SonarCloud Code Analysis Report not posting back to Bitbucket cloud pull requests

Pull request analysis is successful, but analysis report does not post back to pull request in bitbucket cloud. The SonarCloud widget does display analysis summary in the pull request. We have had reports post back a single time in a single pull request per repo we have integrated. I have removed SonarCloud from BitbucketCloud and re-added it, and still no luck.

I see no errors or warnings anywhere, no indication that a report had been attempted to be sent to the pull request in Bitbucket Cloud. All I have found that might be of interest, as a wild guess, is the following from Bitbucket’s docs:

To create a report, make sure to generate an ID that is unique across all reports for that commit. If you want to use an existing ID from your own system, we recommend prefixing it with your system’s name to avoid collisions, for example, mySystem-001.

  • ALM used: Bitbucket Cloud
  • CI system used: internal
  • Scanner command used when applicable: will provide, but pull request analyses are successful
  • Error observed: don’t see any anywhere
  • Steps to reproduce:
  1. Integrate SonarCloud with Bitbucket Cloud
  2. Analyze pull request with Reports enabled in Bitbucket Cloud
  3. Get Sonar Report attached to pull request in Bitbucket successfully
  4. Analyze a different pull request, and no Sonar Report is attached, and no warnings or errors to be seen in SonarCloud
  • Potential workaround: can’t find any

Would really love to figure this out, I’m a big fan of Sonar!

Hi @ebqa

Could you please provide us:

  • the scanner command used to run the analysis
  • the logs produced by the scanner during an analysis whose report failed, and one when it worked

Thanks
Claire

Hi Claire, here they are. Hopefully something jumps out at you.

The scanner command & analysis log for one that did NOT successfully post back to bitbucket cloud pull request:

Summary
  sonar-scanner   -Dsonar.organization=blah   -Dsonar.projectKey="$sonarkey"   -Dsonar.projectVersion="$imageversion"  \
  -Dsonar.pullrequest.key=1390 -Dsonar.pullrequest.base=develop -Dsonar.pullrequest.branch=feature/blah \
  -Dsonar.host.url="$sonarhost"   -Dsonar.login="$sonartoken"   -Dsonar.sources="projects/blah/src"   \
  -Dsonar.javascript.lcov.reportPaths="$coveragefiles"   -Dsonar.exclusions="**/node_modules/**,**/*spec.ts"  \
  -Dsonar.tests="projects/blah/src"   -Dsonar.test.inclusions=**/*.spec.ts   -Dsonar.sourceEncoding="UTF-8"

