Hello 
We are running SonarQube analysis as a part of Build Per Pull-Request Jenkins job and we are using Sonar Scanner CLI for that. Pull-Request analysis seem to analyze all the files in repo and takes about half an hour which seems a lot.
We run it like this:
sh """
docker run \
--rm \
-v "$WORKSPACE/dias:/usr/src" \
-v /data/software/jenkins/sonarscanner/sonar-scanner.properties:/opt/sonar-scanner/conf/sonar-scanner.properties \
--network host \
sonarsource/sonar-scanner-cli \
-Dsonar.pullrequest.key=$ghprbPullId \
-Dsonar.pullrequest.branch="$ghprbSourceBranch" \
-Dsonar.pullrequest.base="$ghprbTargetBranch" \
-Dsonar.qualitygate.wait=true
"""
Logs:
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.8 Alpine (64-bit)
INFO: Linux 5.15.0-203.146.5.1.el8uek.x86_64 amd64
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Analyzing on SonarQube server 9.9.2.77730
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
WARN: The token used for this analysis will expire on: April 17, 2024
WARN: Analysis executed with this token will fail after the expiration date.
INFO: Load global settings (done) | time=273ms
INFO: Server id: FACE49B3-AWmWk2NgJ9QhC9gg9JC8
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=101ms
INFO: Load/download plugins (done) | time=27546ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=0ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: skatdias-dias
INFO: Base dir: /usr/src
INFO: Working dir: /usr/src/.scannerwork
INFO: Load project settings for component key: 'skatdias-dias'
INFO: Load project settings for component key: 'skatdias-dias' (done) | time=36ms
INFO: Load project branches
INFO: Load project branches (done) | time=40ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=6ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=149ms
INFO: Load active rules
INFO: Load active rules (done) | time=3011ms
INFO: Load analysis cache
INFO: Load analysis cache | time=122ms
INFO: Pull request 5621 for merge into release/R08.04.00 from bugfix/DIA-5395-companies-didn't-get-tax-liability-243-ver-2
INFO: Load project repositories
INFO: Load project repositories (done) | time=257ms
INFO: SCM collecting changed files in the branch
INFO: Merge base sha1: 021a78bc97a9f700cbfb4e3e8ff48c062f985781
INFO: SCM collecting changed files in the branch (done) | time=573ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/node_modules/**, **/vendor/**, **/lib/**, **/build.xml, **/package.json, **/target/**, **/*.sql, **/lib/**, **/generated/**, **/config/**, **/scripts/**, **/yarn.lock, **/Dockerfile, **/bower_components/**, **/docs/**, **/temp/**, **/*.bak, **/*.tmp, **/tmp/**, **/*.pdf, **/*.txt, **/*.md, **/documentation/**, **/*.json, **/resources/*, **/*.gradle, **/Jenkinsfile, **/vendor/**, **/package.json, **/Gemfile.lock, **/*.py, **/*.bat, **/*.sh, **/bin/**, **/tools/**, **/configs/**, **/configuration/**, **/*.properties, **/*.xml, **/*.conf, **/*Spec.js, **/*Test.*, **/gen/**, **/target/**, **/build/**, **/out/**, **/*.generated/**, **/*.min.css**, **/*.min.js**, **/third-party/**, **/obj/**, **/bin/**, **/libs/**, **/pom.xml, **/libs/**, **/integration-test/**, **/spring-portlet/src/main/webapp/**, **/schemas/**, **/*.ctl, **/*.xsd, **/commons/dap/**, **/src/test/**, **/test/**, **/tests/**
INFO: Included tests: **/src/test/**, **/test/**, **/tests/**
INFO: Excluded tests: **/*.test.*
INFO: Excluded sources for duplication: **/model/dto/**/*DTO.java
WARN: File '/usr/src/environment/src/main/configScripts/wlp/shared-libraries/soapui-5.0.0.ear' is bigger than 20MB and as consequence is removed from the analysis scope.
INFO: 3738 files indexed
INFO: 5783 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for java: Foundations Java
INFO: ------------- Run sensors on module SKAT-DIAS
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=35ms
INFO: Sensor JavaSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
INFO: JavaClasspath initialization (done) | time=282ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=5ms
INFO: The Java analyzer is running in a context where unchanged files can be skipped. Full analysis is performed for changed files, optimized analysis for unchanged files.
WARN: Invalid character encountered in file /usr/src/servicefacades/src/main/java/dk/skat/begrebsmodel/_2012/_01/_01/LigningSagAfgørelseModtag.java at line 34 for encoding UTF-8. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
INFO: Server-side caching is enabled. The Java analyzer was able to leverage cached data from previous analyses for 0 out of 3177 files. These files will not be parsed.
INFO: Using ECJ batch to parse 3177 Main java source files with batch size 416 KB.
INFO: Starting batch processing.
