Sonar-scan not showing nothing on sonar web page

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

INFO: Scanner configuration file: /usr/lib/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 11.0.18 Alpine (64-bit)
INFO: Linux 4.15.0-136-generic amd64

• how is SonarQube deployed: zip, Docker, Helm
  as far i know we have a enterprise solution, we use sonar-scan to upload the reports from integration testing, to sonarcloud,
• what are you trying to achieve
  That when the sonar-scan finish shows up the results in the web interface
• what have you tried so far to achieve this
  – verify connection method issues.
  – solve issues in the log

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

#Command Executed in a bash script
sonar-scanner -D sonar.login="${SONAR_LOGIN}" -D sonar.projectKey="${SONAR_PROJECT_KEY}" -D sonar.pullrequest.branch=feature_fix_sq_integration -D sonar.pullrequest.key=1850 -D sonar.pullrequest.base=main -D sonar.python.coverage.reportPaths='coverage/*-coverage-*.xml' -D sonar.python.version='3.8'

Running sonar-scanner ...

INFO: Scanner configuration file: /usr/lib/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /tmp/build/7411baae/src/sonar-project.properties
INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 11.0.18 Alpine (64-bit)
INFO: Linux 4.15.0-136-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 9.9.3.79811
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=588ms
INFO: Server id: SOM31D-AServerIDtdP-PIMpum
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=166ms
INFO: Load/download plugins (done) | time=572ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=17ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: MY-TEAM:MY-APP
INFO: Base dir: /tmp/build/7411baae/src
INFO: Working dir: /tmp/build/7411baae/src/.scannerwork
INFO: Load project settings for component key: 'MY-TEAM:MY-APP'
INFO: Load project settings for component key: 'MY-TEAM:MY-APP' (done) | time=126ms
INFO: Load project branches
INFO: Load project branches (done) | time=111ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=4ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=182ms
INFO: Load active rules
INFO: Load active rules (done) | time=5533ms
INFO: Load analysis cache
INFO: Load analysis cache | time=956ms
INFO: Pull request 1850 for merge into main from feature_fix_sq_integration
INFO: Load project repositories
INFO: Load project repositories (done) | time=134ms
INFO: SCM collecting changed files in the branch
WARN: Could not find ref 'main' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin  #(NOT SURE HOW TO FIX THIS YES)
INFO: SCM collecting changed files in the branch (done) | time=58ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/helm_chart/**, **/tests/**/*, **/*_tests/**/*, **/*.java, **/*.js, **/*.css, **/*.jade, **/*.html, **/*.xml, **/*.scss, **/SOME-IRRELEVANT-PATH/sql/**, **/common/common/testing/**, **/*.ts
INFO:   Excluded sources for coverage: **/*.spec.ts
INFO: 2053 files indexed
INFO: 3339 files ignored because of inclusion/exclusion patterns
INFO: 2 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for json: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module MY-TEAM:MY-APP
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=108ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=4186ms
INFO: Sensor IaC Kubernetes Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=2908ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=4ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=16ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=10ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: 120 source files to be analyzed
INFO: 120/120 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=2826ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=3ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=16ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor Python Sensor [python]
INFO: The cache version has changed since the previous analysis, cached data will not be used during this analysis. Retrieved: "3.24.1.11916". Current version: "3.24.1.11916;3.8".
INFO: Starting global symbols computation
INFO: 1007 source files to be analyzed
INFO: 899/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/SOME-IRRELEVANT-PATH/services/survey/survey_template_service.py
INFO: 1007/1007 source files have been analyzed
INFO: Starting rules execution
INFO: 1007 source files to be analyzed
INFO: 90/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/SOME-IRRELEVANT-PATH/services/model/tms_tenant_model_service.py
INFO: 226/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/SOME-IRRELEVANT-PATH/api/widgets/widget_service.py