[18:47:38] : [Step 2/4] [01:47:38] Starting analysis…
[18:47:38] : [Step 2/4] [01:47:38] Getting info from “package.json” file
[18:47:38] : [Step 2/4] [01:47:38] Checking if executable exists: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/bin/sonar-scanner
[18:47:38] : [Step 2/4] [01:47:38] Could not find executable in “/tmp/.sonar/native-sonar-scanner”.
[18:47:38] : [Step 2/4] [01:47:38] Proceed with download of the platform binaries for SonarScanner…
[18:47:38] : [Step 2/4] [01:47:38] Creating /tmp/.sonar/native-sonar-scanner
[18:47:38] : [Step 2/4] [01:47:38] Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip
[18:47:38] : [Step 2/4] [01:47:38] (executable will be saved in cache folder: /tmp/.sonar/native-sonar-scanner)
[18:47:43] : [Step 2/4] [91m
[18:47:44] : [Step 2/4] [0mINFO: Scanner configuration file: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/conf/sonar-scanner.properties
[18:47:44] : [Step 2/4] INFO: Project root configuration file: NONE
[18:47:45] : [Step 2/4] INFO: SonarScanner 4.5.0.2216
[18:47:45] : [Step 2/4] INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
[18:47:45] : [Step 2/4] INFO: Linux 5.4.0-1040-azure amd64
[18:47:45] : [Step 2/4] INFO: User cache: /root/.sonar/cache
[18:47:49] : [Step 2/4] INFO: Scanner configuration file: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/conf/sonar-scanner.properties
[18:47:49] : [Step 2/4] INFO: Project root configuration file: NONE
[18:47:49] : [Step 2/4] INFO: Analyzing on SonarCloud
[18:47:49] : [Step 2/4] INFO: Default locale: “en”, source code encoding: “UTF-8”
[18:47:49] : [Step 2/4] INFO: Load global settings
[18:47:50] : [Step 2/4] INFO: Load global settings (done) | time=897ms
[18:47:50] : [Step 2/4] INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
[18:47:50] : [Step 2/4] INFO: User cache: /root/.sonar/cache
[18:47:50] : [Step 2/4] INFO: Load/download plugins
[18:47:50] : [Step 2/4] INFO: Load plugins index
[18:47:50] : [Step 2/4] INFO: Load plugins index (done) | time=194ms
[18:48:15] : [Step 2/4] INFO: Load/download plugins (done) | time=25416ms
[18:48:16] : [Step 2/4] INFO: Loaded core extensions: developer-scanner
[18:48:16] : [Step 2/4] INFO: JavaScript/TypeScript frontend is enabled
[18:48:16] : [Step 2/4] INFO: Load project settings for component key: ‘blah_blah.blah’
[18:48:16] : [Step 2/4] INFO: Load project settings for component key: ‘blah_blah.blah’ (done) | time=172ms
[18:48:16] : [Step 2/4] INFO: Process project properties
[18:48:16] : [Step 2/4] INFO: Execute project builders
[18:48:16] : [Step 2/4] INFO: Execute project builders (done) | time=2ms
[18:48:16] : [Step 2/4] INFO: Project key: blah_blah.blah
[18:48:16] : [Step 2/4] INFO: Base dir: /app
[18:48:16] : [Step 2/4] INFO: Working dir: /app/.scannerwork
[18:48:16] : [Step 2/4] INFO: Load project branches
[18:48:17] : [Step 2/4] INFO: Load project branches (done) | time=188ms
[18:48:17] : [Step 2/4] INFO: Check ALM binding of project ‘blah_blah.blah’
[18:48:17] : [Step 2/4] INFO: Detected project binding: BOUND
[18:48:17] : [Step 2/4] INFO: Check ALM binding of project ‘blah_blah.blah’ (done) | time=170ms
[18:48:17] : [Step 2/4] INFO: Load project pull requests
[18:48:17] : [Step 2/4] INFO: Load project pull requests (done) | time=201ms
[18:48:17] : [Step 2/4] INFO: Load branch configuration
[18:48:18] : [Step 2/4] INFO: Load branch configuration (done) | time=804ms
[18:48:18] : [Step 2/4] INFO: Load quality profiles
[18:48:18] : [Step 2/4] INFO: Load quality profiles (done) | time=217ms
[18:48:18] : [Step 2/4] INFO: Load active rules
[18:48:23] : [Step 2/4] INFO: Load active rules (done) | time=4823ms
[18:48:23] : [Step 2/4] INFO: Organization key: blah
[18:48:23] : [Step 2/4] INFO: Pull request 1390 for merge into develop from feature/blah
[18:48:23] : [Step 2/4] INFO: Indexing files…
[18:48:23] : [Step 2/4] INFO: Project configuration:
[18:48:23] : [Step 2/4] INFO: Excluded sources: /node_modules/, **/spec.ts, **/.spec.ts
[18:48:23] : [Step 2/4] INFO: Included tests: **/*.spec.ts
[18:48:23] : [Step 2/4] INFO: Load project repositories
[18:48:23] : [Step 2/4] INFO: Load project repositories (done) | time=196ms
[18:48:24] : [Step 2/4] INFO: 885 files indexed
[18:48:24] : [Step 2/4] INFO: 887 files ignored because of inclusion/exclusion patterns
[18:48:24] : [Step 2/4] INFO: Quality profile for css: Sonar way
[18:48:24] : [Step 2/4] INFO: Quality profile for ts: Sonar way