INFO: 1% analyzed
INFO: 1% analyzed
INFO: 1% analyzed
INFO: 1% analyzed
INFO: 1% analyzed
INFO: 1% analyzed
INFO: 2% analyzed
INFO: Slowest analyzed files (batch mode enabled):
spring-portlet/src/main/java/dk/skat/dias/portlet/BasicFlowHandler.java (16047ms, 31061B)
businesslayer/src/main/java/dk/skat/dias/businesslayer/service/impl/separationofduties/changes/SodDeficitChangeServiceImpl.java (7073ms, 42506B)
datalayer/src/main/java/dk/skat/dias/datalayer/dao/impl/DeficitDAOImpl.java (2992ms, 13790B)
businesslayer/src/main/java/dk/skat/dias/businesslayer/deficit/calculations/JTGOldDeficitsCalculator.java (1273ms, 23808B)
.
.
.
INFO: Slowest analyzed files (batch mode enabled):
businesslayer/src/main/java/dk/skat/dias/businesslayer/service/impl/foreignshippingcompany/ForeignShippingCompanyServiceImpl.java (4828ms, 31804B)
spring-portlet/src/main/java/dk/skat/dias/portlet/taxreturn/TaxReturnPortletFlowHandler.java (2337ms, 138641B)
INFO: 98% analyzed
INFO: 98% analyzed
INFO: 98% analyzed
INFO: 99% analyzed
INFO: Slowest analyzed files (batch mode enabled):
businesslayer/src/main/java/dk/skat/dias/businesslayer/service/impl/AccountingPeriodServiceImpl.java (6035ms, 161827B)
INFO: 99% analyzed
INFO: 100% analyzed
INFO: Batch processing: Done.
INFO: Optimized analysis for 3176 of 3177 files.
WARN: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
WARN: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
WARN: Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
INFO: No "Test" source files to scan.
INFO: No "Generated" source files to scan.
INFO: Sensor JavaSensor [java] (done) | time=1692581ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=5ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=17ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [/usr/src/target/surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=19ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: 1 source file to be analyzed
INFO: 1/1 source file has been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=125ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=4ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=25ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=12ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=9ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=165ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=17ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=5ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /usr/src/.scannerwork/ir/java
INFO: Analyzing 29265 functions to detect bugs.
INFO: Sensor javabugs [dbd] (done) | time=19622ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /usr/src/.scannerwork/ir/python
INFO: No IR files have been included for analysis.
INFO: Sensor pythonbugs [dbd] (done) | time=1ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/java
INFO: Read 4097 type definitions
INFO: Reading UCFGs from: /usr/src/.scannerwork/ucfg2/java
INFO: 10:43:32.602560614 Building Runtime Type propagation graph
INFO: 10:43:34.1811542 Running Tarjan on 155499 nodes
INFO: 10:43:34.578312781 Tarjan found 151459 components
INFO: 10:43:35.017830504 Variable type analysis: done
INFO: 10:43:35.021673291 Building Runtime Type propagation graph
INFO: 10:43:36.036648004 Running Tarjan on 154450 nodes
INFO: 10:43:36.264443417 Tarjan found 150416 components
INFO: 10:43:36.686157223 Variable type analysis: done
INFO: Analyzing 27983 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 347
INFO: Retained UCFGs : 10231
INFO: Taint analysis starting. Entrypoints: 347
INFO: Running symbolic analysis for 'JAVA'
INFO: Taint analysis: done.
INFO: Sensor JavaSecuritySensor [security] (done) | time=83006ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /usr/src/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Dependency-Check [dependencycheck]
INFO: Process Dependency-Check report
INFO: Using JSON-Reportparser
INFO: Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/usr/src/${WORKSPACE}/dependency-check-report.json
INFO: JSON-Analysis skipped/aborted due to missing report file
INFO: Using XML-Reportparser
INFO: Dependency-Check XML report does not exists. Please check property sonar.dependencyCheck.xmlReportPath:/usr/src/${WORKSPACE}/dependency-check-report.xml
INFO: XML-Analysis skipped/aborted due to missing report file
INFO: Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/usr/src/${WORKSPACE}/dependency-check-report.html
INFO: HTML-Dependency-Check report does not exist.
INFO: Process Dependency-Check report (done) | time=5ms
INFO: Sensor Dependency-Check [dependencycheck] (done) | time=6ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=628ms
INFO: Sensor Java CPD Block Indexer
INFO: Sensor Java CPD Block Indexer (done) | time=3174ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 1/1 source file have been analyzed (done) | time=751ms
INFO: CPD Executor 758 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 2168 files
INFO: CPD Executor CPD calculation finished (done) | time=882ms
INFO: SCM writing changed lines
INFO: Merge base sha1: 021a78bc97a9f700cbfb4e3e8ff48c062f985781
INFO: SCM writing changed lines (done) | time=141ms
INFO: Analysis report generated in 658ms, dir size=4.4 MB
INFO: Analysis report compressed in 5666ms, zip size=3.3 MB
INFO: Analysis report uploaded in 266ms
INFO: Check Quality Gate status INFO: Waiting for the analysis report to be processed (max 300s)
INFO: EXECUTION FAILURE
INFO: Total time: 31:20.850s
INFO: Final Memory: 362M/1256M