SonarQube: Community edition 8.9.3 LTS
Sonar Scanner: GitHub Action sonarqube-scan-action@master (v1.2.0)
Java 8 project: About 3 million lines
Custom plugins: Yes, we created 2 custom plugins/rules
Problem:
Sonar Scan takes about 80 minutes on a new fast machine, usually 180 minutes on an older machine.
SonarQube analysis takes about 10min which is fine.
How can we speed up the sonar scan?
What settings should we tweak?
Will upgrading to a developer or enterprise edition with PR scanning speed up this process considerably?
Log:
2023-01-11T18:07:42.2177757Z ##[command]/usr/bin/docker run --name b0279f2016ed73f7c458089453f192bc79ece_3a25c5 --label 0b0279 --workdir /github/workspace --rm -e "JAVA_HOME" -e "JAVA_HOME_8_X64" -e "SONAR_TOKEN" -e "SONAR_HOST_URL" -e "INPUT_PROJECTBASEDIR" -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true --entrypoint "/entrypoint.sh" -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/data/actions-runner/_work/_temp/_github_home":"/github/home" -v "/data/actions-runner/_work/_temp/_github_workflow":"/github/workflow" -v "/data/actions-runner/_work/_temp/_runner_file_commands":"/github/file_commands" -v "/data/actions-runner/_work/miles-core/miles-core":"/github/workspace" 0b0279:f2016ed73f7c458089453f192bc79ece
2023-01-11T18:07:42.9098751Z INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
2023-01-11T18:07:42.9103208Z INFO: Project root configuration file: /github/workspace/core/sonar-project.properties
2023-01-11T18:07:42.9423794Z INFO: SonarScanner 4.8.0.2856
2023-01-11T18:07:42.9424474Z INFO: Java 11.0.17 Alpine (64-bit)
2023-01-11T18:07:42.9425021Z INFO: Linux 4.18.0-348.el8.x86_64 amd64
2023-01-11T18:07:43.1889907Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2023-01-11T18:07:43.8734805Z INFO: Analyzing on SonarQube server 8.9.3
2023-01-11T18:07:43.8737997Z INFO: Default locale: "en_US", source code encoding: "UTF-8"
2023-01-11T18:07:44.1944026Z INFO: Load global settings
2023-01-11T18:07:44.5357267Z INFO: Load global settings (done) | time=343ms
2023-01-11T18:07:44.5383391Z INFO: Server id: XXXXXXX
2023-01-11T18:07:44.5407421Z INFO: User cache: /opt/sonar-scanner/.sonar/cache
2023-01-11T18:07:44.5428500Z INFO: Load/download plugins
2023-01-11T18:07:44.5428874Z INFO: Load plugins index
2023-01-11T18:07:44.8905473Z INFO: Load plugins index (done) | time=348ms
2023-01-11T18:07:51.7212874Z INFO: Load/download plugins (done) | time=7178ms
2023-01-11T18:07:52.8646610Z INFO: Process project properties
2023-01-11T18:07:52.8723264Z INFO: Process project properties (done) | time=7ms
2023-01-11T18:07:52.8723712Z INFO: Execute project builders
2023-01-11T18:07:52.8732561Z INFO: Execute project builders (done) | time=1ms
2023-01-11T18:07:52.8766247Z INFO: Project key: miles:core
2023-01-11T18:07:52.8766754Z INFO: Base dir: /github/workspace/core
2023-01-11T18:07:52.8767146Z INFO: Working dir: /github/workspace/core/MyBuild/sonar
2023-01-11T18:07:52.9653136Z INFO: Load project settings for component key: 'miles:core'
2023-01-11T18:07:53.2123251Z INFO: Auto-configuring with CI 'Github Actions'
2023-01-11T18:07:53.2131001Z INFO: Load quality profiles
2023-01-11T18:07:53.6608752Z INFO: Load quality profiles (done) | time=448ms
2023-01-11T18:07:53.6637588Z INFO: Auto-configuring with CI 'Github Actions'
2023-01-11T18:07:53.6669518Z INFO: Load active rules
2023-01-11T18:07:57.9935767Z INFO: Load active rules (done) | time=4326ms
2023-01-11T18:07:58.0729224Z INFO: Indexing files...
