFile[/root/.gitconfig]
17:07:35  16:07:34.860 DEBUG 542 non excluded files in this Git repository
17:07:35  16:07:35.016 INFO  1 language detected in 81 preprocessed files (done) | time=275ms
17:07:35  16:07:35.017 INFO  1197 files ignored because of inclusion/exclusion patterns
17:07:35  16:07:35.017 INFO  0 files ignored because of scm ignore settings
17:07:35  16:07:35.077 INFO  Loading plugins for detected languages
17:07:35  16:07:35.078 DEBUG Detected languages: [go]
17:07:35  16:07:35.078 INFO  Load/download plugins
17:07:35  16:07:35.078 DEBUG Download plugin 'dre' to '/root/.sonar/_tmp/fileCache10005221470002408291.tmp'
17:07:35  16:07:35.078 DEBUG --> GET https://scanner.sonarcloud.io/plugins/dre/versions/c7cbb9e56cab0a1299c4481521f5bb32.jar
17:07:35  16:07:35.087 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/dre/versions/c7cbb9e56cab0a1299c4481521f5bb32.jar (8ms, 24532399-byte body)
17:07:35  16:07:35.255 DEBUG Download plugin 'go' to '/root/.sonar/_tmp/fileCache1304059286653766345.tmp'
17:07:35  16:07:35.256 DEBUG --> GET https://scanner.sonarcloud.io/plugins/go/versions/e55b4bc73f557d268478bf4581bd549d.jar
17:07:35  16:07:35.264 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/go/versions/e55b4bc73f557d268478bf4581bd549d.jar (8ms, 16955680-byte body)
17:07:35  16:07:35.353 DEBUG Download plugin 'security' to '/root/.sonar/_tmp/fileCache7929627783556842523.tmp'
17:07:35  16:07:35.353 DEBUG --> GET https://scanner.sonarcloud.io/plugins/security/versions/a814ef3f3cb12e5c090bdee3cc543ef9.jar
17:07:35  16:07:35.363 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/security/versions/a814ef3f3cb12e5c090bdee3cc543ef9.jar (9ms, 36439709-byte body)
17:07:35  16:07:35.541 DEBUG Download plugin 'securitygofrontend' to '/root/.sonar/_tmp/fileCache2925335910863329105.tmp'
17:07:35  16:07:35.541 DEBUG --> GET https://scanner.sonarcloud.io/plugins/securitygofrontend/versions/18a258c0bee306f79801b74593756c9f.jar
17:07:35  16:07:35.550 DEBUG <-- 200 https://scanner.sonarcloud.io/plugins/securitygofrontend/versions/18a258c0bee306f79801b74593756c9f.jar (8ms, 1764510-byte body)
17:07:35  16:07:35.562 INFO  Load/download plugins (done) | time=485ms
17:07:35  16:07:35.563 DEBUG Optional language-specific plugins not loaded: [abap, sonarapex, architecture, architecturejavascriptfrontend, architecturepythonfrontend, architecturecsharpfrontend, architecturejavafrontend, csharpenterprise, cpp, cobol, dart, dbd, dbdjavafrontend, dbdpythonfrontend, flex, web, jcl, jacoco, javasymbolicexecution, java, javaa3scontextcollector, javascript, kotlin, php, pli, plsql, python, rpg, ruby, rust, sonarscala, jasmin, swift, tsql, vbnetenterprise, vb, securitycsharpfrontend, securityjavafrontend, securitykotlinfrontend, securityphpfrontend, securitypythonfrontend, securityvbnetfrontend, xml]
17:07:35  16:07:35.604 DEBUG Plugins loaded:
17:07:35  16:07:35.604 DEBUG   * Go Code Quality and Security 1.32.0.5128 (go)
17:07:35  16:07:35.604 DEBUG   * Vulnerability Rules for Go 11.15.0.42969 (securitygofrontend)
17:07:35  16:07:35.604 DEBUG   * Vulnerability Analysis 11.15.0.42969 (security)
17:07:35  16:07:35.605 DEBUG   * Declarative Rule Engine 1.0.0.5029 (dre)
17:07:35  16:07:35.698 INFO  Load project repositories
17:07:35  16:07:35.698 DEBUG --> GET https://sonarcloud.io/batch/project.protobuf?key=x&branch=master
17:07:36  16:07:35.988 DEBUG <-- 200 https://sonarcloud.io/batch/project.protobuf?key=x&branch=master (289ms, 5905-byte body)
17:07:36  16:07:35.995 INFO  Load project repositories (done) | time=298ms
17:07:36  16:07:35.999 INFO  SCM collecting changed files in the branch
17:07:36  16:07:36.023 DEBUG Merge base sha1: c4d65c24dac14afde1889c724dbed78ffa6b7fa5
17:07:36  16:07:36.028 DEBUG Thread[#48,ForkJoinPool.commonPool-worker-1,5,main]: start measure timestamp resolution /home/jenkins/agent (/dev/vda2) in /home/jenkins/agent/workspace/x/.git
17:07:36  16:07:36.029 DEBUG Thread[#48,ForkJoinPool.commonPool-worker-1,5,main]: end measure timestamp resolution /home/jenkins/agent (/dev/vda2) in /home/jenkins/agent/workspace/x/.git; got PT0.000003086S
17:07:36  16:07:36.029 DEBUG Thread[#48,ForkJoinPool.commonPool-worker-1,5,main]: start measure minimal racy interval in /home/jenkins/agent/workspace/x/.git
17:07:36  16:07:36.128 DEBUG Thread[#1,main,5,main]: use fallback timestamp resolution for directory /home/jenkins/agent/workspace/x/.git