[18:48:24] : [Step 2/4] INFO: Quality profile for web: Sonar way
[18:48:24] : [Step 2/4] INFO: ------------- Run sensors on module blah-blah
[18:48:24] : [Step 2/4] INFO: JavaScript/TypeScript frontend is enabled
[18:48:24] : [Step 2/4] INFO: Load metrics repository
[18:48:24] : [Step 2/4] INFO: Load metrics repository (done) | time=176ms
[18:48:26] : [Step 2/4] INFO: Sensor SonarCSS Metrics [cssfamily]
[18:48:26] : [Step 2/4] INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=239ms
[18:48:26] : [Step 2/4] INFO: Sensor SonarCSS Rules [cssfamily]
[18:48:27] : [Step 2/4] INFO: 275 source files to be analyzed
[18:48:29] : [Step 2/4] INFO: 275/275 source files have been analyzed
[18:48:29] : [Step 2/4] INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=3037ms
[18:48:29] : [Step 2/4] INFO: Sensor C# Properties [csharp]
[18:48:29] : [Step 2/4] INFO: Sensor C# Properties [csharp] (done) | time=1ms
[18:48:29] : [Step 2/4] INFO: Sensor JavaXmlSensor [java]
[18:48:29] : [Step 2/4] INFO: Sensor JavaXmlSensor [java] (done) | time=8ms
[18:48:29] : [Step 2/4] INFO: Sensor HTML [web]
[18:48:30] : [Step 2/4] INFO: Sensor HTML [web] (done) | time=536ms
[18:48:30] : [Step 2/4] INFO: Sensor VB.NET Properties [vbnet]
[18:48:30] : [Step 2/4] INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
[18:48:30] : [Step 2/4] INFO: Sensor JaCoCo XML Report Importer [jacoco]
[18:48:30] : [Step 2/4] INFO: ‘sonar.coverage.jacoco.xmlReportPaths’ is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[18:48:30] : [Step 2/4] INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
[18:48:30] : [Step 2/4] INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=6ms
[18:48:30] : [Step 2/4] INFO: Sensor TypeScript analysis [javascript]
[18:48:31] : [Step 2/4] INFO: Deploying custom rules bundle jar:file:/root/.sonar/cache/f2d4f3985cfdc8a536978941e81bc342/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /app/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules16771625295025818098
[18:48:33] : [Step 2/4] INFO: Found 2 tsconfig.json file(s): [/app/tsconfig.json, /app/cypress/tsconfig.json]
[18:48:33] : [Step 2/4] INFO: 439 source files to be analyzed
[18:48:33] : [Step 2/4] INFO: Analyzing 439 files using tsconfig: /app/tsconfig.json
[18:48:43] : [Step 2/4] INFO: 104/439 files analyzed, current file: projects/blah-blah/src/app/components/summary-search/contractor-filter/contractor-filter-dialog/contractor-search/contractor-search.component.ts
[18:48:53] : [Step 2/4] INFO: 370/439 files analyzed, current file: projects/blah-blah/src/app/components/summary-search/statuses-filter/statuses-filter.component.ts
[18:48:56] : [Step 2/4] INFO: 439/439 source files have been analyzed
[18:48:56] : [Step 2/4] INFO: Sensor TypeScript analysis [javascript] (done) | time=25884ms
[18:48:56] : [Step 2/4] INFO: Sensor JavaScript/TypeScript Coverage [javascript]
[18:48:56] : [Step 2/4] INFO: Analysing [/app/coverage/lcov.info]
[18:48:56] : [Step 2/4] INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=81ms
[18:48:56] : [Step 2/4] INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
[18:48:56] : [Step 2/4] INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=10ms
[18:48:56] : [Step 2/4] INFO: Sensor JavaSecuritySensor [security]
[18:48:56] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/java
[18:48:56] : [Step 2/4] INFO: Read 0 type definitions
[18:48:56] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/java
[18:48:56] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[18:48:56] : [Step 2/4] INFO: Sensor JavaSecuritySensor [security] (done) | time=4ms
[18:48:56] : [Step 2/4] INFO: Sensor CSharpSecuritySensor [security]
[18:48:56] : [Step 2/4] INFO: Reading type hierarchy from: /app/ucfg_cs2
[18:48:56] : [Step 2/4] INFO: Read 0 type definitions
[18:48:56] : [Step 2/4] INFO: Reading UCFGs from: /app/ucfg_cs2
[18:48:56] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[18:48:56] : [Step 2/4] INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
[18:48:56] : [Step 2/4] INFO: Sensor PhpSecuritySensor [security]
[18:48:56] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/php
[18:48:56] : [Step 2/4] INFO: Read 0 type definitions
[18:48:56] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/php
[18:48:56] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[18:48:56] : [Step 2/4] INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
[18:48:56] : [Step 2/4] INFO: Sensor PythonSecuritySensor [security]