2023-01-11T18:07:58.0732494Z INFO: Project configuration:
2023-01-11T18:07:58.0737642Z INFO: Excluded sources: **/*Stub.java, **/*.jar, **/*Test.java, **/*XXXX.xml
2023-01-11T18:08:01.3376604Z INFO: 20283 files indexed
2023-01-11T18:08:01.3380571Z INFO: 131 files ignored because of inclusion/exclusion patterns
2023-01-11T18:08:01.3386835Z INFO: Quality profile for java: Sofico Web
2023-01-11T18:08:01.3387153Z INFO: Quality profile for xml: Sonar way
2023-01-11T18:08:01.3387802Z INFO: ------------- Run sensors on module MilesCore
2023-01-11T18:08:01.5011639Z INFO: Load metrics repository
2023-01-11T18:08:01.7238154Z INFO: Load metrics repository (done) | time=223ms
2023-01-11T18:08:02.3577689Z INFO: Sensor JavaSquidSensor [java]
2023-01-11T18:08:02.5372009Z INFO: Configured Java source version (sonar.java.source): 8
2023-01-11T18:08:02.5447737Z INFO: JavaClasspath initialization
2023-01-11T18:08:02.5494684Z INFO: JavaClasspath initialization (done) | time=5ms
2023-01-11T18:08:02.5495314Z INFO: JavaTestClasspath initialization
2023-01-11T18:08:02.5511930Z INFO: JavaTestClasspath initialization (done) | time=1ms
2023-01-11T18:08:02.5570488Z INFO: Java Main Files AST scan
2023-01-11T18:08:02.5735578Z INFO: 19655 source files to be analyzed
2023-01-11T18:08:02.5914809Z INFO: Load project repositories
2023-01-11T18:08:02.7966411Z INFO: Load project repositories (done) | time=204ms
*****
2023-01-11T18:43:40.4090320Z INFO: 19655/19655 source files have been analyzed
2023-01-11T18:43:40.4092260Z INFO: Slowest analyzed files:
2023-01-11T18:43:40.4092947Z _java/source/XXXXXXX.java (14856ms, 30349B)
2023-01-11T18:43:40.4098314Z _java/source/XXXXXXX.java (11742ms, 931157B)
2023-01-11T18:43:40.4098797Z _java/source/XXXXXXX.java (11168ms, 1059005B)
2023-01-11T18:43:40.4099221Z _java/source/XXXXXXX.java (10774ms, 870479B)
2023-01-11T18:43:40.4100166Z _java/source/XXXXXXX.java (8691ms, 1004916B)
2023-01-11T18:43:40.4100576Z _java/source/XXXXXXX.java (8408ms, 676694B)
2023-01-11T18:43:40.4101021Z _java/source/XXXXXXX.java (7931ms, 604244B)
2023-01-11T18:43:40.4101479Z _java/source/XXXXXXX.java (7679ms, 421705B)
2023-01-11T18:43:40.4101892Z _java/source/XXXXXXX.java (7450ms, 24501B)
2023-01-11T18:43:40.4106692Z _java/source/XXXXXXX.java (7080ms, 447210B)
2023-01-11T18:43:40.4107331Z WARN: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
2023-01-11T18:43:40.4152328Z INFO: Java Main Files AST scan (done) | time=2137859ms
2023-01-11T18:43:40.4152650Z INFO: Java Test Files AST scan
2023-01-11T18:43:40.4206428Z INFO: 488 source files to be analyzed
2023-01-11T18:43:41.6415230Z WARN: Invalid character encountered in file /github/workspace/core/XXXXXXX.java at line 1292 for encoding UTF-8. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
2023-01-11T18:43:42.1986279Z WARN: Invalid character encountered in file /github/workspace/core/XXXXXXX.java at line 528 for encoding UTF-8. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
2023-01-11T18:43:50.4217133Z INFO: 337/488 files analyzed, current file: _java/test/be/sofico/basecamp/ctrl/fleetvehiclesale/policy/SofBillVehicleSaleUnitTest.java
