SonarCloud analyzing only Python code but the project is C++

SonarCloud anayzing Python code only but I ignored python code in sonar properties file.

  • ALM used (GitHub)
  • CI system used (GitHub actions
  • Languages of the repository C++,C and Python
  • SonarCloud project is not public
  • This is my build file. I use cmake to build the project.
name: Build
on:
  push:
    branches:
      - develop
      - feature/*
      - feat/*
      - fix/*
      - task/*
      - release*
  pull_request:
    types: [opened, reopened]
jobs:
  build:
    name: Build
    runs-on: macos-latest
    env:
      SONAR_SCANNER_VERSION: 4.7.0.2747 # Find the latest version in the "MacOS" link on this page:
                                        # https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarscanner-cli/
      SONAR_SERVER_URL: "https://sonarcloud.io"
      BUILD_WRAPPER_OUT_DIR: . # Directory where build-wrapper output will be placed
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Cache SonarCloud packages
        uses: actions/cache@v1
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Download and set up sonar-scanner
        env:
          SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-macosx.zip
        run: |
          mkdir -p $HOME/.sonar
          curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} 
          unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
          echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-macosx/bin" >> $GITHUB_PATH
      - name: Download and set up build-wrapper
        env:
          BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-macosx-x86.zip
        run: |
          curl -sSLo $HOME/.sonar/build-wrapper-macosx-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }}
          unzip -o $HOME/.sonar/build-wrapper-macosx-x86.zip -d $HOME/.sonar/
          echo "$HOME/.sonar/build-wrapper-macosx-x86" >> $GITHUB_PATH
      - name: Run build-wrapper
        run: |
          mkdir build
          cmake -S . -B build
          build-wrapper-macosx-x86 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build/ --config Release
      - name: Run sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: |
          sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"

And here is my sonar properties file:

sonar.projectKey=org_sal
sonar.organization=org

# This is the name and version displayed in the SonarCloud UI.
sonar.projectName=sal
sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
sonar.sources=SAL/src

# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8

sonar.exclusions=**/*.sh,**/*.py,**/*_Test*,SAL_Unit_Tests/**

Thanks in advance!

Hi,

Can you go ahead & share your analysis log, redacted as necessary?

 
Thx,
Ann

Hi Ann,
Thanks for responding. Can i share them in private pls? and how can i share in private with you bc there is no message option?

Thanks

Hi,

Feel free to redact anything sensitive.

 
Ann

sorry i didn’t know how to do it so can you please delete it after download the zip file?

Hi,

“Redact” means remove or obscure sensitive information. I’ve deleted the link to your zip, but the internet never forgets.

Reviewing your log, I don’t see anything out of the ordinary. What makes you say analysis is Python-only & ignores C++?

 
Ann

The screenshoot I shared and also if i go to the code section that analyzed they are all python files. If you look at the screenshot I shared above it says python only!



Screen Shot 2022-09-02 at 8.59.09 AM

Hi,

Are you quite sure the logs you’ve provided correspond to the project you’re screenshotting?

Because I see this in the log:

2022-09-02T12:59:20.0982800Z INFO: Indexing files...
2022-09-02T12:59:20.1044160Z INFO: Project configuration:
2022-09-02T12:59:20.1049180Z INFO:   Excluded sources: **/build-wrapper-dump.json, **/*.sh, **/*.py, **/*_Test*, SAL_Unit_Tests/**
2022-09-02T12:59:20.5247540Z INFO: 153 files indexed
2022-09-02T12:59:20.5348840Z INFO: 0 files ignored because of inclusion/exclusion patterns
2022-09-02T12:59:20.5416280Z INFO: 0 files ignored because of scm ignore settings
2022-09-02T12:59:20.5417200Z INFO: Quality profile for cpp: Sonar way

You excluded Python files (**/*.py) but analysis didn’t actually find any to ignore