INFO: 350/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/SOME-IRRELEVANT-PATH/security/survey_core_datastore.py
INFO: 505/1007 files analyzed, current file: common/common/testing_utils/testing_assertions.py
INFO: 679/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/SOME-IRRELEVANT-PATH/security/event_handlers.py
INFO: 844/1007 files analyzed, current file: SOME-IRRELEVANT-PATH/pcpworker/services/distributed_lock.py
INFO: 1007/1007 source files have been analyzed
INFO: The Python analyzer was able to leverage cached data from previous analyses for 0 out of 1007 files. These files were not parsed.
INFO: Sensor Python Sensor [python] (done) | time=80786ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Python test coverage
INFO: Parsing report '/tmp/build/7411baae/src/coverage/integration-coverage-ea6430d.xml'
INFO: Parsing report '/tmp/build/7411baae/src/coverage/unit-coverage-ea6430d.xml'
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=1033ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=206ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor JavaScript inside YAML analysis [javascript]
INFO: No input files found for analysis
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=13ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=5ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=5ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=24ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 1 source file to be analyzed
ERROR: Unable to parse file: file:///tmp/build/7411baae/src/Dockerfile. #( NOT SURE IGF THIS ERROR COULD BE RELEVANT)
ERROR: Cannot parse 'Dockerfile': String index out of range: -1
INFO: 1/1 source file has been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=134ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=8ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=5ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /tmp/build/7411baae/src/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=1ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /tmp/build/7411baae/src/.scannerwork/ir/python
INFO: Analyzing 2950 functions to detect bugs.
INFO: Sensor pythonbugs [dbd] (done) | time=10341ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/python
INFO: Read 2188 type definitions
INFO: Reading UCFGs from: /tmp/build/7411baae/src/.scannerwork/ucfg2/python
INFO: 19:08:05.577973 Building Runtime Type propagation graph
INFO: 19:08:08.646966 Running Tarjan on 89945 nodes
INFO: 19:08:08.996673 Tarjan found 89145 components
INFO: 19:08:10.440836 Variable type analysis: done
INFO: 19:08:10.446523 Building Runtime Type propagation graph
INFO: 19:08:11.425288 Running Tarjan on 88248 nodes
INFO: 19:08:11.60998 Tarjan found 87484 components
INFO: 19:08:12.051199 Variable type analysis: done
INFO: Analyzing 12968 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 93
INFO: Retained UCFGs : 1465
INFO: Taint analysis starting. Entrypoints: 93
INFO: Running symbolic analysis for 'PYTHON'
INFO: Taint analysis: done.
INFO: Sensor PythonSecuritySensor [security] (done) | time=17162ms
INFO: Sensor JsSecuritySensor [security]
INFO: No taint analysis rules have been enabled, will not execute taint analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=3ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=346ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 3 source files to be analyzed
INFO: SCM Publisher 3/3 source files have been analyzed (done) | time=3957ms
INFO: CPD Executor 228 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 779 files
INFO: CPD Executor CPD calculation finished (done) | time=498ms
INFO: SCM writing changed lines
WARN: Could not find ref 'main' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin
INFO: SCM writing changed lines (done) | time=13ms
INFO: Analysis report generated in 536ms, dir size=1.7 MB
INFO: Analysis report compressed in 2600ms, zip size=1.1 MB
INFO: Analysis report uploaded in 2190ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonar.MY-COMPANIE.int/dashboard?id=MY-TEAM%3AMY-APP&pullRequest=1850
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonar.MY-COMPANIE.int/api/ce/task?id=AZC3y9_NCg3ish7uopd6
INFO: Analysis total time: 2:26.781 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:30.570s
INFO: Final Memory: 168M/577M
INFO: ------------------------------------------------------------------------

After all this log, when i go to the sonarqube page.

Screenshot 2024-07-15 at 4.54.42 PM2110×1352 168 KB

Not sure what else to do.
The connections works.
the scripts works.
The scanner works
not sure how to debug more about this.