2023-01-11T18:43:55.1026371Z INFO: 488/488 source files have been analyzed
2023-01-11T18:43:55.1027169Z WARN: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
2023-01-11T18:43:55.1032145Z INFO: Java Test Files AST scan (done) | time=14687ms
2023-01-11T18:43:55.1032470Z INFO: Java Generated Files AST scan
2023-01-11T18:43:55.1038434Z INFO: 0 source files to be analyzed
2023-01-11T18:43:55.1038726Z INFO: 0/0 source files have been analyzed
2023-01-11T18:43:55.1039010Z INFO: Java Generated Files AST scan (done) | time=0ms
2023-01-11T18:43:55.1040164Z INFO: Sensor JavaSquidSensor [java] (done) | time=2152747ms
2023-01-11T18:43:55.1040479Z INFO: Sensor CSS Rules [cssfamily]
2023-01-11T18:43:55.1210063Z INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
2023-01-11T18:43:55.1210724Z INFO: Sensor CSS Rules [cssfamily] (done) | time=17ms
2023-01-11T18:43:55.1211207Z INFO: Sensor PmdSensor [pmd]
2023-01-11T18:43:55.1229505Z INFO: Execute PMD 6.30.0
2023-01-11T18:43:55.1331015Z INFO: Java version: 1.8
****
2023-01-11T18:44:57.0562551Z INFO: PMD configuration: /github/workspace/core/MyBuild/sonar/pmd-unit-tests.xml
2023-01-11T18:44:57.0715872Z INFO: Execute PMD 6.30.0 (done) | time=61949ms
2023-01-11T18:44:57.4255038Z INFO: Sensor PmdSensor [pmd] (done) | time=62305ms
2023-01-11T18:44:57.4255426Z INFO: Sensor JaCoCo XML Report Importer [jacoco]
2023-01-11T18:44:57.4716564Z INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
2023-01-11T18:44:57.4724713Z INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
2023-01-11T18:44:57.4725133Z INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=47ms
2023-01-11T18:44:57.4725483Z INFO: Sensor C# Project Type Information [csharp]
2023-01-11T18:44:57.4787116Z INFO: Sensor C# Project Type Information [csharp] (done) | time=6ms
2023-01-11T18:44:57.4787453Z INFO: Sensor C# Properties [csharp]
2023-01-11T18:44:57.4796618Z INFO: Sensor C# Properties [csharp] (done) | time=1ms
2023-01-11T18:44:57.4797021Z INFO: Sensor FindBugs Sensor [findbugs]
2023-01-11T18:45:08.3428968Z INFO: Loading findbugs plugin: /github/workspace/core/MyBuild/sonar/findbugs/sb-contrib.jar
2023-01-11T18:45:08.4753878Z INFO: Loading findbugs plugin: /github/workspace/core/MyBuild/sonar/findbugs/findsecbugs-plugin.jar
2023-01-11T18:45:08.5397493Z INFO: Findbugs output report: /github/workspace/core/MyBuild/sonar/findbugs-result.xml
2023-01-11T19:13:32.5150752Z The following errors occurred during analysis:
2023-01-11T19:13:32.5152034Z Exception analyzing
****
2023-01-11T19:13:47.5020036Z INFO: Sensor FindBugs Sensor [findbugs] (done) | time=1730022ms
2023-01-11T19:13:47.5020711Z INFO: Sensor SurefireSensor [java]
2023-01-11T19:13:47.5045493Z INFO: parsing [/github/workspace/core/target/surefire-reports]
2023-01-11T19:13:47.5055584Z INFO: Sensor SurefireSensor [java] (done) | time=4ms
2023-01-11T19:13:47.5056172Z INFO: Sensor Removed properties sensor [java]
2023-01-11T19:13:47.5060909Z WARN: Property 'sonar.jacoco.reportPath' is no longer supported. Use JaCoCo's xml report and sonar-jacoco plugin.
