Sonar Scanner Analysis Took more than 2 hours for 20K LOC

praveenmucharlazebra · April 12, 2022, 10:21am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
8.9 LTS
what are you trying to achieve
Analyzing the Javascript Project
what have you tried so far to achieve this
Please go through the attached below log and let us know how to achieve a faster analysis.
Sonarqube_analysis_takes_2hours.txt (32.3 KB)

praveenmucharlazebra · April 12, 2022, 2:08pm

Can someone help me with this Ticket? Only the below part of the analysis takes 2 hours. Can you please let me know if I can skip the below ucfgs with parsing of the command?

12:39:08  INFO: Analyzing 3306 ucfgs to detect vulnerabilities.
12:39:47  INFO: rule: S2083, entrypoints: 3034
12:39:47  INFO: Running symbolic analysis
12:51:39  INFO: rule: S2083 done
12:51:39  INFO: rule: S3649, entrypoints: 3034
12:51:39  INFO: Running symbolic analysis
12:59:46  INFO: rule: S3649 done
12:59:46  INFO: rule: S5144, entrypoints: 3034
12:59:46  INFO: Running symbolic analysis
13:07:54  INFO: rule: S5144 done
13:07:54  INFO: rule: S6105, entrypoints: 3034
13:07:54  INFO: Running symbolic analysis
13:17:01  INFO: rule: S6105 done
13:17:01  INFO: rule: S5883, entrypoints: 3034
13:17:01  INFO: Running symbolic analysis
13:26:39  INFO: rule: S5883 done
13:26:39  INFO: rule: S5147, entrypoints: 3034
13:26:39  INFO: Running symbolic analysis
13:36:22  INFO: rule: S5147 done
13:36:22  INFO: rule: S2631, entrypoints: 3034
13:36:22  INFO: Running symbolic analysis
13:46:38  INFO: rule: S2631 done
13:46:38  INFO: rule: S2076, entrypoints: 3034
13:46:38  INFO: Running symbolic analysis
13:57:09  INFO: rule: S2076 done
13:57:09  INFO: rule: S5131, entrypoints: 3034
13:57:09  INFO: Running symbolic analysis
14:07:02  INFO: rule: S5131 done
14:07:02  INFO: rule: S6096, entrypoints: 3034
14:07:02  INFO: Running symbolic analysis
14:16:39  INFO: rule: S6096 done
14:16:39  INFO: rule: S5696, entrypoints: 3034
14:16:39  INFO: Running symbolic analysis
14:26:01  INFO: rule: S5696 done
14:26:01  INFO: rule: S5334, entrypoints: 3034
14:26:01  INFO: Running symbolic analysis
14:35:38  INFO: rule: S5334 done
14:35:38  INFO: rule: S5146, entrypoints: 3034
14:35:38  INFO: Running symbolic analysis
14:45:16  INFO: rule: S5146 done
14:45:16  INFO: Sensor JsSecuritySensor [security] (done) | time=7569412ms

ganncamp · April 12, 2022, 5:50pm

Hi,

We sped up JavaScript taint analysis in SonarQube 9.1. Can you try upgrading?

Ann

praveenmucharlazebra · April 13, 2022, 6:52am

Hi Campbell,

Thanks for your prompt response, I will upgrade and let u know the results.

Praveen

ganncamp · April 13, 2022, 11:35am

Hi Praveen,

Just to be clear, you should upgrade to the current version: 9.4. Don’t stop at 9.1 just because that’s where that specific improvement is.

Ann

praveenmucharlazebra · April 13, 2022, 1:03pm

Sure, Ann. Thanks alot.