Sonar pull request analysis is scanning entire repo instead of just the changed files in gerrit git

Abdul_Mohammed · February 22, 2023, 5:58am

Helllo,
we have enterirpise SQ setup on premis and it is setup to do Sonar Gerrit

but we are observing that scan is taking long to complete as it is running on entire repo and not JUST scanning the changed files. any guidance how can we avoid delay of scanning unnecessary entire repo?
we just want only changed files to be scanned that are part of patchset in gerrit.

sonar.host.url=http://sonar.team.com:9000

sonar.login=${env.SONAR_TOKEN}
sonar.projectKey=Services
sonar.sourceEncoding=UTF-8
sonar.test.inclusions=src/**/test/**/*
# Exclude test subdirectories from source scope
sonar.exclusions=src/**/test/*,src/**/test/**/*,src/**/**/*.tf
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-

    sonar-scanner -X \
        -Dsonar.pullrequest.key="${GERRIT_CHANGE_NUMBER}-${GERRIT_PATCHSET_NUMBER}" \
        -Dsonar.pullrequest.base="${GERRIT_BRANCH}" \
        -Dsonar.pullrequest.branch="${GERRIT_REFSPEC}" \
        -Dsonar.src="src/services/test_ps_scan/" \
        -Dsonar.exclusions=**/*.tf,src/**/test/*,src/**/test/**/*,src/**/**/*.tf

logs

Issues to be commented: 0
Issues to be involved in score calculation: 0
Review has been sent

change files on gerrit are under this path
/src/jenkins/ci/ and scan is scanning all files undre /src/* any hint why ?

Colin · February 23, 2023, 9:27am

Hey there.

The right analysis parameter is sonar.sources, not sonar.src
What version of SonarQube are you using? This information is requested in the template post.

Abdul_Mohammed · February 23, 2023, 8:31pm

versions below and thanks for correction in sources

we are forming the paths to source like below such that only changed files are scanned for. is this the right approach? if not how should we?

project_files=$(git diff @ @~1 --name-only | awk '{printf "%s,", $1}')
src_file_paths=$(echo ${project_files%,})
-Dsonar.sources=${src_file_paths}`

20:18:48.812 INFO: SonarScanner 4.7.0.2747
20:18:48.812 INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
20:18:48.812 INFO: Linux 5.4.0-65-generic amd64
20:18:48.941 DEBUG: keyStore is : 
20:18:48.941 DEBUG: keyStore type is : pkcs12
20:18:53.185 INFO: Analyzing on SonarQube server 9.2.4

this scan was quick but this time the patchset results should no code, just says empty and passed.
on sonarqube server gui we see under code tab No code files were found for analysis

Colin · February 24, 2023, 7:50am

Hey there.

This isn’t a supported method of speeding up analysis. And, later in the v9.x series, we introduced proper incremental analysis for pull request analysis.

So make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.

Abdul_Mohammed · February 24, 2023, 5:13pm

may be my question is missed. what are we missing that analysis is not showing any results? we need no files listed on sonarqube. any reason what am. i missing?

Abdul_Mohammed · February 25, 2023, 10:07pm

what are we missing in configuration of sonar scanner or server that analysis is not showing any results after successful pull branch analysis is performed? we need no files listed on sonarqube. any reason what am. i missing?