Must-share information (formatted with Markdown ):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
8.9 LTS
what are you trying to achieve
Analyzing the Javascript Project
what have you tried so far to achieve this
Please go through the attached below log and let us know how to achieve a faster analysis.
Sonarqube_analysis_takes_2hours.txt (32.3 KB)
Can someone help me with this Ticket? Only the below part of the analysis takes 2 hours. Can you please let me know if I can skip the below ucfgs with parsing of the command?
12:39:08 INFO: Analyzing 3306 ucfgs to detect vulnerabilities.
12:39:47 INFO: rule: S2083, entrypoints: 3034
12:39:47 INFO: Running symbolic analysis
12:51:39 INFO: rule: S2083 done
12:51:39 INFO: rule: S3649, entrypoints: 3034
12:51:39 INFO: Running symbolic analysis
12:59:46 INFO: rule: S3649 done
12:59:46 INFO: rule: S5144, entrypoints: 3034
12:59:46 INFO: Running symbolic analysis
13:07:54 INFO: rule: S5144 done
13:07:54 INFO: rule: S6105, entrypoints: 3034
13:07:54 INFO: Running symbolic analysis
13:17:01 INFO: rule: S6105 done
13:17:01 INFO: rule: S5883, entrypoints: 3034
13:17:01 INFO: Running symbolic analysis
13:26:39 INFO: rule: S5883 done
13:26:39 INFO: rule: S5147, entrypoints: 3034
13:26:39 INFO: Running symbolic analysis
13:36:22 INFO: rule: S5147 done
13:36:22 INFO: rule: S2631, entrypoints: 3034
13:36:22 INFO: Running symbolic analysis
13:46:38 INFO: rule: S2631 done
13:46:38 INFO: rule: S2076, entrypoints: 3034
13:46:38 INFO: Running symbolic analysis
13:57:09 INFO: rule: S2076 done
13:57:09 INFO: rule: S5131, entrypoints: 3034
13:57:09 INFO: Running symbolic analysis
14:07:02 INFO: rule: S5131 done
14:07:02 INFO: rule: S6096, entrypoints: 3034
14:07:02 INFO: Running symbolic analysis
14:16:39 INFO: rule: S6096 done
14:16:39 INFO: rule: S5696, entrypoints: 3034
14:16:39 INFO: Running symbolic analysis
14:26:01 INFO: rule: S5696 done
14:26:01 INFO: rule: S5334, entrypoints: 3034
14:26:01 INFO: Running symbolic analysis
14:35:38 INFO: rule: S5334 done
14:35:38 INFO: rule: S5146, entrypoints: 3034
14:35:38 INFO: Running symbolic analysis
14:45:16 INFO: rule: S5146 done
14:45:16 INFO: Sensor JsSecuritySensor [security] (done) | time=7569412ms
ganncamp
(G Ann Campbell)
April 12, 2022, 5:50pm
3
Hi,
We sped up JavaScript taint analysis in SonarQube 9.1. Can you try upgrading?
Ann
Hi Campbell,
Thanks for your prompt response, I will upgrade and let u know the results.
Praveen
ganncamp
(G Ann Campbell)
April 13, 2022, 11:35am
5
Hi Praveen,
Just to be clear, you should upgrade to the current version: 9.4. Don’t stop at 9.1 just because that’s where that specific improvement is.
Ann