Hi,

Welcome to the community!

This is a pull request analysis. So what changed in the PR? Were there changes to actual code, as opposed to, e.g. config files?

 
Ann

Yes, its a PR that we made, to fix this issue, happens with all PR’s Have the code that have.
mean, if we change a line, or 100lines, does not show nothing.

Config files, mean the sonar properties ?

# Generate coverage:
#   1. Run in crane_apps directory:
#      nosetests -c .noserc
#   2. Export to XML:
#      coverage xml -i
#   3. Upload to sonarqube:
#      sonar-scanner

# SonarQube server
sonar.host.url=https://MYSONARHOST.MYSONARDOMAIN.MISONAR/

# must be unique in a given SonarQube instance

sonar.python.coverage.reportPaths=coverage/*-coverage-*.xml

sonar.exclusions=\
  **/helm_chart/**,\
  **/tests/**/*,\
  **/*_tests/**/*,\
  **/*.java,\
  **/*.js,\
  **/*.css,\
  **/*.jade,\
  **/*.html,\
  **/*.xml,\
  **/*.scss,\
  **/perception/sql/**,\
  **/common/common/testing/**,\
  **/*.ts,

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.

# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8

sonar.python.version='3.8'

Hi,

By “config files” I mean any non-code files. Or for that matter, non-code changes, such as comments, in code files.

Looking back at the analysis log you posted, this jumps out at me today (don’t know why it didn’t last week):

This is likely your problem. To understand what changed in a PR, analysis needs to know how the PR is different from the base branch. This somehow got dropped from the latest docs, but from an earlier version:

Before analyzing your pull requests, make sure that:

• The pull request source branch is checked out in the local repository.
• The branch being targeted by the pull request is fetched and present in the local repository.
• The analysis is being run on a local repository with valid repository metadata (e.g. the .git folders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch.
• The code in the local repository matches the code in the remote repository (e.g once a PR is issued, no code is added to the local branch on the CI side before analysis).

 
HTH,
Ann

Ok, so, the issue could be that, that im not fetch the main branch.
and the code changes, i just made a test, duplicating some functions like
Function, Function1, Function 2.

So Not sure, if that is enough.
I talked with the guy, who has set the project, and he told me taht has been disable the requisite of number of line modified, so, i i modified just ine line, should trigger the analisis.

I have been trying this.

Run on main branch, but stil not report any coverage code. let me show you.

Screenshot 2024-07-23 at 10.43.47 AM927×563 27.2 KB

I see, all the measures, but do not have coverage. this is an analysis run in the main branch.

I asume this could be a posible reason, because if don’t have any base, how its going to know the new coverage.

PD:
The reports that i have under coverage folder those are populated and have valid data, generated in previous steps.

Hi,

To be clear, after updating the checkout, you now get proper PR analysis?

For the coverage question, could you create a new thread? We try to keep it to one topic per thread. Otherwise it can get messy, fast.

 
Thx,
Ann

Hello!
no im not able to get the proper PR analysis.

Hi,

Your last screenshot looks like proper PR analysis. What’s missing, other than coverage?

 
Thx,
Ann

No, because that was on main branch.

you right, i mees up both thinks.

This is my current, scanner on my branch that its called feature_fix_sq_integration

Screenshot 2024-07-23 at 2.58.46 PM1057×783 41.6 KB

Hi,

Can you provide the analysis log of the latest attempt to analyze that PR, please?

 
Thx,
Ann

For this Im running manually the command.