[18:48:56] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/python
[18:48:56] : [Step 2/4] INFO: Read 0 type definitions
[18:48:56] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/python
[18:48:56] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[18:48:56] : [Step 2/4] INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
[18:48:56] : [Step 2/4] INFO: Sensor JsSecuritySensor [security]
[18:48:56] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/js
[18:48:56] : [Step 2/4] INFO: Read 0 type definitions
[18:48:56] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/js
[18:48:57] : [Step 2/4] INFO: 01:48:57.002678 Building Runtime Type propagation graph
[18:48:57] : [Step 2/4] INFO: 01:48:57.104043 Running Tarjan on 12680 nodes
[18:48:57] : [Step 2/4] INFO: 01:48:57.123752 Tarjan found 12680 components
[18:48:57] : [Step 2/4] INFO: 01:48:57.16105 Variable type analysis: done
[18:48:57] : [Step 2/4] INFO: 01:48:57.163304 Building Runtime Type propagation graph
[18:48:57] : [Step 2/4] INFO: 01:48:57.270187 Running Tarjan on 12680 nodes
[18:48:57] : [Step 2/4] INFO: 01:48:57.287912 Tarjan found 12680 components
[18:48:57] : [Step 2/4] INFO: 01:48:57.319804 Variable type analysis: done
[18:48:57] : [Step 2/4] INFO: Analyzing 1816 ucfgs to detect vulnerabilities.
[18:48:58] : [Step 2/4] INFO: rule: S6105, entrypoints: 439
[18:48:58] : [Step 2/4] INFO: Running symbolic analysis
[18:48:58] : [Step 2/4] INFO: rule: S6105 done
[18:48:58] : [Step 2/4] INFO: rule: S5696, entrypoints: 439
[18:48:58] : [Step 2/4] INFO: Running symbolic analysis
[18:48:59] : [Step 2/4] INFO: rule: S5696 done
[18:48:59] : [Step 2/4] INFO: rule: S5334, entrypoints: 439
[18:48:59] : [Step 2/4] INFO: Running symbolic analysis
[18:48:59] : [Step 2/4] INFO: rule: S5334 done
[18:48:59] : [Step 2/4] INFO: rule: S2083, entrypoints: 439
[18:48:59] : [Step 2/4] INFO: Running symbolic analysis
[18:48:59] : [Step 2/4] INFO: rule: S2083 done
[18:48:59] : [Step 2/4] INFO: rule: S5147, entrypoints: 439
[18:48:59] : [Step 2/4] INFO: Running symbolic analysis
[18:49:00] : [Step 2/4] INFO: rule: S5147 done
[18:49:00] : [Step 2/4] INFO: rule: S5131, entrypoints: 439
[18:49:00] : [Step 2/4] INFO: Running symbolic analysis
[18:49:00] : [Step 2/4] INFO: rule: S5131 done
[18:49:00] : [Step 2/4] INFO: rule: S2631, entrypoints: 439
[18:49:00] : [Step 2/4] INFO: Running symbolic analysis
[18:49:00] : [Step 2/4] INFO: rule: S2631 done
[18:49:00] : [Step 2/4] INFO: rule: S3649, entrypoints: 439
[18:49:00] : [Step 2/4] INFO: Running symbolic analysis
[18:49:00] : [Step 2/4] INFO: rule: S3649 done
[18:49:00] : [Step 2/4] INFO: rule: S6096, entrypoints: 439
[18:49:00] : [Step 2/4] INFO: Running symbolic analysis
[18:49:00] : [Step 2/4] INFO: rule: S6096 done
[18:49:00] : [Step 2/4] INFO: Sensor JsSecuritySensor [security] (done) | time=4661ms
[18:49:00] : [Step 2/4] INFO: ------------- Run sensors on project
[18:49:00] : [Step 2/4] INFO: Sensor Zero Coverage Sensor
[18:49:00] : [Step 2/4] INFO: Sensor Zero Coverage Sensor (done) | time=15ms
[18:49:00] : [Step 2/4] INFO: SCM Publisher is disabled
[18:49:01] : [Step 2/4] INFO: CPD Executor 163 files had no CPD blocks
[18:49:01] : [Step 2/4] INFO: CPD Executor Calculating CPD for 421 files
[18:49:01] : [Step 2/4] INFO: CPD Executor CPD calculation finished (done) | time=182ms
[18:49:01] : [Step 2/4] INFO: Analysis report generated in 289ms, dir size=703 KB
[18:49:02] : [Step 2/4] INFO: Analysis report compressed in 703ms, zip size=604 KB
[18:49:03] : [Step 2/4] INFO: Analysis report uploaded in 1126ms
[18:49:03] : [Step 2/4] INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=blah_blah.blah&pullRequest=1390
[18:49:03] : [Step 2/4] INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[18:49:03] : [Step 2/4] INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXfcBmcrd1a5jElVAyWF
[18:49:08] : [Step 2/4] INFO: Analysis total time: 52.712 s
[18:49:08] : [Step 2/4] INFO: ------------------------------------------------------------------------
[18:49:08] : [Step 2/4] INFO: EXECUTION SUCCESS
[18:49:08] : [Step 2/4] INFO: ------------------------------------------------------------------------
[18:49:08] : [Step 2/4] INFO: Total time: 1:23.955s
[18:49:08] : [Step 2/4] INFO: Final Memory: 31M/107M
[18:49:08] : [Step 2/4] INFO: ------------------------------------------------------------------------
[18:49:09] : [Step 2/4] [01:49:09] Analysis finished.