17:07:36  16:07:36.143 INFO  SCM collecting changed files in the branch (done) | time=144ms
17:07:36  16:07:36.144 DEBUG SCM reported 20 files changed in the branch
17:07:36  16:07:36.156 INFO  Indexing files...
17:07:36  16:07:36.156 INFO  Project configuration:
17:07:36  16:07:36.156 INFO    Included sources: cmd/**/*, internal/**/*, pkg/**/*
17:07:36  16:07:36.156 INFO    Excluded sources: internal/api/**/*, **/*_test.go, **/*_mocks.go, **/*_test.go
17:07:36  16:07:36.157 INFO    Included tests: **/*_test.go
17:07:36  16:07:36.157 INFO    Excluded tests: **/mocks_test.go
17:07:36  16:07:36.161 DEBUG 'cmd/main.go' indexed with language 'go'
**removed other files**
17:07:36  16:07:36.181 INFO  81 files indexed (done) | time=26ms
17:07:36  16:07:36.188 DEBUG Available languages:
17:07:36  16:07:36.188 DEBUG   * Go => "go"
17:07:36  16:07:36.188 DEBUG   * Secrets => "secrets"
17:07:36  16:07:36.189 DEBUG   * Text => "text"
17:07:36  16:07:36.189 DEBUG   * Terraform => "terraform"
17:07:36  16:07:36.189 DEBUG   * CloudFormation => "cloudformation"
17:07:36  16:07:36.189 DEBUG   * Kubernetes => "kubernetes"
17:07:36  16:07:36.189 DEBUG   * Docker => "docker"
17:07:36  16:07:36.189 DEBUG   * Azure Resource Manager => "azureresourcemanager"
17:07:36  16:07:36.189 DEBUG   * YAML => "yaml"
17:07:36  16:07:36.189 DEBUG   * JSON => "json"
17:07:36  16:07:36.189 DEBUG   * Ansible => "ansible"
17:07:36  16:07:36.189 DEBUG   * GitHub Actions => "githubactions"
17:07:36  16:07:36.189 DEBUG   * Shell => "shell"
17:07:36  16:07:36.189 INFO  Quality profile for go: not sonar
17:07:36  16:07:36.189 INFO  ------------- Run sensors on module x
17:07:36  16:07:36.267 INFO  Load metrics repository
17:07:36  16:07:36.267 DEBUG --> GET https://sonarcloud.io/api/metrics/search?f=name,description,direction,qualitative&ps=500&p=1
17:07:36  16:07:36.312 DEBUG <-- 200 https://sonarcloud.io/api/metrics/search?f=name,description,direction,qualitative&ps=500&p=1 (45ms, unknown-length body)
17:07:36  16:07:36.319 INFO  Load metrics repository (done) | time=53ms
17:07:36  16:07:36.328 INFO  Sensor cache enabled
17:07:36  16:07:36.333 INFO  Load sensor cache
17:07:36  16:07:36.333 DEBUG --> GET https://api.sonarcloud.io/analysis/sensor-cache/prepare-read?organization=x&project=x&branch=master
17:07:36  16:07:36.539 DEBUG <-- 200 https://api.sonarcloud.io/analysis/sensor-cache/prepare-read?organization=x&project=x&branch=master (205ms, unknown-length body)
17:07:36  16:07:36.568 DEBUG --> GET 
17:07:37  16:07:36.740 DEBUG <-- 200 OK 
17:07:37  16:07:36.773 INFO  Load sensor cache (174 KB) | time=440ms
17:07:37  16:07:36.804 DEBUG Using Go converter binary: sonar-go-to-slang-linux-amd64
17:07:37  16:07:36.865 DEBUG Using Go converter binary: sonar-go-to-slang-linux-amd64
17:07:37  16:07:37.416 DEBUG 'Import external issues report' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  16:07:37.419 DEBUG 'Go Unit Test Report' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  16:07:37.419 DEBUG 'Import of go vet issues' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.go.govet.reportPaths: <empty>
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.go.coverage.reportPaths: scripts/reports/coverage.out
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  16:07:37.419 DEBUG 'Import of Golint issues' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.go.govet.reportPaths: <empty>
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.go.golint.reportPaths: <empty>
17:07:37  - sonar.go.coverage.reportPaths: scripts/reports/coverage.out
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  16:07:37.420 DEBUG 'Import of GoMetaLinter issues' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.go.govet.reportPaths: <empty>
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.go.golint.reportPaths: <empty>
17:07:37  - sonar.go.coverage.reportPaths: scripts/reports/coverage.out
17:07:37  - sonar.go.gometalinter.reportPaths: <empty>