2023-01-11T19:13:47.5061545Z WARN: Property 'sonar.jacoco.itReportPath' is no longer supported. Use JaCoCo's xml report and sonar-jacoco plugin.
2023-01-11T19:13:47.5061967Z INFO: Sensor Removed properties sensor [java] (done) | time=0ms
2023-01-11T19:13:47.5062257Z INFO: Sensor JavaXmlSensor [java]
2023-01-11T19:13:47.6097258Z INFO: 63 source files to be analyzed
2023-01-11T19:13:48.4403819Z INFO: 63/63 source files have been analyzed
2023-01-11T19:13:48.4404489Z INFO: Sensor JavaXmlSensor [java] (done) | time=934ms
2023-01-11T19:13:48.4405003Z INFO: Sensor HTML [web]
2023-01-11T19:13:48.4809715Z INFO: Sensor HTML [web] (done) | time=41ms
2023-01-11T19:13:48.4810213Z INFO: Sensor XML Sensor [xml]
2023-01-11T19:13:48.4876153Z INFO: 3 source files to be analyzed
2023-01-11T19:13:49.0181071Z INFO: 3/3 source files have been analyzed
2023-01-11T19:13:49.0181622Z INFO: Sensor XML Sensor [xml] (done) | time=537ms
2023-01-11T19:13:49.0182131Z INFO: Sensor CheckstyleSensor [checkstyle]
2023-01-11T19:13:49.0393791Z INFO: Checkstyle output report: /github/workspace/core/MyBuild/sonar/checkstyle-result.xml
2023-01-11T19:13:49.0737795Z INFO: Checkstyle configuration: /github/workspace/core/MyBuild/sonar/checkstyle.xml
2023-01-11T19:13:49.1457372Z INFO: Checkstyle charset: UTF-8
2023-01-11T19:16:55.9617849Z INFO: Sensor CheckstyleSensor [checkstyle] (done) | time=186943ms
2023-01-11T19:16:55.9618605Z INFO: Sensor VB.NET Project Type Information [vbnet]
2023-01-11T19:16:55.9689657Z INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=7ms
2023-01-11T19:16:55.9691158Z INFO: Sensor VB.NET Properties [vbnet]
2023-01-11T19:16:55.9702452Z INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
2023-01-11T19:16:55.9762105Z INFO: ------------- Run sensors on project
2023-01-11T19:16:56.0120594Z INFO: Sensor Dependency-Check [dependencycheck]
2023-01-11T19:16:56.0121258Z INFO: Process Dependency-Check report
2023-01-11T19:16:56.0158589Z INFO: Using JSON-Reportparser
2023-01-11T19:16:56.0182470Z INFO: Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/github/workspace/scripts/build/dependency-check/dependency-check-report.json
2023-01-11T19:16:56.0183578Z INFO: JSON-Analysis skipped/aborted due to missing report file
2023-01-11T19:16:56.0184165Z INFO: Using XML-Reportparser
2023-01-11T19:16:56.0189577Z INFO: Dependency-Check XML report does not exists. Please check property sonar.dependencyCheck.xmlReportPath:/github/workspace/core/${WORKSPACE}/dependency-check-report.xml
2023-01-11T19:16:56.0190190Z INFO: XML-Analysis skipped/aborted due to missing report file
2023-01-11T19:16:56.0191723Z INFO: Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/github/workspace/scripts/build/dependency-check/dependency-check-report.html
2023-01-11T19:16:56.0192298Z INFO: HTML-Dependency-Check report does not exist.