The command and analysis log for when a report successfully posted back to bitbucket cloud pull request:

Summary
   sonar-scanner   -Dsonar.organization=blah   -Dsonar.projectKey="$sonarkey"   -Dsonar.projectVersion="$imageversion" \
   -Dsonar.pullrequest.key=1372 -Dsonar.pullrequest.base=develop -Dsonar.pullrequest.branch=feature/blah-that-produced-report-in-bitbucket-cloud   \
   -Dsonar.host.url="$sonarhost"   -Dsonar.login="$sonartoken"   -Dsonar.sources="projects/blah-blah/src" \
   -Dsonar.javascript.lcov.reportPaths="$coveragefiles"   -Dsonar.exclusions="**/node_modules/**,**/*spec.ts"   -Dsonar.tests="projects/blah-blah/src" \
   -Dsonar.test.inclusions=**/*.spec.ts   -Dsonar.sourceEncoding="UTF-8"

[12:24:49] : [Step 2/4] [19:24:49] Starting analysis…
[12:24:49] : [Step 2/4] [19:24:49] Getting info from “package.json” file
[12:24:49] : [Step 2/4] [19:24:49] Checking if executable exists: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/bin/sonar-scanner
[12:24:49] : [Step 2/4] [19:24:49] Could not find executable in “/tmp/.sonar/native-sonar-scanner”.
[12:24:49] : [Step 2/4] [19:24:49] Proceed with download of the platform binaries for SonarScanner…
[12:24:49] : [Step 2/4] [19:24:49] Creating /tmp/.sonar/native-sonar-scanner
[12:24:49] : [Step 2/4] [19:24:49] Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip
[12:24:49] : [Step 2/4] [19:24:49] (executable will be saved in cache folder: /tmp/.sonar/native-sonar-scanner)
[12:24:54] : [Step 2/4] [91m
[12:24:55] : [Step 2/4] [0mINFO: Scanner configuration file: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/conf/sonar-scanner.properties
[12:24:55] : [Step 2/4] INFO: Project root configuration file: NONE
[12:24:56] : [Step 2/4] INFO: SonarScanner 4.5.0.2216
[12:24:56] : [Step 2/4] INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
[12:24:56] : [Step 2/4] INFO: Linux 5.4.0-1039-azure amd64
[12:24:56] : [Step 2/4] INFO: User cache: /root/.sonar/cache
[12:25:00] : [Step 2/4] INFO: Scanner configuration file: /tmp/.sonar/native-sonar-scanner/sonar-scanner-4.5.0.2216-linux/conf/sonar-scanner.properties
[12:25:00] : [Step 2/4] INFO: Project root configuration file: NONE
[12:25:00] : [Step 2/4] INFO: Analyzing on SonarCloud
[12:25:00] : [Step 2/4] INFO: Default locale: “en”, source code encoding: “UTF-8”
[12:25:00] : [Step 2/4] INFO: Load global settings
[12:25:01] : [Step 2/4] INFO: Load global settings (done) | time=923ms
[12:25:01] : [Step 2/4] INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
[12:25:01] : [Step 2/4] INFO: User cache: /root/.sonar/cache
[12:25:01] : [Step 2/4] INFO: Load/download plugins
[12:25:01] : [Step 2/4] INFO: Load plugins index
[12:25:02] : [Step 2/4] INFO: Load plugins index (done) | time=196ms
[12:25:27] : [Step 2/4] INFO: Load/download plugins (done) | time=25728ms
[12:25:27] : [Step 2/4] INFO: Loaded core extensions: developer-scanner
[12:25:28] : [Step 2/4] INFO: JavaScript/TypeScript frontend is enabled
[12:25:28] : [Step 2/4] INFO: Load project settings for component key: ‘blah_blah.blah’
[12:25:28] : [Step 2/4] INFO: Load project settings for component key: ‘blah_blah.blah’ (done) | time=175ms
[12:25:28] : [Step 2/4] INFO: Process project properties
[12:25:28] : [Step 2/4] INFO: Execute project builders
[12:25:28] : [Step 2/4] INFO: Execute project builders (done) | time=1ms
[12:25:28] : [Step 2/4] INFO: Project key: blah_blah.blah
[12:25:28] : [Step 2/4] INFO: Base dir: /app
[12:25:28] : [Step 2/4] INFO: Working dir: /app/.scannerwork
[12:25:28] : [Step 2/4] INFO: Load project branches
[12:25:28] : [Step 2/4] INFO: Load project branches (done) | time=192ms
[12:25:28] : [Step 2/4] INFO: Check ALM binding of project ‘blah_blah.blah’
[12:25:28] : [Step 2/4] INFO: Detected project binding: BOUND
[12:25:28] : [Step 2/4] INFO: Check ALM binding of project ‘blah_blah.blah’ (done) | time=166ms
[12:25:28] : [Step 2/4] INFO: Load project pull requests
[12:25:29] : [Step 2/4] INFO: Load project pull requests (done) | time=210ms
[12:25:29] : [Step 2/4] INFO: Load branch configuration
[12:25:29] : [Step 2/4] INFO: Load branch configuration (done) | time=319ms
[12:25:29] : [Step 2/4] INFO: Load quality profiles
[12:25:29] : [Step 2/4] INFO: Load quality profiles (done) | time=214ms
[12:25:29] : [Step 2/4] INFO: Load active rules
[12:25:34] : [Step 2/4] INFO: Load active rules (done) | time=4913ms
[12:25:34] : [Step 2/4] WARN: SCM provider autodetection failed. Please use “sonar.scm.provider” to define SCM of your project, or disable the SCM Sensor in the project settings.
[12:25:34] : [Step 2/4] INFO: Organization key: blah
[12:25:34] : [Step 2/4] INFO: Pull request 1372 for merge into develop from feature/blah-that-produced-report-in-bitbucket-cloud
[12:25:34] : [Step 2/4] INFO: Indexing files…