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  16:07:37.420 DEBUG 'IaC Terraform Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.420 DEBUG 'IaC TFLint report Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.421 DEBUG 'IaC CloudFormation Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.421 DEBUG 'IaC cfn-lint report Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.422 DEBUG 'IaC Kubernetes Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.422 DEBUG 'IaC Azure Resource Manager Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.423 DEBUG 'IaC Ansible Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.423 DEBUG 'IaC ansible-lint report Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'Declarative Rule Engine for Apex' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'Declarative Rule Engine for Ruby' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'Declarative Rule Engine for Shell' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'IaC YAML Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'IaC JSON Sensor' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'Serverless configuration file sensor' skipped because there is no related file in current project
17:07:37  16:07:37.424 DEBUG 'AWS SAM template file sensor' skipped because there is no related file in current project
17:07:37  16:07:37.440 DEBUG 'Generic Coverage Report' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.genericcoverage.reportPath: <empty>
17:07:37  - sonar.genericcoverage.itReportPaths: <empty>
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.go.golint.reportPaths: <empty>
17:07:37  - sonar.go.coverage.reportPaths: scripts/reports/coverage.out
17:07:37  - sonar.go.gometalinter.reportPaths: <empty>
17:07:37  - sonar.genericcoverage.overallReportPaths: <empty>
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  - sonar.go.govet.reportPaths: <empty>
17:07:37  - sonar.dre.go.activate: <empty>
17:07:37  - sonar.coverageReportPaths: <empty>
17:07:37  - sonar.go.golangci-lint.reportPaths: scripts/reports/golangci-lint-report.xml
17:07:37  - sonar.genericcoverage.reportPaths: <empty>
17:07:37  16:07:37.440 DEBUG 'Generic Test Executions Report' skipped because of missing configuration requirements.
17:07:37  Accessed configuration:
17:07:37  - sonar.genericcoverage.reportPath: <empty>
17:07:37  - sonar.genericcoverage.itReportPaths: <empty>
17:07:37  - sonar.go.tests.reportPaths: <empty>
17:07:37  - sonar.go.golint.reportPaths: <empty>
17:07:37  - sonar.go.coverage.reportPaths: scripts/reports/coverage.out
17:07:37  - sonar.go.gometalinter.reportPaths: <empty>
17:07:37  - sonar.genericcoverage.overallReportPaths: <empty>
17:07:37  - sonar.externalIssuesReportPaths: <empty>
17:07:37  - sonar.go.govet.reportPaths: <empty>
17:07:37  - sonar.dre.go.activate: <empty>
17:07:37  - sonar.coverageReportPaths: <empty>
17:07:37  - sonar.go.golangci-lint.reportPaths: scripts/reports/golangci-lint-report.xml
17:07:37  - sonar.genericcoverage.reportPaths: <empty>
17:07:37  - sonar.testExecutionReportPaths: <empty>
17:07:37  16:07:37.440 DEBUG 'JavaSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.440 DEBUG 'CSharpSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.440 DEBUG 'VbNetSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.441 DEBUG 'PhpSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.441 DEBUG 'PythonSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.441 DEBUG 'KotlinSecuritySensor' skipped because there is no related file in current project
17:07:37  16:07:37.441 DEBUG Sensors : Code Quality and Security for Go -> Go Cover sensor for Go coverage -> Import of GolangCI-Lint issues -> GoModuleSecuritySensor -> IaC hadolint report Sensor -> Java Config Sensor -> IaC Docker Sensor -> IaC GitHub Actions Sensor -> IaC Shell Sensor -> Declarative Rule Engine for Go -> EnterpriseTextAndSecretsSensor -> GoSecuritySensor
17:07:37  16:07:37.442 INFO  Sensor Code Quality and Security for Go [go]
17:07:37  16:07:37.456 DEBUG Expected at least one go.mod file, but found none.
17:07:37  16:07:37.491 INFO  The Go analyzer is running in a context where unchanged files can be skipped.
17:07:37  16:07:37.492 INFO  22 folders (42 files) to be analyzed
**removed other files**
17:07:38  16:07:38.639 DEBUG File x:cmd/main.go is considered unchanged.
17:07:38  16:07:38.639 DEBUG Checking that previous results can be reused for input file x:cmd/main.go.
17:07:38  16:07:38.639 DEBUG Looking up cached CPD tokens for x:cmd/main.go ...
17:07:38  16:07:38.639 DEBUG Found cached CPD tokens for x:cmd/main.go.
17:07:38  16:07:38.639 DEBUG Loading cached CPD tokens for x:cmd/main.go ...
17:07:38  16:07:38.639 DEBUG Loaded cached CPD tokens for x:cmd/main.go.
17:07:38  16:07:38.639 DEBUG Skipping input file x:cmd/main.go (status is unchanged).
**removed other files**
17:07:38  16:07:38.673 INFO  22/22 folders (42 files) have been analyzed
