Sonar scanner analyzes all projects from our monorepository while running the scan on just one

• Version: SonarQube Community Build v25.1.0.102122
• how is SonarQube deployed: Helm
  Description:
  We have updated our sonarqube version from 8.9 to 2025.1. We use sonar scanner in monorepository. Previously on version 8.9, our scans went through in 1-2 min. After the upgrade, our scans started taking 20 min to 40 min. We noticed in the logs that when trying to run a scan on one project, all projects in our monorep are analyzed.
  Here is an example of our project launch parameters:

sonar.projectKey=app.studio-enterprise.shell
sonar.projectName=app.studio-enterprise.shell
sonar.sources=apps/studio-enterprise/shell/src
sonar.exclusions=**/node_modules/**
sonar.coverage.exclusions=**/*spec.ts, **/assets/*.js, **/environments/*.ts, **/*.conf.js, **/mocks/**, **/*.mock.ts,**/main.ts, **/index.ts, **/*.module.ts, **/*.stories.ts, **/polyfills.ts
sonar.tests=apps/studio-enterprise/shell/src/
sonar.test.inclusions=**/*.spec.ts
sonar.ts.tslint.configPath=apps/studio-enterprise/shell/tslint.json
sonar.typescript.lcov.reportPaths=apps/studio-enterprise/shell/coverage/lcov.info
sonar.analysis.mode=publish
sonar.eslint.reportPaths=apps/studio-enterprise/shell/report.json

What we trying to do?
We tried to add a parameter sonar.projectBaseDir, with the path to the project, in which case we needed to change all paths to relative paths, and our property file started to look like this:

sonar.projectKey=app.studio-enterprise.shell
sonar.projectName=app.studio-enterprise.shell
sonar.sources=src
sonar.projectBaseDir=apps/studio-enterprise/shell
sonar.exclusions=**/node_modules/**
sonar.coverage.exclusions=**/*spec.ts, **/assets/*.js, **/environments/*.ts, **/*.conf.js, **/mocks/**, **/*.mock.ts,**/main.ts, **/index.ts, **/*.module.ts, **/*.stories.ts, **/polyfills.ts
sonar.tests=src/
sonar.test.inclusions=**/*.spec.ts
sonar.ts.tslint.configPath=tslint.json
sonar.typescript.lcov.reportPaths=coverage/lcov.info
sonar.analysis.mode=publish
sonar.eslint.reportPaths=report.json

This helped to fix with the problem of analyzing the whole monorep, but after this change on coverage in projects became = 0. In the logs we see the message:

INFO: Analysing [/home/jenkins/agent/workspace/p.studio-enterprise.shell_master/apps/studio-enterprise/shell/coverage/lcov.info]
WARN: Could not resolve 41 file paths in [/home/jenkins/agent/workspace/p.studio-enterprise.shell_master/apps/studio-enterprise/shell/coverage/lcov.info]
WARN: First unresolved path: apps/studio-enterprise/shell/src/bootstrap.ts (Run in DEBUG mode to get full list of unresolved paths)

Please help fix the problem

Hey there.

That certainly sounds weird if you have sonar.sources set (the scope shouldn’t have magically expanded). Can you share the logs of the analysis that unexpectedly included more files

Only the latest version of SonarQube Community Build is considered active, so you’ll need to upgrade and see if the situation is still replicable before we can help you.

Your upgrade path is:

25.1 → 25.5

You may find these resources helpful:

• Upgrade Guide
• SonarQube Community Build Upgrade Notes (all upgrade notes since the switch)

Hi, Colin.
Thanks for your reply. A quick question about the version of Sonarqube. You wrote that we need to upgrade to the latest current 25.5. But we have the latest version 25.2 for helm…

Hey there.

You can use this chart with SonarQube Community Build 25.5. Read here.

I’m already using this chart

image876×434 29.8 KB

Anyway, attached the logs. Maybe they will help to understand the cause of the problem.
SonarScannerLog.txt (372.2 KB)

Hey @ovidmych

Looking at the logs, this rings a bell from a loooong time ago (Dec 2021) that would affect you if you were upgrading from 8.9.

In this release we change the approach to the analysis of TypeScript files. Before we were relying on tsconfig files to get the list of concerned files, which was not always reliable (due to dependencies in those files). Now we build the program, which provides us with the list of files. Due to this change more files could be analyzed now. Also since this release if you want to analyze TS files, at least one tsconfig.json should be present in the project directory.

There are some alternatives to changing sonar.projectBaseDir which is affecting the parsing of your coverage reports. Specifically, you could:

• Make sure that sonar.typescript.tsconfigPaths
  points to the tsconfig.json of the sub-project you want analyzed
• Fiddle with your analysis scope, like setting sonar.inclusions or sonar.exclusions.

That said, my understanding of the situation seems to contradict what the docs say

However, the scanner will only analyze the files specified through the scanner property sonar.sources . Therefore, the value of this property needs to be consistent with your TypeScript configuration.

If sonar.sources hasn’t changed… well, the docs seem to imply the scope shouldn’t have changed either. I’ll flag that for attention, but can you try out what I’ve suggested above?