Security Hotspot reported in excluded folder/file

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

  • 8.9.3 LTS
  • Scanner 4.8
  • Plugins:
    1. Checkstyle 9.0.1
    2. Dependency-Check 2.0.8
    3. Findbugs 4.0.3
    4. Custom rule we created ourselves
    5. PMD 3.3.1

• what are you trying to achieve
  Exclude folders/files

• what have you tried so far to achieve this
  Reading documentation

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

I got a security hotspot issue in a file that should be excluded:
data/src/main/resources/db/flyway/oracle/V20230127_3.19.0__Fix_column_length_of_EXTERNALREFERENCE.sql

How can I fix this, so that it is realle excluded?

image1014×1051 33 KB

There is no sonar-project.properties file in this repo

Hi,

Can you share the rule id of the Security Hotspot and your full analysis log? The log will show me what exclusions are actually applied.

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

Sorry for the data dump.
I know we are running an older scanner version for Jenkins. Steps are being made to fix this.

Scan errors:
Dependencies/libraries were not provided for analysis of SOURCE files. The ‘sonar.java.libraries’ property is empty. Verify your configuration, as you might end up with less precise results.

The Data Dictionary is not configured for PLSQL analyzer which prevents rule(s) S3641, S3921, S3618, S3651 to raise issues. See http://XXXXX/documentation/analysis/languages/plsql/

image1604×549 33.8 KB

SonarQube plugins:
  - CSS Code Quality and Security 1.4.2.2002 (cssfamily)
  - PL/SQL Code Quality and Security 3.6.1.3873 (plsql)
  - Scala Code Quality and Security 1.8.3.2219 (sonarscala)
  - C# Code Quality and Security 8.22.0.31243 (csharp)
  - Vulnerability Analysis 8.9.0.11439 (security)
  - Java Code Quality and Security 6.15.1.26025 (java)
  - HTML Code Quality and Security 3.4.0.2754 (web)
  - Flex Code Quality and Security 2.6.1.2564 (flex)
  - XML Code Quality and Security 2.2.0.2973 (xml)
  - Java Custom Rules for Miles Next 1.0-SNAPSHOT (javacustommilesnext)
  - VB.NET Code Quality and Security 8.22.0.31243 (vbnet)
  - Swift Code Quality and Security 4.3.1.4892 (swift)
  - CFamily Code Quality and Security 6.20.2.38358 (cpp)
  - Python Code Quality and Security 3.4.1.8066 (python)
  - Go Code Quality and Security 1.8.3.2219 (go)
  - JaCoCo 1.1.1.1157 (jacoco)
  - Kotlin Code Quality and Security 1.8.3.2219 (kotlin)
  - T-SQL Code Quality and Security 1.5.1.4340 (tsql)
  - JavaScript/TypeScript Code Quality and Security 7.4.4.15624 (javascript)
  - Ruby Code Quality and Security 1.8.3.2219 (ruby)
  - Vulnerability Rules for C# 8.9.0.11439 (securitycsharpfrontend)
  - Vulnerability Rules for Java 8.9.0.11439 (securityjavafrontend)
  - License for SonarLint 8.9.6.50800 (license)
  - Vulnerability Rules for JS 8.9.0.11439 (securityjsfrontend)
  - Vulnerability Rules for Python 8.9.0.11439 (securitypythonfrontend)
  - PHP Code Quality and Security 3.17.0.7439 (php)
  - ABAP Code Quality and Security 3.9.1.3127 (abap)
  - Vulnerability Rules for PHP 8.9.0.11439 (securityphpfrontend)
Global server settings:
  - email.smtp_host.secured=******
  - sonar.core.id=XXXXXX
  - sonar.core.serverBaseURL=XXXXX
  - sonar.core.startTime=2022-03-22T10:06:05+0100
  - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk,branch-.*,release-.*
  - sonar.dbcleaner.daysBeforeDeletingInactiveBranchesAndPRs=15
  - sonar.exclusions=**/target/**,**/usr/share/nginx/html/fabric/**,**/dist/**,./node_modules/**,**/flyway/**
  - sonar.forceAuthentication=false
  - sonar.global.test.exclusions=*test/**,**/test/**,**/itest/**
  - sonar.issue.ignore.multicriteria=1,2,3,4,5,6,7,8
  - sonar.issue.ignore.multicriteria.1.resourceKey=**/flyway/mssql/*
  - sonar.issue.ignore.multicriteria.1.ruleKey=plsql:VarcharUsageCheck
  - sonar.issue.ignore.multicriteria.2.resourceKey=**/flyway/postgres/*
  - sonar.issue.ignore.multicriteria.2.ruleKey=plsql:VarcharUsageCheck
  - sonar.issue.ignore.multicriteria.3.resourceKey=**/*Configuration.java
  - sonar.issue.ignore.multicriteria.3.ruleKey=java:S100
  - sonar.issue.ignore.multicriteria.4.resourceKey=**/ServiceApiProviderConfig.java
  - sonar.issue.ignore.multicriteria.4.ruleKey=java:S100
  - sonar.issue.ignore.multicriteria.5.resourceKey=**/flyway/**
  - sonar.issue.ignore.multicriteria.5.ruleKey=plsql:ExecuteImmediateTrapExceptionsCheck
  - sonar.issue.ignore.multicriteria.6.resourceKey=**/flyway/**
  - sonar.issue.ignore.multicriteria.6.ruleKey=plsql:LiteralsNonPrintableCharactersCheck
  - sonar.issue.ignore.multicriteria.7.resourceKey=**/flyway/**
  - sonar.issue.ignore.multicriteria.7.ruleKey=plsql:S1192
  - sonar.issue.ignore.multicriteria.8.resourceKey=**/migrators/**
  - sonar.issue.ignore.multicriteria.8.ruleKey=plsql:JoinConditionNumberCheck
  - sonar.java.file.suffixes=.java,.jav
  - sonar.plugins.risk.consent=ACCEPTED
Project server settings:
Project scanner properties:
  - sonar.exclusions=*test/**,**/test/**,**/itest/**,**/target/**
  - sonar.host.url=XXXXXXX
  - sonar.java.binaries=.
  - sonar.language=java
  - sonar.login=******
  - sonar.projectBaseDir=/data/jenkins/workdir/workspace/XXX
  - sonar.projectKey=XXXXXX
  - sonar.pullrequest.base=master
  - sonar.pullrequest.branch=bugfix/XXXXX
  - sonar.pullrequest.key=16
  - sonar.scanner.app=ScannerCli
  - sonar.scanner.appVersion=4.2.0.1873
  - sonar.scm.exclusions.disabled=true
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.verbose=true
  - sonar.working.directory=/data/jenkins/workdir/workspace/XXXXX

Scan logs:

scannerHome: /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x
[Pipeline] echo
PROJECT_KEY: XXXXXX
[Pipeline] sh
+ /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x/bin/sonar-scanner -X -Dsonar.language=java -Dsonar.scm.exclusions.disabled=true -Dsonar.projectKey=XXXXXX -Dsonar.projectBaseDir=. -Dsonar.sources=. -Dsonar.java.binaries=. '-Dsonar.exclusions=*test/**,**/test/**,**/itest/**,**/target/**' -Dsonar.pullrequest.branch=bugfix/XXXXXX/XXXXXX -Dsonar.pullrequest.key=16 -Dsonar.pullrequest.base=master
Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
13:49:09.227 INFO: Scanner configuration file: /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x/conf/sonar-scanner.properties
13:49:09.233 INFO: Project root configuration file: NONE
13:49:09.265 INFO: SonarQube Scanner 4.2.0.1873
13:49:09.265 INFO: Java 11.0.17 Red Hat, Inc. (64-bit)
13:49:09.265 INFO: Linux 3.10.0-1160.81.1.el7.x86_64 amd64
13:49:09.554 DEBUG: keyStore is : 
13:49:09.554 DEBUG: keyStore type is : pkcs12
13:49:09.554 DEBUG: keyStore provider is : 
13:49:09.555 DEBUG: init keystore
13:49:09.555 DEBUG: init keymanager of type SunX509
13:49:09.822 DEBUG: Create: /data/jenkins/.sonar/cache
13:49:09.824 INFO: User cache: /data/jenkins/.sonar/cache
13:49:09.824 DEBUG: Create: /data/jenkins/.sonar/cache/_tmp
13:49:09.830 DEBUG: Extract sonar-scanner-api-batch in temp...
13:49:09.837 DEBUG: Get bootstrap index...
13:49:09.837 DEBUG: Download: XXXXXX/batch/index
13:49:09.955 DEBUG: Get bootstrap completed
13:49:09.960 DEBUG: Create isolated classloader...
13:49:09.997 DEBUG: Start temp cleaning...
13:49:10.005 DEBUG: Temp cleaning done
13:49:10.006 DEBUG: Execution getVersion
13:49:10.035 INFO: SonarQube server 8.9.6
13:49:10.035 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
13:49:10.037 DEBUG: Work directory: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork
13:49:10.039 DEBUG: Execution execute
13:49:10.352 DEBUG: Developer 8.9.6.50800
13:49:10.607 INFO: Load global settings
13:49:10.682 DEBUG: GET 200 XXXXXX/api/settings/values.protobuf | time=72ms
13:49:10.831 INFO: Load global settings (done) | time=224ms
13:49:10.843 INFO: Server id: XXXXXX
13:49:10.849 INFO: User cache: /data/jenkins/.sonar/cache
13:49:10.853 INFO: Load/download plugins
13:49:10.854 INFO: Load plugins index
13:49:10.870 DEBUG: GET 200 XXXXXX/api/plugins/installed | time=16ms
13:49:10.942 INFO: Load plugins index (done) | time=87ms
13:49:11.280 INFO: Load/download plugins (done) | time=427ms
13:49:11.525 DEBUG: Plugins:
13:49:11.525 DEBUG:   * CSS Code Quality and Security 1.4.2.2002 (cssfamily)
13:49:11.526 DEBUG:   * PL/SQL Code Quality and Security 3.6.1.3873 (plsql)
13:49:11.526 DEBUG:   * Scala Code Quality and Security 1.8.3.2219 (sonarscala)
13:49:11.526 DEBUG:   * C# Code Quality and Security 8.22.0.31243 (csharp)
13:49:11.526 DEBUG:   * Vulnerability Analysis 8.9.0.11439 (security)
13:49:11.527 DEBUG:   * Java Code Quality and Security 6.15.1.26025 (java)
13:49:11.527 DEBUG:   * HTML Code Quality and Security 3.4.0.2754 (web)
13:49:11.527 DEBUG:   * Flex Code Quality and Security 2.6.1.2564 (flex)
13:49:11.528 DEBUG:   * XML Code Quality and Security 2.2.0.2973 (xml)
13:49:11.528 DEBUG:   * Java Custom Rules for Miles Next 1.0-SNAPSHOT (javacustommilesnext)
13:49:11.528 DEBUG:   * VB.NET Code Quality and Security 8.22.0.31243 (vbnet)
13:49:11.528 DEBUG:   * Swift Code Quality and Security 4.3.1.4892 (swift)
13:49:11.529 DEBUG:   * CFamily Code Quality and Security 6.20.2.38358 (cpp)
13:49:11.529 DEBUG:   * Python Code Quality and Security 3.4.1.8066 (python)
13:49:11.529 DEBUG:   * Go Code Quality and Security 1.8.3.2219 (go)
13:49:11.529 DEBUG:   * JaCoCo 1.1.1.1157 (jacoco)
13:49:11.530 DEBUG:   * Kotlin Code Quality and Security 1.8.3.2219 (kotlin)
13:49:11.530 DEBUG:   * T-SQL Code Quality and Security 1.5.1.4340 (tsql)
13:49:11.530 DEBUG:   * JavaScript/TypeScript Code Quality and Security 7.4.4.15624 (javascript)
13:49:11.530 DEBUG:   * Ruby Code Quality and Security 1.8.3.2219 (ruby)
13:49:11.531 DEBUG:   * Vulnerability Rules for C# 8.9.0.11439 (securitycsharpfrontend)
13:49:11.531 DEBUG:   * Vulnerability Rules for Java 8.9.0.11439 (securityjavafrontend)
13:49:11.531 DEBUG:   * License for SonarLint 8.9.6.50800 (license)
13:49:11.531 DEBUG:   * Vulnerability Rules for JS 8.9.0.11439 (securityjsfrontend)
13:49:11.532 DEBUG:   * Vulnerability Rules for Python 8.9.0.11439 (securitypythonfrontend)
13:49:11.532 DEBUG:   * PHP Code Quality and Security 3.17.0.7439 (php)
13:49:11.532 DEBUG:   * ABAP Code Quality and Security 3.9.1.3127 (abap)
13:49:11.533 DEBUG:   * Vulnerability Rules for PHP 8.9.0.11439 (securityphpfrontend)
13:49:11.604 INFO: Loaded core extensions: developer-scanner
13:49:11.644 DEBUG: Installed core extension: developer-scanner
13:49:12.206 INFO: JavaScript/TypeScript frontend is enabled
13:49:12.441 INFO: Process project properties
13:49:12.456 INFO: Process project properties (done) | time=15ms
13:49:12.457 INFO: Execute project builders
13:49:12.457 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
13:49:12.459 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
13:49:12.460 INFO: Execute project builders (done) | time=3ms
13:49:12.465 INFO: Project key: XXXXXX
13:49:12.466 INFO: Base dir: /data/jenkins/workdir/workspace/XXXXXX
13:49:12.466 INFO: Working dir: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork
13:49:12.466 DEBUG: Project global encoding: UTF-8, default locale: en_US
13:49:12.470 DEBUG: Creating module hierarchy
13:49:12.471 DEBUG:   Init module 'XXXXXX'
13:49:12.472 DEBUG:     Base dir: /data/jenkins/workdir/workspace/XXXXXX
13:49:12.472 DEBUG:     Working dir: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork
13:49:12.472 DEBUG:     Module global encoding: UTF-8, default locale: en_US
13:49:12.716 INFO: Load project settings for component key: 'XXXXXX'
13:49:12.743 DEBUG: GET 200 XXXXXX/api/settings/values.protobuf?component=XXXXXX | time=27ms
13:49:12.746 INFO: Load project settings for component key: 'XXXXXX' (done) | time=30ms
13:49:12.766 INFO: Load project branches
13:49:12.795 DEBUG: GET 200 XXXXXX/api/project_branches/list?project=XXXXXX | time=28ms
13:49:12.803 INFO: Load project branches (done) | time=37ms
13:49:12.804 INFO: Load project pull requests
13:49:12.842 DEBUG: GET 200 XXXXXX/api/project_pull_requests/list?project=XXXXXX | time=37ms
13:49:12.860 INFO: Load project pull requests (done) | time=56ms
13:49:12.861 INFO: Load branch configuration
13:49:12.863 INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
13:49:12.867 INFO: Load branch configuration (done) | time=6ms
13:49:12.951 DEBUG: Available languages:
13:49:12.951 DEBUG:   * CSS => "css"
13:49:12.951 DEBUG:   * PL/SQL => "plsql"
13:49:12.951 DEBUG:   * Scala => "scala"
13:49:12.951 DEBUG:   * C# => "cs"
13:49:12.951 DEBUG:   * Java => "java"
13:49:12.952 DEBUG:   * HTML => "web"
13:49:12.952 DEBUG:   * JSP => "jsp"
13:49:12.952 DEBUG:   * Flex => "flex"
13:49:12.952 DEBUG:   * XML => "xml"
13:49:12.952 DEBUG:   * VB.NET => "vbnet"
13:49:12.952 DEBUG:   * Swift => "swift"
13:49:12.952 DEBUG:   * C => "c"
13:49:12.952 DEBUG:   * C++ => "cpp"
13:49:12.953 DEBUG:   * Objective-C => "objc"
13:49:12.953 DEBUG:   * Python => "py"
13:49:12.953 DEBUG:   * Go => "go"
13:49:12.953 DEBUG:   * Kotlin => "kotlin"
13:49:12.953 DEBUG:   * T-SQL => "tsql"
13:49:12.953 DEBUG:   * JavaScript => "js"
13:49:12.953 DEBUG:   * TypeScript => "ts"
13:49:12.953 DEBUG:   * Ruby => "ruby"
13:49:12.954 DEBUG:   * PHP => "php"
13:49:12.954 DEBUG:   * ABAP => "abap"
13:49:12.979 INFO: Auto-configuring with CI 'Jenkins'
13:49:12.982 INFO: Load quality profiles
13:49:13.036 DEBUG: GET 200 XXXXXX/api/qualityprofiles/search.protobuf?project=XXXXXX | time=53ms
13:49:13.056 INFO: Load quality profiles (done) | time=74ms
13:49:13.062 INFO: Auto-configuring with CI 'Jenkins'
13:49:13.065 INFO: Load active rules
13:49:13.194 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowbncAJJpzxbLfyfAo&ps=500&p=1 | time=127ms
13:49:13.351 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AYBAztMAydurLfbu7Mq5&ps=500&p=1 | time=22ms
13:49:13.438 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowbni5JJpzxbLfyfGJ&ps=500&p=1 | time=78ms
13:49:13.497 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowY5xSMQsIW80doYUw&ps=500&p=1 | time=27ms
13:49:13.518 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowY6tqMQsIW80doYVP&ps=500&p=1 | time=11ms
13:49:13.541 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_OVgXW59VmEtRpK&ps=500&p=1 | time=22ms
13:49:13.569 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_IHgXW59VmEtRoM&ps=500&p=1 | time=24ms
13:49:13.633 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_UMgXW59VmEtRvI&ps=500&p=1 | time=60ms
13:49:13.713 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_WSgXW59VmEtRxD&ps=500&p=1 | time=61ms
13:49:13.758 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowbnq9JJpzxbLfyfJI&ps=500&p=1 | time=34ms
13:49:13.863 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AXdOsfJPA_6SLjvVjfls&ps=500&p=1 | time=100ms
13:49:13.893 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_X2gXW59VmEtRyD&ps=500&p=1 | time=19ms
13:49:14.039 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_aagXW59VmEtR17&ps=500&p=1 | time=143ms
13:49:14.217 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWxgk7jb_XCw5-JSyG3F&ps=500&p=1 | time=159ms
13:49:14.268 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowY-g3MQsIW80doYZB&ps=500&p=1 | time=24ms
13:49:14.298 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_nQgXW59VmEtSEn&ps=500&p=1 | time=28ms
13:49:14.319 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_o9gXW59VmEtSFY&ps=500&p=1 | time=18ms
13:49:14.394 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_uHgXW59VmEtSIG&ps=500&p=1 | time=73ms
13:49:14.464 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_wigXW59VmEtSKm&ps=500&p=1 | time=61ms
13:49:14.503 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowbn99JJpzxbLfyfQI&ps=500&p=1 | time=32ms
13:49:14.573 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowboE8JJpzxbLfyfVB&ps=500&p=1 | time=64ms
13:49:14.643 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWowboAUJJpzxbLfyfSD&ps=500&p=1 | time=59ms
13:49:14.710 DEBUG: GET 200 XXXXXX/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt,deprecatedKeys&activation=true&qprofile=AWb5A_0TgXW59VmEtSMl&ps=500&p=1 | time=63ms
13:49:14.758 INFO: Load active rules (done) | time=1692ms
13:49:14.789 INFO: Exclusions based on SCM info is disabled by configuration
13:49:14.801 INFO: Pull request 16 for merge into master from bugfix/XXXXXX/XXXXXX
13:49:14.824 INFO: SCM collecting changed files in the branch
13:49:14.845 DEBUG: loading config FileBasedConfig[/data/jenkins/.config/jgit/config]
13:49:14.847 DEBUG: readpipe [/usr/bin/git, --version],/usr/bin
13:49:14.868 DEBUG: readpipe may return 'git version 2.16.6'
13:49:14.869 DEBUG: remaining output:

13:49:14.869 DEBUG: readpipe [/usr/bin/git, config, --system, --edit],/usr/bin
13:49:14.877 DEBUG: readpipe may return '/etc/gitconfig'
13:49:14.878 DEBUG: remaining output:

13:49:14.880 DEBUG: loading config FileBasedConfig[/etc/gitconfig]
13:49:14.881 DEBUG: loading config FileBasedConfig[/data/jenkins/.gitconfig]
13:49:14.971 DEBUG: Merge base sha1: 9e517aa1368c90b515f590a2d50269d3cb1f8fb9
13:49:15.030 INFO: SCM collecting changed files in the branch (done) | time=206ms
13:49:15.031 DEBUG: SCM reported 8 files changed in the branch
13:49:15.065 DEBUG: Declared extensions of language CSS were converted to sonar.lang.patterns.css : **/*.css,**/*.less,**/*.scss
13:49:15.066 DEBUG: Declared extensions of language PL/SQL were converted to sonar.lang.patterns.plsql : **/*.sql,**/*.pks,**/*.pkb
13:49:15.066 DEBUG: Declared extensions of language Scala were converted to sonar.lang.patterns.scala : **/*.scala
13:49:15.066 DEBUG: Declared extensions of language C# were converted to sonar.lang.patterns.cs : **/*.cs
13:49:15.066 DEBUG: Declared extensions of language Java were converted to sonar.lang.patterns.java : **/*.java,**/*.jav
13:49:15.067 DEBUG: Declared extensions of language HTML were converted to sonar.lang.patterns.web : **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml
13:49:15.068 DEBUG: Declared extensions of language JSP were converted to sonar.lang.patterns.jsp : **/*.jsp,**/*.jspf,**/*.jspx
13:49:15.068 DEBUG: Declared extensions of language Flex were converted to sonar.lang.patterns.flex : **/*.as
13:49:15.068 DEBUG: Declared extensions of language XML were converted to sonar.lang.patterns.xml : **/*.xml,**/*.xsd,**/*.xsl
13:49:15.068 DEBUG: Declared extensions of language VB.NET were converted to sonar.lang.patterns.vbnet : **/*.vb
13:49:15.069 DEBUG: Declared extensions of language Swift were converted to sonar.lang.patterns.swift : **/*.swift
13:49:15.069 DEBUG: Declared extensions of language C were converted to sonar.lang.patterns.c : **/*.c,**/*.h
13:49:15.070 DEBUG: Declared extensions of language C++ were converted to sonar.lang.patterns.cpp : **/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp
13:49:15.070 DEBUG: Declared extensions of language Objective-C were converted to sonar.lang.patterns.objc : **/*.m
13:49:15.070 DEBUG: Declared extensions of language Python were converted to sonar.lang.patterns.py : **/*.py
13:49:15.071 DEBUG: Declared extensions of language Go were converted to sonar.lang.patterns.go : **/*.go
13:49:15.071 DEBUG: Declared extensions of language Kotlin were converted to sonar.lang.patterns.kotlin : **/*.kt
13:49:15.071 DEBUG: Declared extensions of language T-SQL were converted to sonar.lang.patterns.tsql : **/*.tsql
13:49:15.072 DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.mjs,**/*.vue
13:49:15.072 DEBUG: Declared extensions of language TypeScript were converted to sonar.lang.patterns.ts : **/*.ts,**/*.tsx
13:49:15.072 DEBUG: Declared extensions of language Ruby were converted to sonar.lang.patterns.ruby : **/*.rb
13:49:15.073 DEBUG: Declared extensions of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
13:49:15.073 DEBUG: Declared extensions of language ABAP were converted to sonar.lang.patterns.abap : **/*.abap,**/*.ab4,**/*.flow,**/*.asprog
13:49:15.075 DEBUG: Will ignore generated code
13:49:15.076 DEBUG: Will ignore generated code
13:49:15.080 INFO: Indexing files...
13:49:15.081 INFO: Project configuration:
13:49:15.082 INFO:   Excluded sources: *test/**, **/test/**, **/itest/**, **/target/**
13:49:15.082 INFO:   Excluded tests: *test/**, **/test/**, **/itest/**
13:49:15.110 DEBUG: 'data/CHANGELOG.md' indexed with no language
13:49:15.113 DEBUG: 'data/README.md' indexed with no language
13:49:15.115 DEBUG: 'data/mvnw' indexed with no language
13:49:15.118 DEBUG: 'data/mvnw.cmd' indexed with no language
13:49:15.121 DEBUG: 'data/pom.xml' indexed with language 'xml'
********
13:49:15.176 DEBUG: 'data/src/main/resources/application.properties' indexed with no language
13:49:15.178 DEBUG: 'data/src/main/resources/db/data_loads.yaml' indexed with no language
13:49:15.182 DEBUG: 'data/src/main/resources/db/flyway/mssql/V20201218_3.0.0__Initial_setup.sql' indexed with language 'plsql'
******
13:49:15.334 DEBUG: 'data/src/main/resources/db/flyway/postgres/V20230127_3.19.0__Fix_column_length_of_EXTERNALREFERENCE.sql' indexed with language 'plsql'
13:49:15.335 DEBUG: 'data/src/main/resources/db/migrators/ALLOCATED_DRIVER/migration.sql' indexed with language 'plsql'
1*****
13:49:15.411 DEBUG: 'data/src/main/resources/dynamic_attributes_config.json' indexed with no language
13:49:15.412 DEBUG: 'data/src/main/resources/resources-config.json' indexed with no language
13:49:15.470 DEBUG: 'engine/CHANGELOG.md' indexed with no language
13:49:15.471 DEBUG: 'engine/README.md' indexed with no language
13:49:15.471 DEBUG: 'engine/mvnw' indexed with no language
13:49:15.472 DEBUG: 'engine/mvnw.cmd' indexed with no language
13:49:15.472 DEBUG: 'engine/pom.xml' indexed with language 'xml'
13:49:15.474 DEBUG: 'engine/src/main/java/miles/quote/engine/api/APIConstants.java' indexed with language 'java'
*******
13:49:15.548 DEBUG: 'engine/src/main/resources/application.properties' indexed with no language
13:49:15.592 DEBUG: 'pom.xml' indexed with language 'xml'
13:49:15.595 INFO: 307 files indexed
13:49:15.595 INFO: 1624 files ignored because of inclusion/exclusion patterns
13:49:15.596 INFO: Quality profile for java: Sonar Sofico way
13:49:15.596 INFO: Quality profile for plsql: Sonar Sofico way
13:49:15.596 INFO: Quality profile for xml: Sonar way
13:49:15.596 INFO: ------------- Run sensors on module XXXXXX
13:49:15.730 INFO: JavaScript/TypeScript frontend is enabled
13:49:15.747 INFO: Load metrics repository
13:49:15.762 DEBUG: GET 200 XXXXXX/api/metrics/search?f=name,description,direction,qualitative,custom&ps=500&p=1 | time=15ms
13:49:15.781 INFO: Load metrics repository (done) | time=34ms
13:49:18.102 DEBUG: Adding rules for repository 'jssecurity', language: JAVASCRIPT, [class A.A.A.A.A.A.B, class A.A.A.A.A.A.I, class A.A.A.A.A.A.K, class A.A.A.A.A.A.L, class A.A.A.A.A.A.M, class A.A.A.A.A.A.C, class A.A.A.A.A.A.G, class A.A.A.A.A.A.H, class A.A.A.A.A.A.J, class A.A.A.A.A.A.F, class A.A.A.A.A.A.D, class A.A.A.A.A.A.E, class A.A.A.A.A.A.A] from A.A.A.A.A.D
13:49:18.113 DEBUG: Adding rules for repository 'tssecurity', language: TYPESCRIPT, [class A.A.A.A.A.A.B, class A.A.A.A.A.A.I, class A.A.A.A.A.A.K, class A.A.A.A.A.A.L, class A.A.A.A.A.A.M, class A.A.A.A.A.A.C, class A.A.A.A.A.A.G, class A.A.A.A.A.A.H, class A.A.A.A.A.A.J, class A.A.A.A.A.A.F, class A.A.A.A.A.A.D, class A.A.A.A.A.A.E, class A.A.A.A.A.A.A] from A.A.A.A.A.B
13:49:18.657 DEBUG: 'Import external issues report' skipped because one of the required properties is missing
13:49:18.657 DEBUG: 'CSS Metrics' skipped because there is no related file in current project
13:49:18.659 DEBUG: 'Import of stylelint issues' skipped because there is no related file in current project
13:49:18.660 DEBUG: 'Scala Sensor' skipped because there is no related file in current project