2023-01-11T19:16:56.0192722Z INFO: Process Dependency-Check report (done) | time=7ms
2023-01-11T19:16:56.0193137Z INFO: Sensor Dependency-Check [dependencycheck] (done) | time=7ms
2023-01-11T19:16:56.0193441Z INFO: Sensor Zero Coverage Sensor
2023-01-11T19:16:59.1697256Z INFO: Sensor Zero Coverage Sensor (done) | time=3150ms
2023-01-11T19:16:59.1697940Z INFO: Sensor Java CPD Block Indexer
2023-01-11T19:17:26.9061192Z INFO: Sensor Java CPD Block Indexer (done) | time=27736ms
2023-01-11T19:17:26.9075252Z INFO: SCM Publisher is disabled
2023-01-11T19:17:28.8976293Z INFO: CPD Executor 3464 files had no CPD blocks
2023-01-11T19:17:28.8976855Z INFO: CPD Executor Calculating CPD for 16191 files
******
2023-01-11T19:17:58.7719376Z INFO: CPD Executor CPD calculation finished (done) | time=29873ms
2023-01-11T19:18:05.4939139Z INFO: Analysis report generated in 5385ms, dir size=377 MB
2023-01-11T19:23:39.8288079Z INFO: Analysis report compressed in 334332ms, zip size=129 MB
2023-01-11T19:23:44.9919600Z INFO: Analysis report uploaded in 5163ms
2023-01-11T19:23:44.9955679Z INFO: ANALYSIS SUCCESSFUL, you can browse XXXXXXX
2023-01-11T19:23:44.9957161Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2023-01-11T19:23:44.9958133Z INFO: More about the report processing at XXXXXXX
2023-01-11T19:23:48.9861030Z INFO: Analysis total time: 1:15:56.864 s
2023-01-11T19:23:48.9972589Z INFO: ------------------------------------------------------------------------
2023-01-11T19:23:48.9973183Z INFO: EXECUTION SUCCESS
2023-01-11T19:23:48.9973843Z INFO: ------------------------------------------------------------------------
2023-01-11T19:23:48.9974389Z INFO: Total time: 1:16:06.089s
2023-01-11T19:23:49.8516260Z INFO: Final Memory: 2893M/10040M
2023-01-11T19:23:49.8517391Z INFO: ------------------------------------------------------------------------
Ehm… 3million LOC is a lot, and a I’m not shocked that it takes a while.
In terms of further improvement, here’s what I can tell you:
My experience of the FindBugs plugin is that it’s just slow in general. You can probably restore Checkstyle, PMD and Dependency-Check without a signification slow down. No clue about your custom rules. You should probably add plugins back one at a time tho.
I believe that if you turn on debug logging you’ll get more detail about where the time is going. That could be helpful
We’ve done a lot of work on speed in the 9-series, with a significant improvement to basic Java analysis in 9.4. (Obvs, you shouldn’t upgrade to 9.4, but go straight to the current: 9.8).
We’ve also sped up PR analysis (Developer Edition($)+) in the 9-series by only analyzing the files changed in the PR. This may help day-to-day
And just in case you’re an LTS-only shop, SonarQube 9.9 LTS is due on 7 Feb, so you either way I guess there’s an upgrade in your near future.
Ok, just getting realistic expectations. My hope was that there was still some secret magic left
Upgrading to 9.9 LTS is on my radar already.
After the upgrade I will check again if the timings improved.
I might also request a trail license for DE after upgrading to 9.9.X to checkout the PR analysis speed.
Would you like me to do another run with debug logging on and provide the details here?
The debug logging would tell you specific rules the time was going into. If you were interested, you could evaluate turning them off. But I don’t need the logging since you’re on 8.9 and we already know you’ll get a bit speed boost with an upgrade.