Sonar analysis takes long time to scan .Net based project (4.5 .net Framework)

Please see the details below.

  1. SonarQube: Enterprise Edition Version 9.0.1 (build 46107)
  2. SonarScanner for MSBuild : 4.10
  3. Jenkins version: 2.263.1

here is the analyzer time (SonarAnalyzer.Rules.CSharp.VariableUnused (S1481) rule is taking 98% of the time)
Time (s) % Analyzer
8992.252 99 SonarAnalyzer.CSharp, Version=8.25.0.0, Culture=neutral, PublicKeyToken=c5b62af9de6d7244
8875.330 98 SonarAnalyzer.Rules.CSharp.VariableUnused (S1481)
35.672 <1 SonarAnalyzer.Rules.SymbolicExecution.SymbolicExecutionRunner (S1944, S2053, S2259, S2583, S2589, S3329, S3655, S3900, S3966, S4158, S5773)
5.629 <1 SonarAnalyzer.Rules.CSharp.DisposableNotDisposed (S2930)
4.661 <1 SonarAnalyzer.Rules.CSharp.DangerousGetHandleShouldNotBeCalled (S3869)
4.323 <1 SonarAnalyzer.Rules.CSharp.DeadStores (S1854)
3.424 <1 SonarAnalyzer.Rules.CSharp.SymbolReferenceAnalyzer (S9999-symbolRef)
3.354 <1 SonarAnalyzer.Rules.CSharp.FieldShouldBeReadonly (S2933)
2.475 <1 SonarAnalyzer.Rules.CSharp.WeakSslTlsProtocols (S4423)
2.445 <1 SonarAnalyzer.Rules.CSharp.UnusedPrivateMember (S1144, S4487)
2.437 <1 SonarAnalyzer.Rules.CSharp.TokenTypeAnalyzer (S9999-token-type)
1.929 <1 SonarAnalyzer.Rules.CSharp.MethodParameterUnused (S1172)
1.858 <1 SonarAnalyzer.Rules.CSharp.CollectionQuerySimplification (S2971)
1.848 <1 SonarAnalyzer.Rules.CSharp.DoNotCallGCCollectMethod (S1215)
1.799 <1 SonarAnalyzer.Rules.CSharp.DoNotCallAssemblyLoadInvalidMethods (S3885)
1.676 <1 SonarAnalyzer.Rules.CSharp.DoNotCallGCSuppressFinalize (S3971)
1.634 <1 SonarAnalyzer.Rules.CSharp.CheckArgumentException (S3928)
1.558 <1 SonarAnalyzer.Rules.CSharp.ThreadResumeOrSuspendShouldNotBeCalled (S3889)

I have tried running sonarScaaner (4.10) with MSbuild 14, and 16 but it still takes same time.
Build runs in 1-2 mins without scanner.

Hello,

As a first action, I would like to recommend you to read this document: The SonarSource guide for investigating the performance of .NET analysis and take the time to go through the “Troubleshooting help” section. If after that you still have troubles, share what you did in this thread.

Alex

Thanks @Alexandre_Gigleux for sharing document and i have already gone through the documents from where i enabled the reportanalyzer to check which rule is taking time. I have already configured my project as per steps mentioned there. I also tried to exlcude the rule by using .editorconfig file
#Suppress Rule
[*.{cs,vb}]
dotnet_diagnostic.S1481.severity = none
but i dont think so it working. Can you please suggest the next action on it.

Hi Sumit,

Did you try to remove the rule from the Quality Profile in SonarQube?

Also, to figure out why the editorconfig file doesn’t work: did you place the editorconfig file in the correct directory? Could you provide the verbose logs for the build, please?

Also, we would be very interested in finding out more about your project, so that we can improve the performance of our rule.

I can’t change the Quality profile in Sonarqube as it is shared by multiple projects/team so it is not allwoed. I put the .editorconfig root of my project (i am not sure if this editorconfig works fine with .net 4.5 framework) with following entry
[*.{cs,vb}]
dotnet_diagnostic.S141.severity = none

any update please? I think editorconfig will not work with sonarLint locally but i am using sonarqube which will take the rules from there so not sure what other way to override rules which are used by SonarQube. I dont want to change in sonarQube profile

You can create a new Quality Profile for that specific project which inherits the Quality Profile used by everybody else.

You need to use the MSBuild version 16.3 or newer.

See official MS docs - Analyzer configuration - Visual Studio (Windows) | Microsoft Learn

Starting in Visual Studio 2019 version 16.3, you can configure the severity of analyzer rules, or diagnostics , in an EditorConfig file, from the light bulb menu, and from the error list.

I am using MSBuild version = “16.11.1+3e40a09f8” , will editotconfig file override the rules from sonarqube as well? as per my understanding it is for sonarlint and override the rules locally.

It worked with MS build 16 version

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.