Sonar scanner analysis is taking more time JS

SonarCloud
#1

Hi Team,
sonar scan is taking more time for JS.Can you please help us on this?

INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /data/var/lib/jenkins/workspace/ui-component/future/ui-pos-future/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /data/var/lib/jenkins/workspace/ui-component/future/ui-pos-future/.scannerwork/ucfg2/js
INFO: 11:46:51.624765 Building Runtime Type propagation graph
INFO: 11:46:52.094788 Running Tarjan on 89503 nodes
INFO: 11:46:52.224526 Tarjan found 89488 components
INFO: 11:46:52.412542 Variable type analysis: done
INFO: 11:46:52.416121 Building Runtime Type propagation graph
INFO: 11:46:52.950375 Running Tarjan on 89503 nodes
INFO: 11:46:53.073212 Tarjan found 89488 components
INFO: 11:46:53.260808 Variable type analysis: done
INFO: Analyzing 12444 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 317
INFO: Running symbolic analysis for ‘JS’
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=1293295ms

Thanks,
Revanth

#2

Hi Revanth,

Can you characterize “more time”?

How long did it take before the “more”? And when did it change?

 
Ann

#3

Hi @ganncamp ,
This is the first time we are adopting sonar for JS and it is taking around 27mins.This is not recommended… we want to reduce this time.Please let us know is there any way to do that…

INFO: Analysis total time: 27:50.339 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 27:54.321s
INFO: Final Memory: 798M/2118M
Thanks,
Revanth

#4

Hi,

Can you provide some sizing on your project? Things like:

  • LoC
  • file count
  • LoC of largest file
  • [anything else significant]

 
Thx,
Ann

#5

Hi @ganncamp ,

attached screenshot will give you more info on this…

Screenshot 2023-01-27 at 11.12.24 AM
Screenshot 2023-01-27 at 11.12.24 AM2816×578 31.9 KB

But as per my observation, sonar scan is taking around 25 to 30mins depends on component but it is not recommended resulting increasing our total build time…

INFO: Reading UCFGs from: /data/var/lib/jenkins/workspace/ui-component/master/ui-pos-master/.scannerwork/ucfg2/js
INFO: 08:27:41.928212 Building Runtime Type propagation graph
INFO: 08:27:42.442767 Running Tarjan on 89503 nodes
INFO: 08:27:42.605034 Tarjan found 89488 components
INFO: 08:27:42.770673 Variable type analysis: done
INFO: 08:27:42.773851 Building Runtime Type propagation graph
INFO: 08:27:43.407623 Running Tarjan on 89503 nodes
INFO: 08:27:43.50274 Tarjan found 89488 components
INFO: 08:27:43.750804 Variable type analysis: done
INFO: Analyzing 12444 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 317
INFO: Running symbolic analysis for ‘JS’
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=1315785ms
Thansk,
Revanth

#7

Hi @ganncamp ,

do you have any update on this?

Thanks,
Revanth

#8

Hi,

Thanks for the details. I’ve flagged this for team attention.

 
Ann

#9

Hi @ganncamp ,
Did we get any update on this?
Thanks.
Revanth

#10

Hi revant,

How much RAM are you using in your scanner environment?
The security analysis is known to use more RAM, can you increase it in your environment?

Best regards,
Ilia

#12

Hi @Ilia_Kebets ,

we are using 32GB RAM.I think this is suffice… Please check attached screenshot for your reference.we have 13GB available and also 6GB buffer/cache available.

Screenshot 2023-02-06 at 1.17.58 PM
Screenshot 2023-02-06 at 1.17.58 PM1374×394 25.9 KB

Thanks,
Revanth

1 Like