Hi @ganncamp ,
This is the first time we are adopting sonar for JS and it is taking around 27mins.This is not recommended⦠we want to reduce this time.Please let us know is there any way to do thatā¦
INFO: Analysis total time: 27:50.339 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 27:54.321s
INFO: Final Memory: 798M/2118M
Thanks,
Revanth
But as per my observation, sonar scan is taking around 25 to 30mins depends on component but it is not recommended resulting increasing our total build timeā¦
INFO: Reading UCFGs from: /data/var/lib/jenkins/workspace/ui-component/master/ui-pos-master/.scannerwork/ucfg2/js
INFO: 08:27:41.928212 Building Runtime Type propagation graph
INFO: 08:27:42.442767 Running Tarjan on 89503 nodes
INFO: 08:27:42.605034 Tarjan found 89488 components
INFO: 08:27:42.770673 Variable type analysis: done
INFO: 08:27:42.773851 Building Runtime Type propagation graph
INFO: 08:27:43.407623 Running Tarjan on 89503 nodes
INFO: 08:27:43.50274 Tarjan found 89488 components
INFO: 08:27:43.750804 Variable type analysis: done
INFO: Analyzing 12444 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 317
INFO: Running symbolic analysis for āJSā
INFO: Taint analysis: done. INFO: Sensor JsSecuritySensor [security] (done) | time=1315785ms
Thansk,
Revanth
we are using 32GB RAM.I think this is suffice⦠Please check attached screenshot for your reference.we have 13GB available and also 6GB buffer/cache available.
sonar.maintenance_mode.message=Results of analyses performed prior to 6:15am CET may not be available yet and will be progressively provided throughout coming hours. Results of analysis performed after 8:00am CET are available.
Hi @ilia ,
i have set this environment variable (export SONAR_SCANNER_OPTS=ā-Xmx35000mā) to our environment but still it i taking more time to complete.I found that sensor JsSecuritySensor is taking more time.Please note that we are using Typescript and javascript language for this analysis.Also i observed we have around 317 .ucfg files in /data/var/lib/jenkins/workspace/ui-component/master/ui-pos-master/.scannerwork/ucfg2/js folder where as its not there in our source codeā¦those were getting generated during sonar scan time
Thank you for all the information you have provided so far. As @ilia mentioned, in-depth security analysis is something that requires more resources. However, ~25 minutes for ~130k lines of code is not something we aim for and as such would be interested to investigate this.
To help us investigate, would you be able to share an archive of the content of this folder with us? If thatās possible, I would open a private discussion thread with you so that you donāt have to share them publicly.
In the meantime, I invite you to have a look at the documentation page āNarrowing the focus with an analysis scopeā and verify that your project is configured accordingly. For example, if test files are correctly marked as such, not all rules will be run on them which should already make the analysis faster.