13:49:18.661 DEBUG: 'Scoverage sensor for Scala coverage' skipped because there is no related file in current project
13:49:18.662 DEBUG: 'Import of Scalastyle issues' skipped because there is no related file in current project
13:49:18.662 DEBUG: 'Import of Scapegoat issues' skipped because there is no related file in current project
13:49:18.663 DEBUG: 'Import of Checkstyle issues' skipped because one of the required properties is missing
13:49:18.663 DEBUG: 'Import of PMD issues' skipped because one of the required properties is missing
13:49:18.664 DEBUG: 'Import of SpotBugs issues' skipped because one of the required properties is missing
13:49:18.665 DEBUG: 'Removed properties sensor' skipped because one of the required properties is missing
13:49:18.666 DEBUG: 'Flex' skipped because there is no related file in current project
13:49:18.666 DEBUG: 'Flex Cobertura' skipped because there is no related file in current project
13:49:18.666 DEBUG: 'Swift Code Quality and Security' skipped because there is no related file in current project
13:49:18.667 DEBUG: 'Import of SwiftLint issues' skipped because there is no related file in current project
13:49:18.668 DEBUG: 'gcov' skipped because there is no related file in current project
13:49:18.669 DEBUG: 'llvm-cov' skipped because there is no related file in current project
13:49:18.670 DEBUG: 'cppunit' skipped because there is no related file in current project
13:49:18.671 DEBUG: 'VisualStudioCoverage' skipped because there is no related file in current project
13:49:18.672 DEBUG: 'bullseye' skipped because there is no related file in current project
13:49:18.672 DEBUG: 'Python Sensor' skipped because there is no related file in current project
13:49:18.672 DEBUG: 'Cobertura Sensor for Python coverage' skipped because there is no related file in current project
13:49:18.673 DEBUG: 'PythonXUnitSensor' skipped because there is no related file in current project
13:49:18.674 DEBUG: 'Import of Pylint issues' skipped because there is no related file in current project
13:49:18.674 DEBUG: 'Import of Bandit issues' skipped because there is no related file in current project
13:49:18.675 DEBUG: 'Import of Flake8 issues' skipped because there is no related file in current project
13:49:18.675 DEBUG: 'Code Quality and Security for Go' skipped because there is no related file in current project
13:49:18.676 DEBUG: 'Go Unit Test Report' skipped because there is no related file in current project
13:49:18.676 DEBUG: 'Go Cover sensor for Go coverage' skipped because one of the required properties is missing
13:49:18.677 DEBUG: 'Import of go vet issues' skipped because there is no related file in current project
13:49:18.677 DEBUG: 'Import of Golint issues' skipped because there is no related file in current project
13:49:18.678 DEBUG: 'Import of GoMetaLinter issues' skipped because there is no related file in current project
13:49:18.678 DEBUG: 'Import of GolangCI-Lint issues' skipped because there is no related file in current project
13:49:18.678 DEBUG: 'Kotlin Sensor' skipped because there is no related file in current project
13:49:18.679 DEBUG: 'KotlinSurefireSensor' skipped because there is no related file in current project
13:49:18.679 DEBUG: 'Import of detekt issues' skipped because there is no related file in current project
13:49:18.680 DEBUG: 'Import of Android Lint issues' skipped because one of the required properties is missing
13:49:18.680 DEBUG: 'T-SQL Sensor' skipped because there is no related file in current project
13:49:18.680 DEBUG: 'JavaScript analysis' skipped because there is no related file in current project
13:49:18.681 DEBUG: 'TypeScript analysis' skipped because there is no related file in current project
13:49:18.681 DEBUG: 'JavaScript/TypeScript Coverage' skipped because there is no related file in current project
13:49:18.682 DEBUG: 'Import of ESLint issues' skipped because one of the required properties is missing
13:49:18.682 DEBUG: 'Import of TSLint issues' skipped because one of the required properties is missing
13:49:18.682 DEBUG: 'Ruby Sensor' skipped because there is no related file in current project
13:49:18.683 DEBUG: 'Import of RuboCop issues' skipped because there is no related file in current project
13:49:18.683 DEBUG: 'SimpleCov Sensor for Ruby coverage' skipped because there is no related file in current project
13:49:18.684 DEBUG: 'Python HTML templates processing' skipped because there is no related file in current project
13:49:18.684 DEBUG: 'PHP sensor' skipped because there is no related file in current project
13:49:18.684 DEBUG: 'Analyzer for "php.ini" files' skipped because there is no related file in current project
13:49:18.684 DEBUG: 'AbapSquidSensor' skipped because there is no related file in current project
13:49:18.690 DEBUG: 'Generic Test Executions Report' skipped because one of the required properties is missing
13:49:18.691 DEBUG: 'CFamily' skipped because there is no related file in current project
13:49:18.692 DEBUG: Sensors : JavaSquidSensor -> CSS Rules -> PL/SQL Sensor -> C# Project Type Information -> C# Properties -> SurefireSensor -> JavaXmlSensor -> HTML -> XML Sensor -> VB.NET Project Type Information -> VB.NET Properties -> JaCoCo XML Report Importer -> ThymeLeaf template sensor -> JavaSecuritySensor -> CSharpSecuritySensor -> PhpSecuritySensor -> PythonSecuritySensor -> JsSecuritySensor
13:49:18.694 INFO: Sensor JavaSquidSensor [java]
13:49:19.165 INFO: Configured Java source version (sonar.java.source): none
13:49:19.177 INFO: JavaClasspath initialization
13:49:19.181 DEBUG: Property 'sonar.java.jdkHome' resolved with:
[]
13:49:19.181 DEBUG: Property 'sonar.java.libraries' resolved with:
[]
13:49:19.181 INFO: JavaClasspath initialization (done) | time=4ms
13:49:19.181 INFO: JavaTestClasspath initialization
13:49:19.181 DEBUG: Property 'sonar.java.jdkHome' resolved with:
[]
13:49:19.182 DEBUG: Property 'sonar.java.test.libraries' resolved with:
[]
13:49:19.182 INFO: JavaTestClasspath initialization (done) | time=1ms
13:49:19.209 DEBUG: Found 0 JSP files.
13:49:19.209 INFO: Java Main Files AST scan
13:49:19.215 INFO: 152 source files to be analyzed
******
13:49:35.140 INFO: 152/152 source files have been analyzed
13:49:35.143 WARN: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
13:49:35.143 WARN: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
13:49:35.145 DEBUG: First 50 unresolved imports/types:
******
- ...
13:49:35.145 INFO: Java Main Files AST scan (done) | time=15936ms
13:49:35.145 INFO: Java Test Files AST scan
13:49:35.146 INFO: 0 source files to be analyzed
13:49:35.146 INFO: 0/0 source files have been analyzed
13:49:35.146 INFO: Java Test Files AST scan (done) | time=1ms
13:49:35.146 INFO: Java Generated Files AST scan
13:49:35.146 INFO: 0 source files to be analyzed
13:49:35.147 INFO: 0/0 source files have been analyzed
13:49:35.147 INFO: Java Generated Files AST scan (done) | time=1ms
13:49:35.147 INFO: Sensor JavaSquidSensor [java] (done) | time=16454ms
13:49:35.147 INFO: Sensor CSS Rules [cssfamily]
13:49:35.148 INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
13:49:35.148 INFO: Sensor CSS Rules [cssfamily] (done) | time=1ms