17:07:38  16:07:38.673 INFO  Sensor Code Quality and Security for Go [go] (done) | time=1231ms
17:07:38  16:07:38.674 INFO  Sensor Go Cover sensor for Go coverage [go]
17:07:38  16:07:38.674 INFO  Load coverage report from '/home/jenkins/agent/workspace/x/scripts/reports/coverage.out'
17:07:38  16:07:38.804 DEBUG Save 10000 lines from coverage report '/home/jenkins/agent/workspace/x/scripts/reports/coverage.out'
17:07:38  16:07:38.811 WARN  File '/root/.cache/go-modules/src/github.com/x/x/cmd/main.go' is not included in the project, ignoring coverage
**removed other files**
17:07:39  16:07:38.970 INFO  Sensor Go Cover sensor for Go coverage [go] (done) | time=297ms
17:07:39  16:07:38.970 INFO  Sensor Import of GolangCI-Lint issues [go]
17:07:39  16:07:38.973 INFO  Importing /home/jenkins/agent/workspace/x/scripts/reports/golangci-lint-report.xml
17:07:39  16:07:39.012 INFO  Sensor Import of GolangCI-Lint issues [go] (done) | time=42ms
17:07:39  16:07:39.012 INFO  Sensor GoModuleSecuritySensor [securitygofrontend]
17:07:39  16:07:39.012 INFO  Sensor GoModuleSecuritySensor [securitygofrontend] (done) | time=0ms
17:07:39  16:07:39.012 INFO  Sensor IaC hadolint report Sensor [iac]
17:07:39  16:07:39.014 INFO  Sensor IaC hadolint report Sensor [iac] (done) | time=2ms
17:07:39  16:07:39.014 INFO  Sensor Java Config Sensor [iac]
17:07:39  16:07:39.021 INFO  There are no files to be analyzed for the Java language
17:07:39  16:07:39.021 INFO  Sensor Java Config Sensor [iac] (done) | time=6ms
17:07:39  16:07:39.021 INFO  Sensor IaC Docker Sensor [iac]
17:07:39  16:07:39.021 INFO  Sensor IaC Docker Sensor is restricted to changed files only
17:07:39  16:07:39.021 DEBUG Sensor IaC Docker Sensor is allowed to analyze hidden files
17:07:39  16:07:39.027 DEBUG 'internal/cmd/root_test.go' generated metadata as test  with charset 'UTF-8'
17:07:39  16:07:39.030 DEBUG delta [ns] since modification FileSnapshot failed to detect
17:07:39  count, failures, racy limit [ns], delta min [ns], delta max [ns], delta avg [ns], delta stddev [ns]
17:07:39  14356, 351, 7715, 715725.0, 1606676.0, 1147530.9487179483, 250384.4001357975
17:07:39  16:07:39.030 DEBUG FileStoreAttributes[fsTimestampResolution=3 ?s, minimalRacyInterval=1,606 ?s]
17:07:39  16:07:39.034 DEBUG register org.eclipse.jgit.internal.storage.file.LockFile$$Lambda/0x000076fa54694ba8@611b0edb with shutdown hook
17:07:39  16:07:39.034 DEBUG unregister org.eclipse.jgit.internal.storage.file.LockFile$$Lambda/0x000076fa54694ba8@611b0edb from shutdown hook
17:07:39  16:07:39.034 DEBUG unregister org.eclipse.jgit.internal.storage.file.LockFile$$Lambda/0x000076fa54694ba8@611b0edb from shutdown hook
17:07:39  16:07:39.037 INFO  There are no files to be analyzed for the Docker language
17:07:39  16:07:39.037 INFO  Sensor IaC Docker Sensor [iac] (done) | time=16ms
17:07:39  16:07:39.037 INFO  Sensor IaC GitHub Actions Sensor [iac]
17:07:39  16:07:39.037 DEBUG Sensor IaC GitHub Actions Sensor is allowed to analyze hidden files
17:07:39  16:07:39.037 INFO  There are no files to be analyzed for the GitHub Actions language
17:07:39  16:07:39.037 INFO  Sensor IaC GitHub Actions Sensor [iac] (done) | time=0ms
17:07:39  16:07:39.037 INFO  Sensor IaC Shell Sensor [iac]
17:07:39  16:07:39.037 DEBUG Sensor IaC Shell Sensor is allowed to analyze hidden files
17:07:39  16:07:39.038 INFO  There are no files to be analyzed for the Shell language
17:07:39  16:07:39.038 INFO  Sensor IaC Shell Sensor [iac] (done) | time=1ms
17:07:39  16:07:39.038 INFO  Sensor Declarative Rule Engine for Go [dre]
17:07:39  16:07:39.038 INFO  Sensor Declarative Rule Engine for Go is restricted to changed files only
17:07:39  16:07:39.150 INFO  Detected platform: linux-x64
17:07:39  16:07:39.193 INFO  Found 20 rules to execute.
17:07:39  16:07:39.195 INFO  Extracting analyzer from /analyzer/analyzer-linux-x64.xz
17:07:40  16:07:39.880 INFO  Analyzer extracted to /home/jenkins/agent/workspace/x/.scannerwork/.sonartmp/analyzer/analyzer
17:07:40  16:07:39.881 INFO  Starting analysis.
17:07:40  16:07:39.887 DEBUG Invoking the engine. Command: [/home/jenkins/agent/workspace/x/.scannerwork/.sonartmp/analyzer/analyzer, --facts-only, --batch-size, 614400, --output-dir, /home/jenkins/agent/workspace/x/.scannerwork/.sonartmp/analyzer, go, /home/jenkins/agent/workspace/x/.scannerwork/.sonartmp/rules1069116942555352485.dl]
17:07:40  16:07:39.890 DEBUG Sending 10 files to analyze