[12:25:34] : [Step 2/4] INFO: Project configuration:
[12:25:34] : [Step 2/4] INFO: Excluded sources: /node_modules/, **/spec.ts, **/.spec.ts
[12:25:34] : [Step 2/4] INFO: Included tests: **/*.spec.ts
[12:25:34] : [Step 2/4] INFO: Load project repositories
[12:25:34] : [Step 2/4] INFO: Load project repositories (done) | time=203ms
[12:25:35] : [Step 2/4] INFO: 884 files indexed
[12:25:35] : [Step 2/4] INFO: 886 files ignored because of inclusion/exclusion patterns
[12:25:35] : [Step 2/4] INFO: Quality profile for css: Sonar way
[12:25:35] : [Step 2/4] INFO: Quality profile for ts: Sonar way
[12:25:35] : [Step 2/4] INFO: Quality profile for web: Sonar way
[12:25:35] : [Step 2/4] INFO: ------------- Run sensors on module blah-blah
[12:25:35] : [Step 2/4] INFO: JavaScript/TypeScript frontend is enabled
[12:25:35] : [Step 2/4] INFO: Load metrics repository
[12:25:35] : [Step 2/4] INFO: Load metrics repository (done) | time=174ms
[12:25:37] : [Step 2/4] INFO: Sensor SonarCSS Metrics [cssfamily]
[12:25:37] : [Step 2/4] INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=250ms
[12:25:37] : [Step 2/4] INFO: Sensor SonarCSS Rules [cssfamily]
[12:25:38] : [Step 2/4] INFO: 275 source files to be analyzed
[12:25:40] : [Step 2/4] INFO: 275/275 source files have been analyzed
[12:25:40] : [Step 2/4] INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=2883ms
[12:25:40] : [Step 2/4] INFO: Sensor C# Properties [csharp]
[12:25:40] : [Step 2/4] INFO: Sensor C# Properties [csharp] (done) | time=1ms
[12:25:40] : [Step 2/4] INFO: Sensor JavaXmlSensor [java]
[12:25:40] : [Step 2/4] INFO: Sensor JavaXmlSensor [java] (done) | time=6ms
[12:25:40] : [Step 2/4] INFO: Sensor HTML [web]
[12:25:41] : [Step 2/4] INFO: Sensor HTML [web] (done) | time=595ms
[12:25:41] : [Step 2/4] INFO: Sensor VB.NET Properties [vbnet]
[12:25:41] : [Step 2/4] INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
[12:25:41] : [Step 2/4] INFO: Sensor JaCoCo XML Report Importer [jacoco]
[12:25:41] : [Step 2/4] INFO: ‘sonar.coverage.jacoco.xmlReportPaths’ is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[12:25:41] : [Step 2/4] INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
[12:25:41] : [Step 2/4] INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=6ms
[12:25:41] : [Step 2/4] INFO: Sensor TypeScript analysis [javascript]
[12:25:42] : [Step 2/4] INFO: Deploying custom rules bundle jar:file:/root/.sonar/cache/f2d4f3985cfdc8a536978941e81bc342/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /app/.scannerwork/.sonartmp/eslint-bridge-bundle/package/custom-rules17347246780439728195
[12:25:44] : [Step 2/4] INFO: Found 2 tsconfig.json file(s): [/app/tsconfig.json, /app/cypress/tsconfig.json]
[12:25:44] : [Step 2/4] INFO: 438 source files to be analyzed
[12:25:44] : [Step 2/4] INFO: Analyzing 438 files using tsconfig: /app/tsconfig.json
[12:25:54] : [Step 2/4] INFO: 105/438 files analyzed, current file: projects/blah-blah/src/app/components/summary-search/contractor-filter/contractor-filter-dialog/contractor-search/contractor-search.component.ts
[12:26:04] : [Step 2/4] INFO: 353/438 files analyzed, current file: projects/blah-blah/src/app/services/shared/application-insights/application-insights.abstract.ts
[12:26:07] : [Step 2/4] INFO: 438/438 source files have been analyzed
[12:26:07] : [Step 2/4] INFO: Sensor TypeScript analysis [javascript] (done) | time=26361ms
[12:26:07] : [Step 2/4] INFO: Sensor JavaScript/TypeScript Coverage [javascript]
[12:26:07] : [Step 2/4] INFO: Analysing [/app/coverage/lcov.info]
[12:26:07] : [Step 2/4] INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=93ms
[12:26:07] : [Step 2/4] INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
[12:26:07] : [Step 2/4] INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=23ms
[12:26:07] : [Step 2/4] INFO: Sensor JavaSecuritySensor [security]
[12:26:07] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/java
[12:26:07] : [Step 2/4] INFO: Read 0 type definitions
[12:26:07] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/java
[12:26:07] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[12:26:07] : [Step 2/4] INFO: Sensor JavaSecuritySensor [security] (done) | time=5ms
[12:26:07] : [Step 2/4] INFO: Sensor CSharpSecuritySensor [security]
[12:26:07] : [Step 2/4] INFO: Reading type hierarchy from: /app/ucfg_cs2
[12:26:07] : [Step 2/4] INFO: Read 0 type definitions
[12:26:07] : [Step 2/4] INFO: Reading UCFGs from: /app/ucfg_cs2
[12:26:07] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[12:26:07] : [Step 2/4] INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
[12:26:07] : [Step 2/4] INFO: Sensor PhpSecuritySensor [security]
[12:26:07] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/php
[12:26:07] : [Step 2/4] INFO: Read 0 type definitions
[12:26:07] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/php
