Sonar Cloud Analysis Runtime Performance

  • ALM used → Azure DevOps
  • CI system used → Azure DevOps
  • Languages of the repository → C#, Javascript

Dear Sonar Cloud Community,

we are using Sonar Cloud with Azure Devops Pipelines to analyze our C# Codebase.
Initially Sonar Cloud increased our Build Time from 30 minutes to 1:30 Hours. That´s something we were able to optimize by optimizing the build configuration (setting up parallel build) and utilizing a more powerful Build Server.
Building our C# Codebase takes now 8 minutes, as a reference, without Sonar Cloud it takes 3minutes and 42seconds.
Building the unit test with Sonar Cloud takes another 9 minutes. Without Sonar Cloud it took 2 minutes.
If there is room for improvement or some best practices we can implement i´ll be happy if you share them with me.

Nevertheless, so far we are happy with the build time approx 15 minutes is acceptable for us and the next step would be to implement quality gates with sonar cloud.
But there is now the “Sonar Cloud Analyze” step which now suddenly takes up to 18 minutes to finish. (Before changing our Build to parrallel execution and a different Build Server the “Sonar Cloud Analyze” step took only 3 minutes). This step increases our overall pipeline execution time to over half an hour. Before implementing quality gates we would like to reduce the “Sonar Cloud Analyze” run time.

How can we improve the run time of the “Sonar Cloud Analyze” step? I am happy to provide the diagnostic logs, but would like to do this privately if possible.


Thank you very much ahead for your support.

Best regards
Nino

1 Like

Hello @njanjic91 - welcome to the community.

FYI this guide to investigating .NET analysis performance might be of use.

Also, can you share the verbose logs for the SonarCloudAnalyze step please? I’ll send you direct message you can attach it to.

To do this in Azure DevOps, pass sonar.verbose=true to the extra properties of the “Prepare” step:

    - task: SonarCloudPrepare@1
        inputs:
          SonarCloud: 'sonarcloud'
          organization: 'foo'
          scannerMode: 'MSBuild'
          projectKey: 'foo_sonar-scanning-someconsoleapp'
          projectName: 'sonar-scanning-someconsoleapp'
          extraProperties: |
            sonar.verbose=true

Is the “building the unit test” code time included in the Build B2C solution code\... in the screenshot above?

Hello Duncan,

thank you very much for reaching out.
I´ll provide you the logs via private message.

s

Yes, Building the Unit Tests was included in this steps. What we did in the second pipeline → We separated the Build of the normal Code and Unit Tests to be able to run a parrallel build. Because if we run it before separation it would fail because Projects had cross references to each other and expected to be build one after another.

Logs are coming. Thanks for your support.

Hi @njanjic91. Thanks for the logs.

Almost all of the time in the SonarCloudAnalyze step is being spent in the component that detects security issues in C#. I’ve asked the security analyzer team to take a look.

Hey @njanjic91 ,

thank you for reaching out. With respect to the logs you shared, this catches my attention:

2023-03-17T12:28:13.2747747Z 12:28:13.274 INFO: Reading type hierarchy from: C:\agent\_work\2\.sonarqube\out\ucfg_cs2
2023-03-17T12:42:38.4883749Z 12:42:38.480 INFO: Read 310590 type definitions
2023-03-17T12:42:40.4426433Z 12:42:40.433 INFO: Reading UCFGs from: C:\agent\_work\2\.sonarqube\out\ucfg_cs2
2023-03-17T12:45:19.3542057Z 12:45:19.348 DEBUG: Excluding 62286 UCFGs with duplicate method ids.

I wonder in particular about two things:

  • 310590 type definitions is quite a lot. Could you share with me the size of the codebase you are trying to analyzing, in LOC? In the SonarCloud interface, in the Overview tab your project, you should see something like _ xyz Lines of Code_ in the upper right corner. What is xyz for your project?
  • A lot of UCFGs are excluded due to duplicate method ids. This is suspicious and would need to be investigated. For this, however, I would require the contents of the C:\agent\_work\2\.sonarqube\out\ucfg_cs2 folder. Could you zip it and send it to me? I will reach out privately to you for this.

Hey Malte ,

many thanks for your feedback.
The lines of code are 82k.

I´ll provide you the UCFG Files in a moment. Will upload it and sent it to you via the private message you reached out to me.

Thank you very much for your support.

Best regards
Nino

1 Like