17:07:40  16:07:39.891 DEBUG Sending 20 rule parameters
17:07:40  16:07:39.897 DEBUG Processing analysis results from the analyzer process
17:07:40  16:07:40.114 DEBUG Wait for the analyzer process to terminate
17:07:40  16:07:40.114 DEBUG Preparing facts for batch 0
17:07:40  16:07:40.115 DEBUG Invoking Souffle on batch 0 (10 files, 69035 bytes) with timeout 90000ms
17:07:41  16:07:41.343 INFO  Sensor Declarative Rule Engine for Go [dre] (done) | time=2305ms
17:07:41  16:07:41.343 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise]
17:07:41  16:07:41.343 INFO  Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
17:07:41  16:07:41.343 DEBUG Sensor EnterpriseTextAndSecretsSensor is allowed to analyze hidden files
17:07:41  16:07:41.346 INFO  Available processors: 12
17:07:41  16:07:41.346 INFO  Using 12 threads for analysis.
17:07:41  16:07:41.348 DEBUG Initializing SecretsStateContainer with specification loader.
17:07:41  16:07:41.836 DEBUG Initializing ChecksContainer with checks and trie construction.
17:07:41  16:07:41.850 DEBUG ChecksContainer initialized successfully with 15 checks without pre-filter and trie containing 463 patterns.
17:07:41  16:07:41.851 INFO  Start fetching files for the text and secrets analysis
17:07:41  16:07:41.857 DEBUG Read the "git --version" stdout in thread "pool-7-thread-1"
17:07:41  16:07:41.858 DEBUG git --version returned: git version 2.47.3
17:07:41  16:07:41.860 INFO  Using Git CLI to retrieve dirty files
17:07:42  16:07:41.862 DEBUG Read the "git -C /home/jenkins/agent/workspace/x status --untracked-files=all --porcelain" stdout in thread "pool-7-thread-1"
17:07:42  16:07:41.871 INFO  Retrieving language associated files and files included via "sonar.text.inclusions" that are tracked by git
17:07:42  16:07:41.871 INFO  Starting the text and secrets analysis
17:07:42  16:07:41.874 INFO  10 source files to be analyzed for the text and secrets analysis
17:07:42  16:07:41.960 INFO  10/10 source files have been analyzed for the text and secrets analysis
17:07:42  16:07:41.961 DEBUG Analyzed files for the text and secrets analysis: 10
17:07:42  16:07:41.961 INFO  Start fetching files for the binary file analysis
17:07:42  16:07:41.962 INFO  There are no files to be analyzed for the binary file analysis
17:07:42  16:07:41.964 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=620ms
17:07:42  16:07:41.964 INFO  Sensor GoSecuritySensor [security]
17:07:42  16:07:41.971 INFO  9 taint analysis rules enabled.
17:07:42  16:07:41.971 DEBUG Enabled taint analysis rules: S2076, S2083, S2091, S3649, S5144, S5145, S5146, S6096, S6350
17:07:42  16:07:41.972 DEBUG Load type hierarchy and UCFGs: Starting
17:07:42  16:07:41.972 DEBUG Load type hierarchy: Starting
17:07:42  16:07:41.972 DEBUG Reading type hierarchy from: /home/jenkins/agent/workspace/x/.scannerwork/ucfg2/go
17:07:42  16:07:41.974 DEBUG Read 0 type definitions
17:07:42  16:07:41.975 DEBUG Load type hierarchy: Time spent was 00:00:00.003
17:07:42  16:07:41.975 DEBUG Load UCFGs: Starting
17:07:42  16:07:41.976 DEBUG Reading UCFGs from: /home/jenkins/agent/workspace/x/.scannerwork/ucfg2/go
17:07:42  16:07:42.125 DEBUG Loaded 146 ucfgs from 7 files(s) in [/home/jenkins/agent/workspace/x/.scannerwork/ucfg2/go]
17:07:42  16:07:42.126 DEBUG Load UCFGs: Time spent was 00:00:00.150
17:07:42  16:07:42.126 DEBUG Load type hierarchy and UCFGs: Time spent was 00:00:00.154
17:07:42  16:07:42.126 INFO  Analyzing 146 UCFGs to detect vulnerabilities.
17:07:42  16:07:42.126 DEBUG Check cache: Starting
17:07:42  16:07:42.127 DEBUG Load cache: Starting
17:07:42  16:07:42.127 DEBUG Load cache: Time spent was 00:00:00.000
17:07:42  16:07:42.127 DEBUG Check cache: Time spent was 00:00:00.001
17:07:42  16:07:42.128 DEBUG Create runtime call graph: Starting
17:07:42  16:07:42.128 DEBUG Variable Type Analysis #1: Starting
17:07:42  16:07:42.129 DEBUG Create runtime type propagation graph: Starting
17:07:42  16:07:42.141 DEBUG Create runtime type propagation graph: Time spent was 00:00:00.011
17:07:42  16:07:42.141 DEBUG Run SCC (Tarjan) on 1168 nodes: Starting
17:07:42  16:07:42.144 DEBUG Run SCC (Tarjan) on 1168 nodes: Time spent was 00:00:00.003
17:07:42  16:07:42.145 DEBUG Tarjan found 1160 strongly connected components
17:07:42  16:07:42.145 DEBUG Propagate runtime types to strongly connected components: Starting
17:07:42  16:07:42.150 DEBUG Propagate runtime types to strongly connected components: Time spent was 00:00:00.005
