Sensor javabugs > 8 mins for a 100 line PR

SonarQube Server / Community Build
, ,
1

Information about our setup:

  • which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
    • Developer Edition v10.8.1 (101050)
  • how is SonarQube deployed: zip, Docker, Helm
    • Docker
  • what are you trying to achieve
    • incremental build times for PRs used to be 30 seconds, now they’re an upwards of 17 minutes
  • what have you tried so far to achieve this
    • upgrading sonar regularly (this seems to have broken it TBH)
    • ensuring that our diff is correct (we have our own changed modules library, and that reports correctly as well, which is based on git diff)

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Here are the top 3 items sorted by time:

build	24-Feb-2025 11:32:49	[INFO] 11:32:49.698 Sensor JavaScript/TypeScript analysis [javascript] (done) | time=20138ms
build	24-Feb-2025 11:44:52	[INFO] 11:44:52.126 Sensor JavaSecuritySensor [security] (done) | time=65753ms
build	24-Feb-2025 11:43:45	[INFO] 11:43:45.544 Sensor javabugs [dbd] (done) | time=494906ms

What should we look at next? Our project is a monorepo with about 2M LOC. The incremental builds used to take 30 seconds until last year or so, but have gradually shot up to 17 minutes for simple PRs.

1 Like
2

Hey there.

There were some specific performance improvements for these rules in SonarQube v2025.1 LTA. I suggest upgrading and seeing if the issue persists.

I’d also suggest you make sure that your target branch has been recently analyzed. During a PR analysis, the cache of the target branch is used to speed up analysis. However

Branches that are not scanned for more than seven consecutive days are considered inactive, and the server automatically deletes their cached data to free space in the database.

3

Hey Colin, Thank you for writing in! I’ll ask the team to upgrade Sonar to the version specified.

With regard to the target branch being analysed, I checked, and the target branch is being analysed regularly (on PR merge, and finally on a schedule).