13:49:35.148 INFO: Sensor PL/SQL Sensor [plsql]
13:49:35.253 WARN: The Data Dictionary is not configured for PLSQL analyzer which prevents rule(s) S3641, S3921, S3618, S3651 to raise issues. See XXXXXX/documentation/analysis/languages/plsql/
13:49:35.266 INFO: 98 source files to be analyzed
13:49:35.269 DEBUG: 'data/src/main/resources/db/flyway/mssql/V20220412_3.10.0__XXXXXX.sql' generated metadata with charset 'UTF-8'
13:49:35.340 WARN: 
13:49:35.340 WARN: Unable to fully parse: /data/jenkins/workdir/workspace/XXXXXX/data/src/main/resources/db/flyway/mssql/V20220412_3.10.0__XXXXXX.sql
13:49:35.340 WARN: Parse error starting from line 1
13:49:35.340 WARN: 
13:49:35.341 WARN: 
1******
13:49:36.766 DEBUG: 'data/src/main/resources/db/flyway/postgres/V20220412_3.10.0__XXXXXX.sql' generated metadata with charset 'UTF-8'
*******
13:49:38.243 INFO: 98/98 source files have been analyzed
13:49:38.247 INFO: Sensor PL/SQL Sensor [plsql] (done) | time=3099ms
13:49:38.247 INFO: Sensor C# Project Type Information [csharp]
13:49:38.249 INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
13:49:38.249 INFO: Sensor C# Properties [csharp]
13:49:38.250 DEBUG: Project 'XXXXXX': Property missing: 'sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.
13:49:38.251 DEBUG: Project 'XXXXXX': No Roslyn issues reports have been found.
13:49:38.251 INFO: Sensor C# Properties [csharp] (done) | time=2ms
13:49:38.251 INFO: Sensor SurefireSensor [java]
13:49:38.252 INFO: parsing [/data/jenkins/workdir/workspace/XXXXXX/target/surefire-reports]
13:49:38.252 INFO: Sensor SurefireSensor [java] (done) | time=1ms
13:49:38.252 INFO: Sensor JavaXmlSensor [java]
13:49:38.263 DEBUG: 'pom.xml' generated metadata with charset 'UTF-8'
13:49:38.263 INFO: 3 source files to be analyzed
13:49:38.457 DEBUG: 'data/pom.xml' generated metadata with charset 'UTF-8'
13:49:38.479 DEBUG: 'engine/pom.xml' generated metadata with charset 'UTF-8'
13:49:38.503 INFO: 3/3 source files have been analyzed
13:49:38.503 INFO: Sensor JavaXmlSensor [java] (done) | time=251ms
13:49:38.503 INFO: Sensor HTML [web]
13:49:38.508 INFO: Sensor HTML [web] (done) | time=5ms
13:49:38.508 INFO: Sensor XML Sensor [xml]
13:49:38.516 INFO: 3 source files to be analyzed
13:49:38.647 DEBUG: Count lines in file:///data/jenkins/workdir/workspace/XXXXXX/pom.xml
13:49:38.672 DEBUG: Count lines in file:///data/jenkins/workdir/workspace/XXXXXX/data/pom.xml
13:49:38.698 DEBUG: Count lines in file:///data/jenkins/workdir/workspace/XXXXXX/engine/pom.xml
13:49:38.719 INFO: 3/3 source files have been analyzed
13:49:38.719 INFO: Sensor XML Sensor [xml] (done) | time=211ms
13:49:38.719 INFO: Sensor VB.NET Project Type Information [vbnet]
13:49:38.720 INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
13:49:38.721 INFO: Sensor VB.NET Properties [vbnet]
13:49:38.721 DEBUG: Project 'XXXXXX': Property missing: 'sonar.vbnet.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.
13:49:38.722 DEBUG: Project 'XXXXXX': No Roslyn issues reports have been found.
13:49:38.722 INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
13:49:38.722 INFO: Sensor JaCoCo XML Report Importer [jacoco]
13:49:38.728 INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
13:49:38.729 INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
13:49:38.729 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=7ms
13:49:38.729 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
13:49:38.731 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=2ms
13:49:38.731 INFO: Sensor JavaSecuritySensor [security]
13:49:38.732 INFO: Reading type hierarchy from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/java
13:49:38.872 INFO: Read 203 type definitions
13:49:38.882 INFO: Reading UCFGs from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/java
13:49:39.434 INFO: 13:49:39.434058 Building Runtime Type propagation graph
13:49:39.462 INFO: 13:49:39.46281 Running Tarjan on 1840 nodes
13:49:39.474 INFO: 13:49:39.474145 Tarjan found 1840 components
13:49:39.484 INFO: 13:49:39.484077 Variable type analysis: done
13:49:39.486 INFO: 13:49:39.486643 Building Runtime Type propagation graph
13:49:39.499 INFO: 13:49:39.499813 Running Tarjan on 1840 nodes
13:49:39.502 INFO: 13:49:39.502775 Tarjan found 1840 components
13:49:39.509 INFO: 13:49:39.50896 Variable type analysis: done
13:49:39.512 INFO: Analyzing 719 ucfgs to detect vulnerabilities.
13:49:39.637 DEBUG: Resource file javasecurity/sources/S5131.json was not read
13:49:39.641 DEBUG: loaded 289 sources for rule S5131
13:49:39.664 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.669 DEBUG: loaded 31 sinks for rule S5131
13:49:39.698 DEBUG: Resource file javasecurity/sources/S3649.json was not read
13:49:39.699 DEBUG: loaded 289 sources for rule S3649
13:49:39.702 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.711 DEBUG: loaded 277 sinks for rule S3649
13:49:39.792 DEBUG: Resource file javasecurity/sources/S2076.json was not read
13:49:39.792 DEBUG: loaded 289 sources for rule S2076
13:49:39.795 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.797 DEBUG: loaded 15 sinks for rule S2076
13:49:39.808 DEBUG: Resource file javasecurity/sources/S2091.json was not read
13:49:39.808 DEBUG: loaded 289 sources for rule S2091
13:49:39.811 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.813 DEBUG: loaded 23 sinks for rule S2091
13:49:39.826 DEBUG: Resource file javasecurity/sources/S2078.json was not read
13:49:39.827 DEBUG: loaded 289 sources for rule S2078
13:49:39.830 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.834 DEBUG: loaded 191 sinks for rule S2078
13:49:39.881 DEBUG: Resource file javasecurity/sources/S2631.json was not read
13:49:39.881 DEBUG: loaded 289 sources for rule S2631
13:49:39.883 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.885 DEBUG: loaded 8 sinks for rule S2631
13:49:39.894 DEBUG: Resource file javasecurity/sources/S2083.json was not read
13:49:39.894 DEBUG: loaded 289 sources for rule S2083
13:49:39.897 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.900 DEBUG: loaded 165 sinks for rule S2083
13:49:39.938 DEBUG: Resource file javasecurity/sources/S5167.json was not read
13:49:39.939 DEBUG: loaded 289 sources for rule S5167
13:49:39.941 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.943 DEBUG: loaded 22 sinks for rule S5167
13:49:39.954 DEBUG: Resource file javasecurity/sources/S5144.json was not read
13:49:39.955 DEBUG: loaded 289 sources for rule S5144
13:49:39.958 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.961 DEBUG: loaded 72 sinks for rule S5144
13:49:39.985 DEBUG: Resource file javasecurity/sources/S5145.json was not read
13:49:39.985 DEBUG: loaded 289 sources for rule S5145
13:49:39.987 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:39.990 DEBUG: loaded 204 sinks for rule S5145
13:49:40.039 DEBUG: Resource file javasecurity/sources/S5146.json was not read
13:49:40.040 DEBUG: loaded 289 sources for rule S5146
13:49:40.042 DEBUG: Resource file javasecurity/sinks/common.json was not read
13:49:40.043 DEBUG: loaded 32 sinks for rule S5146
13:49:40.052 INFO: All rules entrypoints : 0 Retained UCFGs : 0