[12:26:07] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[12:26:07] : [Step 2/4] INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
[12:26:07] : [Step 2/4] INFO: Sensor PythonSecuritySensor [security]
[12:26:07] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/python
[12:26:07] : [Step 2/4] INFO: Read 0 type definitions
[12:26:07] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/python
[12:26:07] : [Step 2/4] INFO: No UCFGs have been included for analysis.
[12:26:07] : [Step 2/4] INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
[12:26:07] : [Step 2/4] INFO: Sensor JsSecuritySensor [security]
[12:26:07] : [Step 2/4] INFO: Reading type hierarchy from: /app/.scannerwork/ucfg2/js
[12:26:07] : [Step 2/4] INFO: Read 0 type definitions
[12:26:07] : [Step 2/4] INFO: Reading UCFGs from: /app/.scannerwork/ucfg2/js
[12:26:08] : [Step 2/4] INFO: 19:26:08.506069 Building Runtime Type propagation graph
[12:26:08] : [Step 2/4] INFO: 19:26:08.616116 Running Tarjan on 12454 nodes
[12:26:08] : [Step 2/4] INFO: 19:26:08.639593 Tarjan found 12454 components
[12:26:08] : [Step 2/4] INFO: 19:26:08.682786 Variable type analysis: done
[12:26:08] : [Step 2/4] INFO: 19:26:08.685104 Building Runtime Type propagation graph
[12:26:08] : [Step 2/4] INFO: 19:26:08.790314 Running Tarjan on 12454 nodes
[12:26:08] : [Step 2/4] INFO: 19:26:08.813285 Tarjan found 12454 components
[12:26:08] : [Step 2/4] INFO: 19:26:08.85365 Variable type analysis: done
[12:26:08] : [Step 2/4] INFO: Analyzing 1773 ucfgs to detect vulnerabilities.
[12:26:09] : [Step 2/4] INFO: rule: S6105, entrypoints: 438
[12:26:09] : [Step 2/4] INFO: Running symbolic analysis
[12:26:10] : [Step 2/4] INFO: rule: S6105 done
[12:26:10] : [Step 2/4] INFO: rule: S5696, entrypoints: 438
[12:26:10] : [Step 2/4] INFO: Running symbolic analysis
[12:26:10] : [Step 2/4] INFO: rule: S5696 done
[12:26:10] : [Step 2/4] INFO: rule: S5334, entrypoints: 438
[12:26:10] : [Step 2/4] INFO: Running symbolic analysis
[12:26:11] : [Step 2/4] INFO: rule: S5334 done
[12:26:11] : [Step 2/4] INFO: rule: S2083, entrypoints: 438
[12:26:11] : [Step 2/4] INFO: Running symbolic analysis
[12:26:11] : [Step 2/4] INFO: rule: S2083 done
[12:26:11] : [Step 2/4] INFO: rule: S5147, entrypoints: 438
[12:26:11] : [Step 2/4] INFO: Running symbolic analysis
[12:26:11] : [Step 2/4] INFO: rule: S5147 done
[12:26:11] : [Step 2/4] INFO: rule: S5131, entrypoints: 438
[12:26:11] : [Step 2/4] INFO: Running symbolic analysis
[12:26:11] : [Step 2/4] INFO: rule: S5131 done
[12:26:11] : [Step 2/4] INFO: rule: S2631, entrypoints: 438
[12:26:11] : [Step 2/4] INFO: Running symbolic analysis
[12:26:12] : [Step 2/4] INFO: rule: S2631 done
[12:26:12] : [Step 2/4] INFO: rule: S3649, entrypoints: 438
[12:26:12] : [Step 2/4] INFO: Running symbolic analysis
[12:26:12] : [Step 2/4] INFO: rule: S3649 done
[12:26:12] : [Step 2/4] INFO: rule: S6096, entrypoints: 438
[12:26:12] : [Step 2/4] INFO: Running symbolic analysis
[12:26:12] : [Step 2/4] INFO: rule: S6096 done
[12:26:12] : [Step 2/4] INFO: Sensor JsSecuritySensor [security] (done) | time=4642ms
[12:26:12] : [Step 2/4] INFO: ------------- Run sensors on project
[12:26:12] : [Step 2/4] INFO: Sensor Zero Coverage Sensor
[12:26:12] : [Step 2/4] INFO: Sensor Zero Coverage Sensor (done) | time=11ms
[12:26:12] : [Step 2/4] INFO: SCM Publisher No SCM system was detected. You can use the ‘sonar.scm.provider’ property to explicitly specify it.
[12:26:12] : [Step 2/4] INFO: CPD Executor 162 files had no CPD blocks
[12:26:12] : [Step 2/4] INFO: CPD Executor Calculating CPD for 421 files
[12:26:12] : [Step 2/4] INFO: CPD Executor CPD calculation finished (done) | time=176ms
[12:26:12] : [Step 2/4] INFO: Analysis report generated in 270ms, dir size=524 KB
[12:26:13] : [Step 2/4] INFO: Analysis report compressed in 716ms, zip size=532 KB
[12:26:14] : [Step 2/4] INFO: Analysis report uploaded in 1054ms
[12:26:14] : [Step 2/4] INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=blah_blah.blah&pullRequest=1372
[12:26:14] : [Step 2/4] INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[12:26:14] : [Step 2/4] INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXenKFYzHe4vdk27LS7w
[12:26:20] : [Step 2/4] INFO: Analysis total time: 52.368 s
[12:26:20] : [Step 2/4] INFO: ------------------------------------------------------------------------
[12:26:20] : [Step 2/4] INFO: EXECUTION SUCCESS
[12:26:20] : [Step 2/4] INFO: ------------------------------------------------------------------------
[12:26:20] : [Step 2/4] INFO: Total time: 1:24.274s
[12:26:20] : [Step 2/4] INFO: Final Memory: 30M/107M
[12:26:20] : [Step 2/4] INFO: ------------------------------------------------------------------------
[12:26:20] : [Step 2/4] [19:26:20] Analysis finished.

