SonarCloud Bitbucket Cloud Pipeline Not Finding Any Files To Scan

I’ve got a SonarCloud paid edition, linked with private Bitbucket account and can run analysis by invoking sonar-scanner on my local PC but on Bitbucket Pipelines it analyses nothing with the same config files. Project is C/C++.
It’s picking up the included/excluded folders just fine, but it’s reporting no files to index.

Bitbucket config file (bitbucket-pipelines.yml):

image: atlassian/default-image:2

pipelines:
  default:
    - step:
        script:
          - echo "Everything is awesome!"
          - ls -l
          - pipe: sonarsource/sonarcloud-scan:1.0.1
          - pipe: sonarsource/sonarcloud-quality-gate:0.1.3

The ‘ls’ shows that we are in the folder containing CGLib etc. This is sonar-project.properties:

sonar.projectKey=*****
sonar.organization=*****
sonar.host.url=https://sonarcloud.io
sonar.login=*****
sonar.sources=CGLib,Cocos/Classes,Connection,networkapi,UnitTest
sonar.exclusions=CGLib/coder/lz4/**,CGLib/coder/zstd/**,CGLibClient/osa/unused/**,CGLib/unused/**
sonar.cpd.exclusions=CGLib/coder/Coder*.h
sonar.cfamily.build-wrapper-output=sonar
sonar.cfamily.threads = 4

The result is a pass (yay!) but it reports in the sonarcloud-scan step that it scanned no files:

INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /opt/atlassian/pipelines/agent/build/sonar-project.properties
INFO: SonarQube Scanner 3.3.0.1492
INFO: Java 11.0.2 Oracle Corporation (64-bit)
INFO: Linux 4.19.68-coreos amd64
INFO: Bitbucket Cloud Pipelines detected
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 8.0.0
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=578ms
INFO: Server id: 74E9293D-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=134ms
INFO: Load/download plugins (done) | time=23968ms
INFO: Loaded core extensions: developer-scanner
INFO: Detected project key '*****' from 'Bitbucket Cloud Pipelines'
INFO: Detected organization key '*****' from 'Bitbucket Cloud Pipelines'
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=4ms
INFO: Project key: *****
INFO: Base dir: /opt/atlassian/pipelines/agent/build
INFO: Working dir: /opt/atlassian/pipelines/agent/build/.scannerwork
INFO: Load project settings for component key: '*****'
INFO: Load project settings for component key: '*****' (done) | time=141ms
INFO: Found an active CI vendor: 'Bitbucket Pipelines'
INFO: Load project branches
INFO: Load project branches (done) | time=106ms
INFO: Load projects for organization '*****'
INFO: Load projects for organization '*****' (done) | time=704ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=104ms
INFO: Load branch configuration
INFO: Detected analysis for branch 'AP-1360_RemoveDuplication'
INFO: Auto-configuring branch AP-1360_RemoveDuplication
INFO: Load branch configuration (done) | time=3ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=145ms
INFO: Load active rules
INFO: Load active rules (done) | time=16294ms
INFO: Organization key: *****
INFO: Branch name: AP-1360_RemoveDuplication, type: short living
INFO: SCM collecting changed files in the branch
WARN: Could not find ref: develop in refs/heads or refs/remotes/origin
INFO: SCM collecting changed files in the branch (done) | time=62ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Included sources: CGLib,Cocos/Classes,Connection,networkapi,UnitTest
INFO:   Excluded sources: CGLib/coder/lz4/**, CGLib/coder/zstd/**, CGLibClient/osa/unused/**, CGLib/unused/**
INFO:   Excluded sources for coverage: **
INFO:   Excluded sources for duplication: CGLib/coder/Coder*.h
INFO: 0 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: ------------- Run sensors on module *****
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=106ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=0ms
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: SCM writing changed lines
WARN: Could not find ref: develop in refs/heads or refs/remotes/origin
INFO: SCM writing changed lines (done) | time=4ms
INFO: Analysis report generated in 139ms, dir size=139 KB
INFO: Analysis report compressed in 14ms, zip size=25 KB
INFO: Analysis report uploaded in 201ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=*****&branch=AP-1360_RemoveDuplication&resolved=false
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AW6odG1HYtdN_ePNJam2
INFO: Analysis total time: 24.578 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 52.624s
INFO: Final Memory: 28M/128M
INFO: ------------------------------------------------------------------------
e[32m✔ SonarCloud analysis was successful.e[0m

The problem seems to be ‘INFO: 0 files indexed’ when there are several cpp/c files in the included folders. How do I get it to recognise the files? There is a valid build-wrapper-dump.json in the ‘sonar’ folder.

Further information: If I add a non-existent folder to the sonar.sources then it will fail the scan and complain about the folder being missing, so it’s definitely running in the correct folder.
I have ls’d the folders and they do contain the source files.
Any help? Evaluation clock is ticking.

Welcome to the community!

When you execute on your PC, you probably have run the Build Wrapper first, before sonar-scanner.

The sonarcloud-scan pipe does not run the Build Wrapper, which is required to analyze C/C++ code (see the docs). It is the Build Wrapper that generates files that are required by sonar-scanner, executed in the pipe.

If you add a step to run the Build Wrapper right before the pipes, then it should work as expected.

1 Like

Is there a pipe for that, or do I have to do the steps manually?

Also, the build does have access to the Build Wrapper json output produced by running it on a developer machine, which is stored in sonar/build-wrapper-dump.json as pointed to by the sonar.cfamily.build-wrapper-output=sonar. Could it use this instead of generating it fresh?
Oh, I see that it’s full of absolute paths, so probably not.

There is no other pipe for that. Perhaps we can enrich the existing pipe to handle this use case. Until then, you have to run the build wrapper manually, before the pipe step.

I’m not sure I understand. The pipe runs on Bitbucket Cloud infrastructure, so it cannot access to Build Wrapper output produced on a developer machine. You have to run it in the pipeline.

The pipe runs on Bitbucket Cloud infrastructure, so it cannot access to Build Wrapper output produced on a developer machine. You have to run it in the pipeline .

It can if I ran the build wrapper on my developer machine and then checked the resulting json file into source control. I don’t have to run the build wrapper very often because how the build is made doesn’t change often, so one build wrapper can be used for multiple scans.

I’m not sure this is going to work for me on SonarCloud if it can’t use pre-generated build wrapper files.
To generate the Build Wrapper files, the code needs to compile, and as the code is Windows but the BitBucket Pipeline machine is Linux that step won’t work.

Build Wrapper cannot use relative paths because it doesn’t only contain information about the project files but it contains information on how to find dependencies which are machine dependent.

It is not possible to generate build-wrapper on one machine and use it on a different one, build-wrapper and sonar-scanner should be executed in the same OS layer.

OK, so it is impossible to use SonarCloud and Bitbucket Cloud for Windows C/C++ projects.
I will try a different solution.