17:07:42  16:07:42.150 DEBUG Variable Type Analysis #1: Time spent was 00:00:00.021
17:07:42  16:07:42.152 DEBUG Variable Type Analysis #2: Starting
17:07:42  16:07:42.152 DEBUG Create runtime type propagation graph: Starting
17:07:42  16:07:42.160 DEBUG Create runtime type propagation graph: Time spent was 00:00:00.006
17:07:42  16:07:42.160 DEBUG Run SCC (Tarjan) on 1168 nodes: Starting
17:07:42  16:07:42.161 DEBUG Run SCC (Tarjan) on 1168 nodes: Time spent was 00:00:00.001
17:07:42  16:07:42.161 DEBUG Tarjan found 1160 strongly connected components
17:07:42  16:07:42.161 DEBUG Propagate runtime types to strongly connected components: Starting
17:07:42  16:07:42.164 DEBUG Propagate runtime types to strongly connected components: Time spent was 00:00:00.002
17:07:42  16:07:42.164 DEBUG Variable Type Analysis #2: Time spent was 00:00:00.011
17:07:42  16:07:42.165 DEBUG Create runtime call graph: Time spent was 00:00:00.037
17:07:42  16:07:42.165 DEBUG Load config: Starting
17:07:42  16:07:42.175 DEBUG Refreshing resources in /config/gosecurity/sources/
17:07:42  16:07:42.282 DEBUG Loaded 46 sources.
17:07:42  16:07:42.283 DEBUG Refreshing resources in /config/gosecurity/sanitizers/
17:07:42  16:07:42.300 DEBUG Loaded 23 sanitizers.
17:07:42  16:07:42.300 DEBUG Refreshing resources in /config/gosecurity/validators/
17:07:42  16:07:42.314 DEBUG Loaded 28 validators.
17:07:42  16:07:42.314 DEBUG Refreshing resources in /config/gosecurity/passthroughs/
17:07:42  16:07:42.349 DEBUG Loaded 371 passthroughs.
17:07:42  16:07:42.349 DEBUG Refreshing resources in /config/gosecurity/collectionHandlers/
17:07:42  16:07:42.360 DEBUG Loaded 8 collectionHandlers.
17:07:42  16:07:42.360 DEBUG Refreshing resources in /config/gosecurity/sinks/
17:07:42  16:07:42.390 DEBUG Loaded 426 sinks.
17:07:42  16:07:42.391 DEBUG Refreshing resources in /config/gosecurity/encoders/
17:07:42  16:07:42.399 DEBUG Loaded 11 encoders.
17:07:42  16:07:42.399 DEBUG Refreshing resources in /config/gosecurity/decoders/
17:07:42  16:07:42.406 DEBUG Loaded 9 decoders.
17:07:42  16:07:42.406 DEBUG Resource file /config/gosecurity-autogenerated/safe.bin not found, skipping safe method IDs hashes population.
17:07:42  16:07:42.406 DEBUG Loaded 0 safe method ids hashes.
17:07:42  16:07:42.410 DEBUG Load config: Time spent was 00:00:00.244
17:07:42  16:07:42.410 DEBUG Compute entry points: Starting
17:07:42  16:07:42.425 DEBUG Compute entry points: Time spent was 00:00:00.015
17:07:42  16:07:42.426 INFO  No entry points found.
17:07:42  16:07:42.428 DEBUG go security sensor: Time spent was 00:00:00.460
17:07:42  16:07:42.429 INFO  go security sensor: Begin: 2026-01-21T16:07:41.967737342Z, End: 2026-01-21T16:07:42.428496767Z, Duration: 00:00:00.460
17:07:42    Load type hierarchy and UCFGs: Begin: 2026-01-21T16:07:41.972078818Z, End: 2026-01-21T16:07:42.126436728Z, Duration: 00:00:00.154
17:07:42      Load type hierarchy: Begin: 2026-01-21T16:07:41.972135162Z, End: 2026-01-21T16:07:41.975345469Z, Duration: 00:00:00.003
17:07:42      Load UCFGs: Begin: 2026-01-21T16:07:41.975699252Z, End: 2026-01-21T16:07:42.126296773Z, Duration: 00:00:00.150
17:07:42    Check cache: Begin: 2026-01-21T16:07:42.126521389Z, End: 2026-01-21T16:07:42.127882872Z, Duration: 00:00:00.001
17:07:42      Load cache: Begin: 2026-01-21T16:07:42.127395234Z, End: 2026-01-21T16:07:42.127570515Z, Duration: 00:00:00.000
17:07:42    Create runtime call graph: Begin: 2026-01-21T16:07:42.127954123Z, End: 2026-01-21T16:07:42.164986619Z, Duration: 00:00:00.037
17:07:42      Variable Type Analysis #1: Begin: 2026-01-21T16:07:42.128494841Z, End: 2026-01-21T16:07:42.150142272Z, Duration: 00:00:00.021
17:07:42        Create runtime type propagation graph: Begin: 2026-01-21T16:07:42.129340998Z, End: 2026-01-21T16:07:42.140871670Z, Duration: 00:00:00.011
17:07:42        Run SCC (Tarjan) on 1168 nodes: Begin: 2026-01-21T16:07:42.141318063Z, End: 2026-01-21T16:07:42.144629630Z, Duration: 00:00:00.003
17:07:42        Propagate runtime types to strongly connected components: Begin: 2026-01-21T16:07:42.144795086Z, End: 2026-01-21T16:07:42.150032391Z, Duration: 00:00:00.005
17:07:42      Variable Type Analysis #2: Begin: 2026-01-21T16:07:42.152695144Z, End: 2026-01-21T16:07:42.163927001Z, Duration: 00:00:00.011
17:07:42        Create runtime type propagation graph: Begin: 2026-01-21T16:07:42.152739452Z, End: 2026-01-21T16:07:42.159615019Z, Duration: 00:00:00.006