13:49:40.054 INFO: rule: S5131, entrypoints: 0
13:49:40.054 INFO: rule: S5131 done
13:49:40.054 INFO: rule: S3649, entrypoints: 0
13:49:40.054 INFO: rule: S3649 done
13:49:40.054 INFO: rule: S2076, entrypoints: 0
13:49:40.054 INFO: rule: S2076 done
13:49:40.054 INFO: rule: S2091, entrypoints: 0
13:49:40.055 INFO: rule: S2091 done
13:49:40.055 INFO: rule: S2078, entrypoints: 0
13:49:40.055 INFO: rule: S2078 done
13:49:40.055 INFO: rule: S2631, entrypoints: 0
13:49:40.055 INFO: rule: S2631 done
13:49:40.055 INFO: rule: S2083, entrypoints: 0
13:49:40.055 INFO: rule: S2083 done
13:49:40.055 INFO: rule: S5167, entrypoints: 0
13:49:40.055 INFO: rule: S5167 done
13:49:40.055 INFO: rule: S5144, entrypoints: 0
13:49:40.055 INFO: rule: S5144 done
13:49:40.055 INFO: rule: S5145, entrypoints: 0
13:49:40.055 INFO: rule: S5145 done
13:49:40.055 INFO: rule: S5146, entrypoints: 0
13:49:40.055 INFO: rule: S5146 done
13:49:40.055 INFO: Sensor JavaSecuritySensor [security] (done) | time=1324ms
13:49:40.055 INFO: Sensor CSharpSecuritySensor [security]
13:49:40.056 INFO: Reading type hierarchy from: /data/jenkins/workdir/workspace/XXXXXX/ucfg_cs2
13:49:40.056 INFO: Read 0 type definitions
13:49:40.056 INFO: Reading UCFGs from: /data/jenkins/workdir/workspace/XXXXXX/ucfg_cs2
13:49:40.056 INFO: No UCFGs have been included for analysis.
13:49:40.056 INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
13:49:40.056 INFO: Sensor PhpSecuritySensor [security]
13:49:40.056 INFO: Reading type hierarchy from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/php
13:49:40.056 INFO: Read 0 type definitions
13:49:40.056 INFO: Reading UCFGs from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/php
13:49:40.056 INFO: No UCFGs have been included for analysis.
13:49:40.056 INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
13:49:40.057 INFO: Sensor PythonSecuritySensor [security]
13:49:40.057 INFO: Reading type hierarchy from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/python
13:49:40.057 INFO: Read 0 type definitions
13:49:40.057 INFO: Reading UCFGs from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/python
13:49:40.057 INFO: No UCFGs have been included for analysis.
13:49:40.057 INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
13:49:40.057 INFO: Sensor JsSecuritySensor [security]
13:49:40.057 INFO: Reading type hierarchy from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/js
13:49:40.057 INFO: Read 0 type definitions
13:49:40.057 INFO: Reading UCFGs from: /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/ucfg2/js
13:49:40.057 INFO: No UCFGs have been included for analysis.
13:49:40.057 INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
13:49:40.061 INFO: ------------- Run sensors on project
13:49:40.082 DEBUG: 'Generic Coverage Report' skipped because one of the required properties is missing
13:49:40.082 DEBUG: 'C#' skipped because there is no related file in current project
13:49:40.082 DEBUG: 'C# Tests Coverage Report Import' skipped because there is no related file in current project
13:49:40.083 DEBUG: '[Deprecated] C# Integration Tests Coverage Report Import' skipped because there is no related file in current project
13:49:40.083 DEBUG: 'C# Unit Test Results Import' skipped because there is no related file in current project
13:49:40.083 DEBUG: 'VB.NET' skipped because there is no related file in current project
13:49:40.084 DEBUG: 'VB.NET Tests Coverage Report Import' skipped because there is no related file in current project
13:49:40.084 DEBUG: '[Deprecated] VB.NET Integration Tests Coverage Report Import' skipped because there is no related file in current project
13:49:40.084 DEBUG: 'VB.NET Unit Test Results Import' skipped because there is no related file in current project
13:49:40.085 DEBUG: Sensors : Zero Coverage Sensor -> Java CPD Block Indexer
13:49:40.085 INFO: Sensor Zero Coverage Sensor
13:49:40.240 INFO: Sensor Zero Coverage Sensor (done) | time=154ms
13:49:40.240 INFO: Sensor Java CPD Block Indexer
******
13:49:40.614 INFO: Sensor Java CPD Block Indexer (done) | time=374ms
13:49:40.619 INFO: SCM Publisher SCM provider for this project is: git
13:49:40.621 INFO: SCM Publisher 6 source files to be analyzed
13:49:40.635 DEBUG: Blame file engine/pom.xml
13:49:40.635 DEBUG: Blame file data/src/main/resources/db/flyway/postgres/V20230127_3.19.0__Fix_column_length_of_EXTERNALREFERENCE.sql
13:49:40.637 DEBUG: Blame file data/src/main/resources/db/flyway/oracle/V20230127_3.19.0__Fix_column_length_of_EXTERNALREFERENCE.sql
13:49:40.639 DEBUG: Blame file engine/src/main/java/miles/quote/engine/api/APIConstants.java
13:49:40.819 DEBUG: Blame file data/pom.xml
13:49:40.940 DEBUG: Blame file data/src/main/resources/db/flyway/mssql/V20230127_3.19.0__Fix_column_length_of_EXTERNALREFERENCE.sql
13:49:41.228 INFO: SCM Publisher 6/6 source files have been analyzed (done) | time=606ms
13:49:41.264 INFO: CPD Executor 78 files had no CPD blocks
13:49:41.264 INFO: CPD Executor Calculating CPD for 172 files
13:49:41.265 DEBUG: Detection of duplications for /data/jenkins/workdir/workspace/XXXXXX/data/src/main/resources/db/flyway/postgres/V20211027_3.8.0__Add_fields_to_QUOTE_DOCUMENT_Add_DOCUMENT_TEMPLATE_Add_DOCUMENT_LANGUAGE_TEMPLATE.sql
*******
13:49:41.493 DEBUG: Detection of duplications for /data/jenkins/workdir/workspace/XXXXXX/data/src/main/resources/db/flyway/mssql/V20221207_3.16.0__Add_table_QUOTE_STIPULATION_DOCUMENT.sql
*******
13:49:41.504 INFO: CPD Executor CPD calculation finished (done) | time=239ms
13:49:41.517 DEBUG: SCM revision ID 'XXXXX'
13:49:41.733 INFO: SCM writing changed lines
13:49:41.746 DEBUG: Merge base sha1: XXXXXX
13:49:41.890 DEBUG: SCM reported changed lines for 6 files in the branch
13:49:41.890 INFO: SCM writing changed lines (done) | time=157ms
13:49:41.920 INFO: Analysis report generated in 386ms, dir size=346 KB
13:49:43.358 INFO: Analysis report compressed in 1437ms, zip size=229 KB
13:49:43.358 INFO: Analysis report generated in /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/scanner-report
13:49:43.358 DEBUG: Upload report
13:49:43.552 DEBUG: POST 200 XXXXXX/api/ce/submit?projectKey=XXXXXX&characteristic=pullRequest%3D16 | time=192ms
13:49:43.557 INFO: Analysis report uploaded in 198ms
13:49:43.560 DEBUG: Report metadata written to /data/jenkins/workdir/workspace/XXXXXX/.scannerwork/report-task.txt
13:49:43.560 INFO: ANALYSIS SUCCESSFUL, you can browse XXXXXX/dashboard?id=XXXXXX&pullRequest=16
13:49:43.560 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
13:49:43.560 INFO: More about the report processing at XXXXXX/api/ce/task?id=AYYCuehCydurLfbu7SfU
13:49:43.564 DEBUG: Post-jobs : 
13:49:43.567 INFO: Analysis total time: 31.963 s
13:49:43.571 INFO: ------------------------------------------------------------------------
13:49:43.571 INFO: EXECUTION SUCCESS
13:49:43.571 INFO: ------------------------------------------------------------------------
13:49:43.571 INFO: Total time: 34.393s
13:49:43.698 INFO: Final Memory: 33M/124M
13:49:43.698 INFO: ------------------------------------------------------------------------