## The Command
bash-5.1# sonar-scanner \
 -D sonar.login="${SONAR_LOGIN}" \
 -D sonar.projectKey="${SONAR_PROJECT_KEY}" \
 -D sonar.pullrequest.branch=feature_fix_sq_integration \
 -D sonar.pullrequest.key=1850 \
 -D sonar.pullrequest.base=main \
 -D sonar.python.coverage.reportPaths='coverage/*-coverage-*.xml' \
 -D sonar.python.version='3.8'
### Output
INFO: Scanner configuration file: /usr/lib/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /tmp/build/7411baae/src/sonar-project.properties
INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 11.0.18 Alpine (64-bit)
INFO: Linux 4.15.0-136-generic amd64
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 9.9.3.79811
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=519ms
INFO: Server id: 038ABA14-MYAWSOMESERVER-ID
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=129ms
INFO: Load/download plugins (done) | time=413ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=11ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: MY-AWSOME-TEAM:MY-AWSOME-APP
INFO: Base dir: /tmp/build/7411baae/src
INFO: Working dir: /tmp/build/7411baae/src/.scannerwork
INFO: Load project settings for component key: 'MY-AWSOME-TEAM:MY-AWSOME-APP'
INFO: Load project settings for component key: 'MY-AWSOME-TEAM:MY-AWSOME-APP' (done) | time=107ms
INFO: Load project branches
INFO: Load project branches (done) | time=127ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=5ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=148ms
INFO: Load active rules
INFO: Load active rules (done) | time=4873ms
INFO: Load analysis cache
INFO: Load analysis cache | time=974ms
INFO: Pull request 1850 for merge into main from feature_fix_sq_integration
INFO: Load project repositories
INFO: Load project repositories (done) | time=122ms
INFO: SCM collecting changed files in the branch
WARN: Could not find ref 'main' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin
INFO: SCM collecting changed files in the branch (done) | time=47ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/helm_chart/**, **/tests/**/*, **/*_tests/**/*, **/*.java, **/*.js, **/*.css, **/*.jade, **/*.html, **/*.xml, **/*.scss, **/perception/sql/**, **/common/common/testing/**, **/*.ts
INFO:   Excluded sources for coverage: **/*.spec.ts
INFO: 2053 files indexed
INFO: 3339 files ignored because of inclusion/exclusion patterns
INFO: 2 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for json: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module MY-AWSOME-TEAM:MY-AWSOME-APP
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=97ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=3625ms
INFO: Sensor IaC Kubernetes Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=2936ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=3ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=17ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=11ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: 121 source files to be analyzed
INFO: 121/121 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=2712ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=3ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=18ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor Python Sensor [python]
INFO: Using cached data to retrieve global symbols.
INFO: Cached information of global symbols will be used for 1003 out of 1007 main files. Global symbols will be recomputed for the remaining files.
INFO: Fully optimized analysis can be performed for 837 out of 1007 files.
INFO: Partially optimized analysis can be performed for 1003 out of 1007 files.
INFO: Starting global symbols computation
INFO: 4 source files to be analyzed
INFO: 4/4 source files have been analyzed
INFO: Starting rules execution
INFO: 1007 source files to be analyzed
INFO: 329/1007 files analyzed, current file: common/common/testing_utils/__init__.py
INFO: 743/1007 files analyzed, current file: perception/perception/gateways/delete_account_gateway.py
INFO: 1007/1007 source files have been analyzed
INFO: The Python analyzer was able to leverage cached data from previous analyses for 837 out of 1007 files. These files were not parsed.
INFO: Sensor Python Sensor [python] (done) | time=26558ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Python test coverage
INFO: Parsing report '/tmp/build/7411baae/src/coverage/integration-coverage-5a4c2c2.xml'
INFO: Parsing report '/tmp/build/7411baae/src/coverage/unit-coverage-5a4c2c2.xml'
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=606ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=211ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor JavaScript inside YAML analysis [javascript]
INFO: No input files found for analysis
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=9ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=4ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=4ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=15ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 1 source file to be analyzed
ERROR: Unable to parse file: file:///tmp/build/7411baae/src/Dockerfile.
ERROR: Cannot parse 'Dockerfile': String index out of range: -1
INFO: 1/1 source file has been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=101ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=7ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=5ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /tmp/build/7411baae/src/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=1ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /tmp/build/7411baae/src/.scannerwork/ir/python
INFO: Analyzing 2950 functions to detect bugs.
INFO: Sensor pythonbugs [dbd] (done) | time=8421ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /tmp/build/7411baae/src/.scannerwork/ucfg2/python
INFO: Read 2191 type definitions
INFO: Reading UCFGs from: /tmp/build/7411baae/src/.scannerwork/ucfg2/python
INFO: 18:19:35.522484 Building Runtime Type propagation graph
INFO: 18:19:36.729935 Running Tarjan on 88006 nodes
INFO: 18:19:36.977761 Tarjan found 87206 components
INFO: 18:19:37.942993 Variable type analysis: done
INFO: 18:19:37.947493 Building Runtime Type propagation graph
INFO: 18:19:38.937515 Running Tarjan on 86317 nodes
INFO: 18:19:39.086589 Tarjan found 85553 components
INFO: 18:19:39.505757 Variable type analysis: done
INFO: Analyzing 12290 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 93
INFO: Retained UCFGs : 1400
INFO: Taint analysis starting. Entrypoints: 93
INFO: Running symbolic analysis for 'PYTHON'
INFO: Taint analysis: done.
INFO: Sensor PythonSecuritySensor [security] (done) | time=10476ms
INFO: Sensor JsSecuritySensor [security]
INFO: No taint analysis rules have been enabled, will not execute taint analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=136ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 4 source files to be analyzed
INFO: SCM Publisher 4/4 source files have been analyzed (done) | time=910ms
INFO: CPD Executor 228 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 779 files
INFO: CPD Executor CPD calculation finished (done) | time=283ms
INFO: SCM writing changed lines
WARN: Could not find ref 'main' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin
INFO: SCM writing changed lines (done) | time=4ms
INFO: Analysis report generated in 173ms, dir size=805.8 kB
INFO: Analysis report compressed in 879ms, zip size=529.4 kB
INFO: Analysis report uploaded in 1624ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonar.MY-COMPANY.int/dashboard?id=MY-AWSOME-TEAM%3AMY-AWSOME-APP&pullRequest=1850
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonar.MY-COMPANY.int/api/ce/task?id=AZDg0ieeCg3ish7uosBg
INFO: Analysis total time: 1:13.438 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:16.544s
INFO: Final Memory: 154M/530M
INFO: ------------------------------------------------------------------------