17:07:42        Run SCC (Tarjan) on 1168 nodes: Begin: 2026-01-21T16:07:42.159795812Z, End: 2026-01-21T16:07:42.160999545Z, Duration: 00:00:00.001
17:07:42        Propagate runtime types to strongly connected components: Begin: 2026-01-21T16:07:42.161084015Z, End: 2026-01-21T16:07:42.163830208Z, Duration: 00:00:00.002
17:07:42    Load config: Begin: 2026-01-21T16:07:42.165071795Z, End: 2026-01-21T16:07:42.409819181Z, Duration: 00:00:00.244
17:07:42    Compute entry points: Begin: 2026-01-21T16:07:42.409990502Z, End: 2026-01-21T16:07:42.425516671Z, Duration: 00:00:00.015
17:07:42  16:07:42.430 INFO  go security sensor peak memory: 151 MB
17:07:42  16:07:42.430 DEBUG Debug information:
17:07:42  16:07:42.430 INFO  Sensor GoSecuritySensor [security] (done) | time=466ms
17:07:42  16:07:42.442 INFO  ------------- Run sensors on project
17:07:42  16:07:42.571 DEBUG 'Import external issues report from SARIF file.' skipped because of missing configuration requirements.
17:07:42  Accessed configuration:
17:07:42  - sonar.sarifReportPaths: <empty>
17:07:42  16:07:42.571 DEBUG 'Java CPD Block Indexer' skipped because there is no related file in current project
17:07:42  16:07:42.571 DEBUG Sensors : Zero Coverage Sensor
17:07:42  16:07:42.572 INFO  Sensor Zero Coverage Sensor
17:07:42  16:07:42.580 INFO  Sensor Zero Coverage Sensor (done) | time=8ms
17:07:42  16:07:42.585 DEBUG ScaCliDownloadClient url: https://scanner.sonarcloud.io/tidelift-cli
17:07:42  16:07:42.585 DEBUG Loading OS trusted SSL certificates...
17:07:42  16:07:42.585 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
17:07:42  16:07:42.654 DEBUG Loaded [438] system trusted certificates
17:07:42  16:07:42.673 DEBUG Loaded truststore from '/usr/lib/sonar-scanner/jre/lib/security/cacerts' containing 152 certificates
17:07:42  16:07:42.690 INFO  ------------- Gather SCA dependencies on project
17:07:42  16:07:42.690 INFO  Checking if SCA is enabled for organization x
17:07:42  16:07:42.690 DEBUG Request URL: https://api.sonarcloud.io/sca/feature-enabled
17:07:42  16:07:42.690 DEBUG --> GET https://api.sonarcloud.io/sca/feature-enabled?organization=x
17:07:43  16:07:43.111 DEBUG <-- 200 https://api.sonarcloud.io/sca/feature-enabled?organization=x (420ms, unknown-length body)
17:07:43  16:07:43.114 DEBUG SCA Enabled Response: EnabledResponse[enabled=false]
17:07:43  16:07:43.114 INFO  Dependency analysis skipped
17:07:43  16:07:43.123 INFO  CPD Executor Calculating CPD for 42 files
17:07:43  16:07:43.152 DEBUG Detection of duplications for /home/jenkins/agent/workspace/x/cmd/main.go
17:07:43  16:07:43.158 INFO  CPD Executor CPD calculation finished (done) | time=34ms
17:07:43  16:07:43.159 INFO  SCM Publisher SCM provider for this project is: git
17:07:43  16:07:43.160 INFO  SCM Publisher 10 source files to be analyzed
17:07:43  16:07:43.162 DEBUG loading config FileBasedConfig[/root/.config/jgit/config]
17:07:43  16:07:43.163 INFO  This git repository references another local repository which is not well supported. SCM information might be missing for some files. You can avoid borrow objects from another local repository by not using --reference or --shared when cloning it.
17:07:43  16:07:43.163 DEBUG Collecting committed files
17:07:43  16:07:43.169 DEBUG Collecting committed files (done) | time=6ms
17:07:43  16:07:43.169 DEBUG Using GIT_NATIVE_BLAME strategy to blame files
17:07:43  16:07:43.178 DEBUG [main] Executing command [[git, --version]]...
17:07:43  16:07:43.229 DEBUG [main] Command [[git, --version]] executed with exit value [0]
17:07:43  16:07:43.231 DEBUG Found GIT version: 2.47.3
17:07:43  16:07:43.340 INFO  SCM Publisher 10/10 source files have been analyzed (done) | time=179ms
17:07:43  16:07:43.408 INFO  SCM writing changed lines
17:07:43  16:07:43.412 DEBUG Merge base sha1: x
17:07:43  16:07:43.503 DEBUG SCM reported changed lines for 10 files in the branch
17:07:43  16:07:43.504 INFO  SCM writing changed lines (done) | time=96ms
17:07:43  16:07:43.507 DEBUG Could not detect the dotnet / msbuild version
17:07:43  16:07:43.507 DEBUG MSBuild version NOT found.
17:07:43  16:07:43.604 INFO  Analysis report generated in 257ms, dir size=418 KB
17:07:43  16:07:43.649 INFO  Analysis report compressed in 44ms, zip size=116 KB
17:07:43  16:07:43.649 INFO  Analysis report generated in /home/jenkins/agent/workspace/x/.scannerwork/scanner-report