Thanks!

Hi,
I notice 1 thing, it may or may not be related to the issue.
On the task where decoration worked, there was 1 Warning on the logs:

WARN: SCM provider autodetection failed. 
Please use “sonar.scm.provider” to define SCM of your project, or disable the SCM Sensor in the project settings.

This warning disappeared in the other analysis, where decoration failed.
Did you changed something, on the way the code is cloned from BBC on the CI worker, or some other configuration, before decoration stopped working?

What’s the status of the SCM sensor on your project today? (Project Administration → General settings → SCM → Disable the SCM Sensor)

I tinkered with that, wondering if it might have some impact (after the fact). I can find another example where the report failed to post where that warning was still in place (or easily cause it to happen again), if you like.

Nothing else has changed, other than what I mentioned I tried. To reiterate, we do still see the report summary widget in bitbucket pull requests just fine, just no actual report file with PR decorations etc.

I haven’t gone through all our branches and PRs since integrating and analyzing in pull request mode, but I could only find a single branch (where I enabled it) for each bitbucket repo where posting the report back to the pull request was in fact successful. All others I have looked at (thus far) have no report attached.

Hi,

It seems the Scanner can’t find the commit being analyzed, then the BitBucket Cloud decoration can’t happen.
The Scanner needs the SCM Sensor to be enabled, and the .git directory (assuming your project is using a Git repository) to be readable to do that.
Is it possible that the sensor is disabled, or the .git directory is not there when the scanner is executed?

If the way your CI works prevents the SCM information to be available to the scanner, you can add this option to the scanner command line:

-Dsonar.pullrequest.bitbucketcloud.triggerCommit=fullShaOfTheCommitThatTriggeredTheBuild

HTH,
Claire

2 Likes

Hi,

I’m facing similar issue with .NET setup that I’ve reported here. My only clue here is the line in ce.log: Error returned by Bitbucket Cloud: 400 {"key": "report-service.general.bad-request", "message": "link is not a valid URL", "arguments": {}}. I also tried passing the parameter /d:sonar.pullrequest.bitbucketcloud.triggerCommit=fullCommitSha, but it didn’t change the error.

Just wanted to add that if it helps here.

Thanks,
Marko

1 Like

Hi @lahma
It seems your issue is on SonarQube, while this one is on SonarCloud.
The symptoms are not the same, and it’s 2 different products, so I don’t think it is the same issue while both relate to BitBucket.

1 Like

Hi @Claire_Villard

Thanks for the clarification, that’s indeed the the case. I was just assuming that the both products would use the same client library logic of transferring data to Bitbucket Cloud. In my case it might be helpful to have more information logged in case of an error, like what was sent that caused the problem.

Thank you, Claire, adding -Dsonar.pullrequest.bitbucketcloud.triggerCommit confirmed working!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.