Hi,

Thanks for all the detail.

From it, we get the exclusions that are applied during analysis, here in the analysis log:

And again in the Scanner Context

These patterns don’t actually exclude any files. For that you’ll need to add *.* at the end for: sonar.exclusions=sonar.exclusions=*test/**/*.*,**/test/**/*.*,**/itest/**/*.*,**/target/**/*.*

 
Ann

Thank you very much for your help Ann!
I updated the config and I will check with the team if it is fixed.
Have a nice day!

Hi Ann,

I implemented the changes as you suggested, but last week we got the same issue again. Logs below.
As far as I can see, the Jenkins exclusions don’t match the ones from the SQ server. There is no sonar.properties file in this repo.

Focus again is on: **/flyway/**/*.*

Hotspot violations:
plsql:UseForallStatementCheck
plsql:UseNativeSqlJoinsInsteadOfEmbeddedCursorLoopsCheck

SonarQube plugins:
  - CSS Code Quality and Security 1.4.2.2002 (cssfamily)
  - PL/SQL Code Quality and Security 3.6.1.3873 (plsql)
  - Scala Code Quality and Security 1.8.3.2219 (sonarscala)
  - C# Code Quality and Security 8.22.0.31243 (csharp)
  - Vulnerability Analysis 8.9.0.11439 (security)
  - Java Code Quality and Security 6.15.1.26025 (java)
  - HTML Code Quality and Security 3.4.0.2754 (web)
  - Flex Code Quality and Security 2.6.1.2564 (flex)
  - XML Code Quality and Security 2.2.0.2973 (xml)
  - Java Custom Rules for Miles Next 1.0-SNAPSHOT (javacustommilesnext)
  - VB.NET Code Quality and Security 8.22.0.31243 (vbnet)
  - Swift Code Quality and Security 4.3.1.4892 (swift)
  - CFamily Code Quality and Security 6.20.2.38358 (cpp)
  - Python Code Quality and Security 3.4.1.8066 (python)
  - Go Code Quality and Security 1.8.3.2219 (go)
  - JaCoCo 1.1.1.1157 (jacoco)
  - Kotlin Code Quality and Security 1.8.3.2219 (kotlin)
  - T-SQL Code Quality and Security 1.5.1.4340 (tsql)
  - JavaScript/TypeScript Code Quality and Security 7.4.4.15624 (javascript)
  - Ruby Code Quality and Security 1.8.3.2219 (ruby)
  - Vulnerability Rules for C# 8.9.0.11439 (securitycsharpfrontend)
  - Vulnerability Rules for Java 8.9.0.11439 (securityjavafrontend)
  - License for SonarLint 8.9.6.50800 (license)
  - Vulnerability Rules for JS 8.9.0.11439 (securityjsfrontend)
  - Vulnerability Rules for Python 8.9.0.11439 (securitypythonfrontend)
  - PHP Code Quality and Security 3.17.0.7439 (php)
  - ABAP Code Quality and Security 3.9.1.3127 (abap)
  - Vulnerability Rules for PHP 8.9.0.11439 (securityphpfrontend)
Global server settings:
  - email.smtp_host.secured=******
  - sonar.core.id=XXXXXXX
  - sonar.core.serverBaseURL=http://XXXXXXX:9000/
  - sonar.core.startTime=2022-03-22T10:06:05+0100
  - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk,branch-.*,release-.*
  - sonar.dbcleaner.daysBeforeDeletingInactiveBranchesAndPRs=15
  - sonar.exclusions=**/target/**/*.*,**/usr/share/nginx/html/fabric/**/*.*,**/dist/**/*.*,./node_modules/**/*.*,**/flyway/**/*.*,**/migrator/**/*.*
  - sonar.forceAuthentication=false
  - sonar.global.test.exclusions=*test/**/*.*,**/test/**/*.*,**/itest/**/*.*
  - sonar.issue.ignore.multicriteria=1,2,3,4,5,6,7,8
  - sonar.issue.ignore.multicriteria.1.resourceKey=**/flyway/mssql/**/*.*
  - sonar.issue.ignore.multicriteria.1.ruleKey=plsql:VarcharUsageCheck
  - sonar.issue.ignore.multicriteria.2.resourceKey=**/flyway/postgres/**/*.*
  - sonar.issue.ignore.multicriteria.2.ruleKey=plsql:VarcharUsageCheck
  - sonar.issue.ignore.multicriteria.3.resourceKey=**/*Configuration.java
  - sonar.issue.ignore.multicriteria.3.ruleKey=java:S100
  - sonar.issue.ignore.multicriteria.4.resourceKey=**/ServiceApiProviderConfig.java
  - sonar.issue.ignore.multicriteria.4.ruleKey=java:S100
  - sonar.issue.ignore.multicriteria.5.resourceKey=**/flyway/**/*.*
  - sonar.issue.ignore.multicriteria.5.ruleKey=plsql:ExecuteImmediateTrapExceptionsCheck
  - sonar.issue.ignore.multicriteria.6.resourceKey=**/flyway/**/*.*
  - sonar.issue.ignore.multicriteria.6.ruleKey=plsql:LiteralsNonPrintableCharactersCheck
  - sonar.issue.ignore.multicriteria.7.resourceKey=**/flyway/**/*.*
  - sonar.issue.ignore.multicriteria.7.ruleKey=plsql:S1192
  - sonar.issue.ignore.multicriteria.8.resourceKey=**/migrators/**/*.*
  - sonar.issue.ignore.multicriteria.8.ruleKey=plsql:JoinConditionNumberCheck
  - sonar.java.file.suffixes=.java,.jav
  - sonar.plugins.risk.consent=ACCEPTED
Project server settings:
Project scanner properties:
  - sonar.exclusions=*test/**,**/test/**,**/itest/**,**/target/**
  - sonar.host.url=http://XXXXXXX:9000
  - sonar.java.binaries=.
  - sonar.language=java
  - sonar.login=******
  - sonar.projectBaseDir=/data/jenkins/workdir/workspace/XXXXXXX
  - sonar.projectKey=XXXXXXX
  - sonar.pullrequest.base=XXXXXXX/FlywayScripts_Add_functionality_to_select_option_code_type_on_promotion_management
  - sonar.pullrequest.branch=XXXXXXX/add_option_code_migration_script
  - sonar.pullrequest.key=19
  - sonar.scanner.app=ScannerCli
  - sonar.scanner.appVersion=4.2.0.1873
  - sonar.scm.exclusions.disabled=true
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.verbose=true
  - sonar.working.directory=/data/jenkins/workdir/workspace/XXXXXXX/.scannerwork

[Pipeline] stage
[Pipeline] { (SonarQube analysis)
[Pipeline] tool
[Pipeline] withSonarQubeEnv
Injecting SonarQube environment variables using the configuration: My SonarQube Server
[Pipeline] {
[Pipeline] echo
scannerHome: /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x
[Pipeline] echo
PROJECT_KEY: XXXXXXX
[Pipeline] sh
+ /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x/bin/sonar-scanner -X -Dsonar.language=java -Dsonar.scm.exclusions.disabled=true -Dsonar.projectKey=XXXXXXX -Dsonar.projectBaseDir=. -Dsonar.sources=. -Dsonar.java.binaries=. '-Dsonar.exclusions=*test/**,**/test/**,**/itest/**,**/target/**' -Dsonar.pullrequest.branch=XXXXXXX/XXXXXXX/add_option_code_migration_script -Dsonar.pullrequest.key=19 -Dsonar.pullrequest.base=XXXXXXX/XXXXXXX/FlywayScripts_Add_functionality_to_select_option_code_type_on_promotion_management
Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
17:21:23.604 INFO: Scanner configuration file: /data/jenkins/workdir/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner_3.x/conf/sonar-scanner.properties
17:21:23.610 INFO: Project root configuration file: NONE
17:21:23.647 INFO: SonarQube Scanner 4.2.0.1873
17:21:23.647 INFO: Java 11.0.17 Red Hat, Inc. (64-bit)
17:21:23.647 INFO: Linux 3.10.0-1160.81.1.el7.x86_64 amd64
17:21:23.913 DEBUG: keyStore is : 
17:21:23.913 DEBUG: keyStore type is : pkcs12
17:21:23.913 DEBUG: keyStore provider is : 
17:21:23.914 DEBUG: init keystore
17:21:23.914 DEBUG: init keymanager of type SunX509
17:21:24.121 DEBUG: Create: /data/jenkins/.sonar/cache
17:21:24.122 INFO: User cache: /data/jenkins/.sonar/cache
17:21:24.123 DEBUG: Create: /data/jenkins/.sonar/cache/_tmp
17:21:24.126 DEBUG: Extract sonar-scanner-api-batch in temp...
17:21:24.131 DEBUG: Get bootstrap index...
17:21:24.132 DEBUG: Download: http://XXXXXXX/batch/index
17:21:24.234 DEBUG: Get bootstrap completed
17:21:24.238 DEBUG: Create isolated classloader...
17:21:24.272 DEBUG: Start temp cleaning...
17:21:24.278 DEBUG: Temp cleaning done
17:21:24.278 DEBUG: Execution getVersion
17:21:24.303 INFO: SonarQube server 8.9.6
17:21:24.303 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
17:21:24.304 DEBUG: Work directory: /data/jenkins/workdir/workspace/XXXXXXX/.scannerwork
17:21:24.306 DEBUG: Execution execute
17:21:24.640 DEBUG: Developer 8.9.6.50800
17:21:24.899 INFO: Load global settings
17:21:24.980 DEBUG: GET 200 http://XXXXXXX/api/settings/values.protobuf | time=78ms
17:21:25.087 INFO: Load global settings (done) | time=188ms
17:21:25.095 INFO: Server id: XXXXXXX
17:21:25.099 INFO: User cache: /data/jenkins/.sonar/cache
17:21:25.104 INFO: Load/download plugins
17:21:25.105 INFO: Load plugins index
17:21:25.119 DEBUG: GET 200 http://XXXXXXX/api/plugins/installed | time=14ms
17:21:25.179 INFO: Load plugins index (done) | time=74ms
17:21:25.454 INFO: Load/download plugins (done) | time=350ms
17:21:25.653 DEBUG: Plugins:
17:21:25.654 DEBUG:   * CSS Code Quality and Security 1.4.2.2002 (cssfamily)
*********
17:21:25.702 INFO: Loaded core extensions: developer-scanner
17:21:25.731 DEBUG: Installed core extension: developer-scanner
17:21:26.186 INFO: JavaScript/TypeScript frontend is enabled
17:21:26.403 INFO: Process project properties
17:21:26.415 INFO: Process project properties (done) | time=12ms
17:21:26.416 INFO: Execute project builders
17:21:26.416 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
17:21:26.418 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
17:21:26.419 INFO: Execute project builders (done) | time=3ms
17:21:26.422 INFO: Project key: XXXXXXX
17:21:26.423 INFO: Base dir: /data/jenkins/workdir/workspace/XXXXXXX
17:21:26.423 INFO: Working dir: /data/jenkins/workdir/workspace/XXXXXXX/.scannerwork
17:21:26.423 DEBUG: Project global encoding: UTF-8, default locale: en_US
17:21:26.426 DEBUG: Creating module hierarchy
17:21:26.426 DEBUG:   Init module 'XXXXXXX'
17:21:26.427 DEBUG:     Base dir: /data/jenkins/workdir/workspace/XXXXXXX
17:21:26.427 DEBUG:     Working dir: /data/jenkins/workdir/workspace/XXXXXXX/.scannerwork
17:21:26.427 DEBUG:     Module global encoding: UTF-8, default locale: en_US
17:21:26.612 INFO: Load project settings for component key: 'XXXXXXX'
17:21:26.639 DEBUG: GET 200 http://XXXXXXX/api/settings/values.protobuf?component=XXXXXXX | time=27ms
17:21:26.642 INFO: Load project settings for component key: 'XXXXXXX' (done) | time=30ms
17:21:26.657 INFO: Load project branches
17:21:26.671 DEBUG: GET 200 http://XXXXXXX/api/project_branches/list?project=XXXXXXX | time=14ms
17:21:26.679 INFO: Load project branches (done) | time=22ms
17:21:26.681 INFO: Load project pull requests
17:21:26.705 DEBUG: GET 200 http://XXXXXXX/api/project_pull_requests/list?project=XXXXXXX | time=24ms
17:21:26.712 INFO: Load project pull requests (done) | time=30ms
17:21:26.712 INFO: Load branch configuration
17:21:26.713 INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
17:21:26.717 INFO: Load branch configuration (done) | time=5ms
17:21:26.763 DEBUG: Available languages:
17:21:26.764 DEBUG:   * CSS => "css"
*********
17:21:26.784 INFO: Auto-configuring with CI 'Jenkins'
17:21:26.786 INFO: Load quality profiles
17:21:26.839 DEBUG: GET 200 http://XXXXXXX/api/qualityprofiles/search.protobuf?project=XXXXXXX | time=53ms
17:21:26.858 INFO: Load quality profiles (done) | time=72ms
17:21:26.862 INFO: Auto-configuring with CI 'Jenkins'
17:21:26.866 INFO: Load active rules
*******
17:21:28.477 INFO: Load active rules (done) | time=1611ms
17:21:28.521 INFO: Exclusions based on SCM info is disabled by configuration
17:21:28.533 INFO: Pull request 19 for merge into XXXXXXX/XXXXXXX/FlywayScripts_Add_functionality_to_select_option_code_type_on_promotion_management from XXXXXXX/XXXXXXX/add_option_code_migration_script
17:21:28.555 INFO: SCM collecting changed files in the branch
17:21:28.578 DEBUG: loading config FileBasedConfig[/data/jenkins/.config/jgit/config]
17:21:28.580 DEBUG: readpipe [/usr/bin/git, --version],/usr/bin
17:21:28.604 DEBUG: readpipe may return 'git version 2.37.1'
17:21:28.604 DEBUG: remaining output:

17:21:28.606 DEBUG: readpipe [/usr/bin/git, config, --system, --edit],/usr/bin
17:21:28.637 DEBUG: readpipe may return '/etc/gitconfig'
17:21:28.638 DEBUG: remaining output:

17:21:28.639 DEBUG: loading config FileBasedConfig[/etc/gitconfig]
17:21:28.641 DEBUG: loading config FileBasedConfig[/data/jenkins/.gitconfig]
17:21:28.679 DEBUG: Thread[main,5,main]: cannot measure timestamp resolution of unborn directory /data/jenkins/workdir/workspace/XXXXXXX/.git/refs/heads/XXXXXXX
17:21:28.764 DEBUG: Merge base sha1: 4fea075bee5c0ff75d093685bbc83ad5f38b1115
17:21:28.833 INFO: SCM collecting changed files in the branch (done) | time=278ms
17:21:28.834 DEBUG: SCM reported 1 file changed in the branch
17:21:28.869 DEBUG: Declared extensions of language CSS were converted to sonar.lang.patterns.css : **/*.css,**/*.less,**/*.scss
17:21:28.870 DEBUG: Declared extensions of language PL/SQL were converted to sonar.lang.patterns.plsql : **/*.sql,**/*.pks,**/*.pkb
17:21:28.870 DEBUG: Declared extensions of language Scala were converted to sonar.lang.patterns.scala : **/*.scala
17:21:28.871 DEBUG: Declared extensions of language C# were converted to sonar.lang.patterns.cs : **/*.cs
17:21:28.871 DEBUG: Declared extensions of language Java were converted to sonar.lang.patterns.java : **/*.java,**/*.jav
17:21:28.872 DEBUG: Declared extensions of language HTML were converted to sonar.lang.patterns.web : **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml
17:21:28.873 DEBUG: Declared extensions of language JSP were converted to sonar.lang.patterns.jsp : **/*.jsp,**/*.jspf,**/*.jspx
17:21:28.873 DEBUG: Declared extensions of language Flex were converted to sonar.lang.patterns.flex : **/*.as
17:21:28.874 DEBUG: Declared extensions of language XML were converted to sonar.lang.patterns.xml : **/*.xml,**/*.xsd,**/*.xsl
17:21:28.874 DEBUG: Declared extensions of language VB.NET were converted to sonar.lang.patterns.vbnet : **/*.vb
17:21:28.875 DEBUG: Declared extensions of language Swift were converted to sonar.lang.patterns.swift : **/*.swift
17:21:28.875 DEBUG: Declared extensions of language C were converted to sonar.lang.patterns.c : **/*.c,**/*.h
17:21:28.876 DEBUG: Declared extensions of language C++ were converted to sonar.lang.patterns.cpp : **/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp
17:21:28.876 DEBUG: Declared extensions of language Objective-C were converted to sonar.lang.patterns.objc : **/*.m
17:21:28.877 DEBUG: Declared extensions of language Python were converted to sonar.lang.patterns.py : **/*.py
17:21:28.877 DEBUG: Declared extensions of language Go were converted to sonar.lang.patterns.go : **/*.go
17:21:28.878 DEBUG: Declared extensions of language Kotlin were converted to sonar.lang.patterns.kotlin : **/*.kt
17:21:28.878 DEBUG: Declared extensions of language T-SQL were converted to sonar.lang.patterns.tsql : **/*.tsql
17:21:28.879 DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.mjs,**/*.vue
17:21:28.879 DEBUG: Declared extensions of language TypeScript were converted to sonar.lang.patterns.ts : **/*.ts,**/*.tsx
17:21:28.880 DEBUG: Declared extensions of language Ruby were converted to sonar.lang.patterns.ruby : **/*.rb
17:21:28.880 DEBUG: Declared extensions of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
17:21:28.881 DEBUG: Declared extensions of language ABAP were converted to sonar.lang.patterns.abap : **/*.abap,**/*.ab4,**/*.flow,**/*.asprog
17:21:28.884 DEBUG: Will ignore generated code
17:21:28.886 DEBUG: Will ignore generated code
17:21:28.893 INFO: Indexing files...
17:21:28.894 INFO: Project configuration:
17:21:28.895 INFO:   Excluded sources: *test/**, **/test/**, **/itest/**, **/target/**
17:21:28.895 INFO:   Excluded tests: *test/**/*.*, **/test/**/*.*, **/itest/**/*.*
17:21:28.936 DEBUG: 'data/CHANGELOG.md' indexed with no language
17:21:28.940 DEBUG: 'data/INITIALLOAD.md' indexed with no language
17:21:28.944 DEBUG: 'data/README.md' indexed with no language
17:21:28.946 DEBUG: 'data/mvnw' indexed with no language
17:21:28.949 DEBUG: 'data/mvnw.cmd' indexed with no language
17:21:28.953 DEBUG: 'data/pom.xml' indexed with language 'xml'
********
17:21:29.611 DEBUG: 'engine/src/main/resources/db/flyway/postgres/V20230131_5.8.0__AddSelectOptionCodeType.sql' indexed with language 'plsql'
17:21:29.611 DEBUG: 'engine/src/main/resources/import-dev.sql' indexed with language 'plsql'
17:21:29.803 DEBUG: 'pom.xml' indexed with language 'xml'
17:21:29.806 INFO: 534 files indexed
17:21:29.807 INFO: 4486 files ignored because of inclusion/exclusion patterns

Hi,

Thanks for again providing the full scanner context. Here are the important parts. These are the values set at the server:

And these are the values the scanner actually ran with:

As we see here in the analysis log:

There’s a hierarchy of settings, with successive levels replacing each other. It’s documented here.

You need to find where the overriding values are being set and either correct or remove them.

 
HTH,
Ann

Yes, found it in the Jenkins script, “hard-coded” CLI parameter. Thanks for the feedback!
Time to do some cleanup

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.