Hi all,

A rollback is in progress on our side. ETA: a few hours.

In the meantime, @Gilthoniel it’s not possible to pick a different version of the sensor. Sorry.

 
Ann

@ganncamp That works as well! Thanks for your responsiveness.

May I ask how do you get that detailed information about the plugins being downloaded?

Try add the flag -Dsonar.verbose=true or define sonar.verbose=true.

The changelog is in private project, but the related commit is visible here: SONARGO-13 Go coverage does not support mono-repositories with covera… · SonarSource/sonar-go@c48f21d · GitHub

I meant, not the log but the json containing the jar details of the plugin, including the updatedAt timestamp

@radykal-com this is the endpoint called: https://sonarcloud.io/api/plugins/installed

Thank you

https://github.com/SonarSource/sonar-go/commit/c48f21db5868a093fa8646e5e9b706d51b84c5f0

SonarCloud has added mono-repository support, but removed support for resolving coverage file paths that have prefixes like github.com/org/repo/package.

This was released in Go plugin version 1.32.0.5128, which happened on January 8, 2025, and that changed coverage path resolution behavior.

My speculation is Sonarcloud would have updated to this go plugin and it would’ve started failing since then. I did a bit of transformation in my code coverage pipeline:

• Replace module prefix with the absolute project checkout path
• github.com/org/repo/pkg/foo.go → /home/…/s/pkg/foo.go
• Paths now point directly to actual file locations, bypassing GOPATH resolution

Knowing that you are working on a fix, I would wait for it. Thanks. Hope these observations prove to be of some help.

Hi all,

This should be fixed. Can you try again?

 
Thx!
Ann

yes its working now. Thankyou