Sonar Scanner via sonarqube gradle plugin - huge performance drop since Version 4.3

Must-share information (formatted with Markdown):

  • which versions are you using:
    • SonarQube (Developer Edition)
    • Scanner: gradle plugin version,
    • Installed Plugins/Extensions:
      • Dependency-Check 4.0.0
      • OpenID Connect Authentication for SonarQube 2.1.1
      • Custom Java Plugin containing 5 custom Java Rules
    • Gradle version: 8.4
  • how is SonarQube deployed: Docker / Kubernetes
  • Expected: good performace of sonarqube gradle plugin
  • tested the above gradle plugin versions locally and in CI to determine when the performance drop happened

We have a large gradle multi module java/JS/TS project with ~ 200 gradle sub modules and ~ 900k LOCs. Since gradle plugin version we experienced a huge performance drop in the scanning of our project, especially in the Gitlab Merge Request / branch analysis. Here the Analysis time (sonar task) for the different versions, all with the same source code / commit / branch:

  • BUILD SUCCESSFUL in 8m 48s
  • BUILD SUCCESSFUL in 8m 24s
  • BUILD SUCCESSFUL in 6m 10s
  • BUILD FAILED: Caused by: File libs/foo/api/build.gradle.kts can’t be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files
  • BUILD SUCCESSFUL in 1h 1m 28s
  • BUILD SUCCESSFUL in 48m 29s

Here the sonar configuration in our root build.gradle.kts:

sonar {
    properties {
        property("sonar.sourceEncoding", "UTF-8")
        property("sonar.dependencyCheck.jsonReportPath", "build/reports/dependency-check-report.json")
        property("sonar.dependencyCheck.htmlReportPath", "build/reports/dependency-check-report.html")
        property("sonar.dependencyCheck.summarize", true)
        property("sonar.gradle.skipCompile", true)

The execution time in SonarQube Server is always ~15 seconds.

Hello @xtermi2,

Unfortunately with the data you’ve provided it’s pretty hard to figure out where the problem is.

Could you, please, provide this data:

  • full log
  • thread dumps

Thanks in advance,

Hello @xtermi2,

We’ve improved the performance of Kotlin Analyzer recently. The next Sonarqube version should contain the improvement. Let us know if it helped, once you upgrade.