...
2022-09-02T12:59:25.5772500Z INFO: Sensor CFamily [cpp]
2022-09-02T12:59:25.5785960Z INFO: CFamily plugin version: 6.36.0.52033
2022-09-02T12:59:25.5798400Z INFO: Using build-wrapper output: /Users/runner/work/sal/sal/./build-wrapper-dump.json
2022-09-02T12:59:25.5813220Z INFO: Available processors: 3
2022-09-02T12:59:25.5920860Z INFO: Using 3 threads for analysis.
...
2022-09-02T12:59:29.0761940Z INFO: [pool-5-thread-2] /Users/runner/work/sal/sal/SAL/src/Algorithms/CyclingDetectionAlgorithm.cpp
2022-09-02T12:59:29.0763520Z INFO: [pool-5-thread-1] /Users/runner/work/sal/sal/SAL/src/[redacted].cpp
2022-09-02T12:59:29.0764990Z INFO: [pool-5-thread-3] /Users/runner/work/sal/sal/SAL/src/[redacted].cpp
2022-09-02T12:59:29.5083270Z INFO: [pool-5-thread-1] /Users/runner/work/sal/sal/SAL/src/[redacted].cpp
...
2022-09-02T13:06:27.9881590Z INFO: PCH: unique=0 use=0 (forceInclude=0,throughHeader=0,firstInclude=0) out of 153 (forceInclude=0,throughHeader=0)
2022-09-02T13:06:27.9882010Z INFO: SE: 153 out of 153
2022-09-02T13:06:27.9883140Z INFO: Z3 refutation rate: 0 out of 9
2022-09-02T13:06:28.1687520Z INFO: Subprocess(es) done in 419903ms
2022-09-02T13:06:28.1694850Z INFO: 153 compilation units analyzed
2022-09-02T13:06:28.1704060Z INFO: Sensor CFamily [cpp] (done) | time=422594ms
...

C++ analysis ran & found plenty of files to analyze

2022-09-02T13:06:28.1712100Z INFO: Sensor pythonbugs [dbd]
2022-09-02T13:06:28.1713300Z INFO: Reading IR files from: /Users/runner/work/sal/sal/.scannerwork/ir/python
2022-09-02T13:06:28.1715020Z INFO: No IR files have been included for analysis.
2022-09-02T13:06:28.1720050Z INFO: Sensor pythonbugs [dbd] (done) | time=0ms
...
2022-09-02T13:06:28.1778290Z INFO: Sensor PythonSecuritySensor [security]
2022-09-02T13:06:28.1779430Z INFO: Reading type hierarchy from: /Users/runner/work/sal/sal/.scannerwork/ucfg2/python
2022-09-02T13:06:28.1780200Z INFO: Read 0 type definitions
2022-09-02T13:06:28.1780940Z INFO: Reading UCFGs from: /Users/runner/work/sal/sal/.scannerwork/ucfg2/python
2022-09-02T13:06:28.1781690Z INFO: No UCFGs have been included for analysis.
2022-09-02T13:06:28.1782080Z INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
...

Python analysis tried to run, but didn’t find any files to analyze.

 
Ann

Yes, I am sure it is the project logs that i shared. I haven’t merge the PR yet actually. Is it maybe because of that?

Hi,

Sorry, what PR?

 
Ann

I created a PR for analyzing the code and i didn’t merge the PR into main branch yet. right now, it is analyzing my local branch and not main branch in sonarcloud.

Hi,

You’ve provided screenshots of a branch. Was the analysis log from a branch or PR?

 
Ann

They are from main branch but I did auto analyze with sonarcloud to see if the auto analyze can change the python code only to c++ code. and when you do auto analyze it analyzing the main branch. So the screenshots i shared are from main branch.

Hi,

Automatic analysis is not going to analyze C++. Can you share the screenshots that correspond to the analysis log you shared?

 
Ann

For pull request code part is empty because I didn’t change any code just added build and sonar properties file.


Hi,

Then that’s the expected result. PR analysis only reports on code changed in the PR.

 
Ann

Ok, that means if i merge the PR into main branch it will analyze C++ code as well ??

After merging the repo into main branch it worked. So as you said above SonarCloud doesn’t analyze C++ files automatically. Thank you so much for your help!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.