Hello,
We are running SonarQube 7.4 Developer Edition with the Sonar for Bamboo plugin (v2.1.2) and the Sonar Maven 3 tasks is hanging up our build on Bamboo. Excerpt from log:
build 04-Jan-2019 18:40:39 [INFO] Sensor JavaSecuritySensor [security]
build 04-Jan-2019 18:40:39 [INFO] Reading UCFGs from: /webcontent/bamboo/xml-data/build-dir/AF-AFF5-JOB1/target/sonar/ucfg2/java
build 04-Jan-2019 18:43:23 [INFO] UCFGs: 175888, excluded: 172868, source entrypoints: 3020
build 04-Jan-2019 18:43:23 [INFO] Analyzing 175756 ucfgs to detect vulnerabilities.
build 04-Jan-2019 18:43:29 [INFO] rule: S3649, entrypoints: 10
build 04-Jan-2019 18:47:55 [WARNING] [JOURNAL_FLUSHER] WARNING Journal flush operation took 3,507ms last 8 cycles average is 438ms
build 04-Jan-2019 18:50:04 [WARNING] [JOURNAL_FLUSHER] WARNING Journal flush operation took 3,630ms last 8 cycles average is 453ms
....
build 04-Jan-2019 18:51:50 [ERROR] GC overhead limit exceeded -> [Help 1]
I’ve tried increasing the memory argument (via SONAR_SCANNER_OPTS="-Xmx4G") but that only added more JOURNAL_FLUSHER log entries. I had to stop the build after an hour or two of it running.
I saw the post Suddenly analysis takes a long time to finish which is very similar but ended looking like a SonarCloud fix?
I disabled rules S3649, S2076, S2091, S2078 and S2631 which avoid the problem:
build 08-Jan-2019 11:40:02 [INFO] Sensor JavaSecuritySensor [security]
build 08-Jan-2019 11:40:02 [INFO] Reading UCFGs from: /bamboo/xml-data/build-dir/AA-AAA5-JOB1/target/sonar/ucfg2/java
build 08-Jan-2019 11:42:29 [INFO] UCFGs: 175888, excluded: 172868, source entrypoints: 3020
build 08-Jan-2019 11:42:29 [INFO] Analyzing 175756 ucfgs to detect vulnerabilities.
build 08-Jan-2019 11:42:34 [INFO] rule: S2083, entrypoints: 17
build 08-Jan-2019 11:42:45 [INFO] rule: S2083 done
build 08-Jan-2019 11:42:45 [INFO] Sensor JavaSecuritySensor [security] (done) | time=162874ms
It would be preferable to enable this rule to allow checking of SQL injection. The project is private so I’m not able to share the ucfg2/java contents.
Any ideas on why it’s hanging up?