We have an integration with SonarCloud & Azure Devops, and are having trouble with slow build times, for a solution of aprox 350K lines of code.
We have the 3 steps as part of our pipeline: Prepare, Run Analysis and Publish.
The analysis task runs reasonably fast, aprox 6 mins, but I’m trying to figure out why the actual building of the sln file, using VSBuild@1 task, takes >30min, instead of aprox 8 mins with Sonar disabled.
I assume the Prepare task does some replacing/configuring of msbuild and causes the build task to do more than usual. Is this true?
And finally, I’d be of great help to know if these times are normal for this kind of overhead, or we should investigate this further and optimize/fix problems.
Hi @Andrei_Dan_Singeorza and welcome to the community !
Yes this is true. We add target for the subsequent msbuild/dotnet build task(s)
There are multiple factors here :
- Number of lines of code : build time will increase. We’re constantly adding rules to our analyzers, and some of them can take a bit of time to execute. However, this is good to be reported as we try to decrease this overhead on each release.
- Complexity of your code : as above, especially for security analysis, this can be a pretty long tasks.
That being said, you can add the verbosity to diagnostic on your build task, there will be a detail view of our analyzer performing, with time taken for each rule processed.
You can then, if it’s relevant, desactivate the rules that take the most time. But this is a workaround for sure. Let me know if you want to troubleshoot particularly your project.
Mickaël
Indeed, there’s a list of warnings from sonar for each project (e.g. S3220), but I’m not sure how to infer from this which rules take up the most time.
I’ve parsed the warnings into a frequency map of warning type and occurrences, but each warning takes very little time to be outputted, and I’m assuming this is just the logging time, not the analysis time.
Isn’t it possible there’s some very expensive rule which takes a long time for each project, but for which there are no offending occurrences? Is this information outputted somewhere else?
If we could get in touch to discuss this in more detail, that would be great, but I’m not sure how to contact you (or sonar support), and I’d rather not give out my contact info on the forum here.
Thanks!
Hi @Andrei_Dan_Singeorza - we sent you a private message where you can share your information. You can access it here.
As a public update: we’ve deployed some performance improvements with SonarCSharp 8.15 which is now on . We are committed to continue to make incremental improvements, as we believe performance is a feature.
1 Like
Hello
For users of SonarCloud and SonarQube 9.1+ you now have the ability to run the analysis in concurrent execution mode. This can significantly reduce your analysis time. Just set the following environment variable in the begin step:
SONAR_DOTNET_ENABLE_CONCURRENT_EXECUTION: true
We would love to hear if you have tried this, if you have please could you post a comment on this post and tell us how you got on?
Thanks
Tom
1 Like