### SONAR CONFIG FILE

bash-5.1# cat sonar-project.properties

# SonarQube server
sonar.host.url=https://sonar.MY-COMPANY.int/

# must be unique in a given SonarQube instance

sonar.python.coverage.reportPaths=coverage/*-coverage-*.xml

sonar.exclusions=\
  **/helm_chart/**,\
  **/tests/**/*,\
  **/*_tests/**/*,\
  **/*.java,\
  **/*.js,\
  **/*.css,\
  **/*.jade,\
  **/*.html,\
  **/*.xml,\
  **/*.scss,\
  **/AWSOME-APP/sql/**,\
  **/common/common/testing/**,\
  **/*.ts,

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.

# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8

Hi,

I’m still seeing this:

Did you take care of this?

 
Ann

Im working on that, just trying to figure it out, how to do it, because we use concourse, and not sure how to get the fetch.

Hello!
Here its the report,
I need to do magic to be honest!

Not sure, how i’m going to do it, i make it manually the fetch, and looks like it works, at least show me that i have a New code Smells, (i think i sholud be the only one that is happy that my code have a code smell

Screenshot 2024-07-24 at 9.39.48 AM2392×1374 208 KB

And have just one Warning, Not sure, how to resolve that. but, lets do it by parts.

Screenshot 2024-07-24 at 9.39.59 AM1034×494 21.2 KB

I thinks that we can close this.
Because, need some one to help me in the integration with my ci/cd tool