Hi,
am setting up a some projects with sonarcloud and bitbucket using circleci as a CI pipeline. After setting up and importing my projects/repository and configuring it with circle ci, the scan runs and publishes to sonarcloud. but i dont get any meaningful analysis, no code smells, etc. the quality just keeps passing…
is there a way this can be fixed, or am i missing something?
attached below is some of the screenshots and logs…
please help.
INFO: Scanner configuration file: /tmp/cache/scanner/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/circleci/project/sonar-project.properties
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
INFO: Linux 5.13.0-1023-aws amd64
INFO: User cache: /tmp/cache/scanner/.sonar/cache
INFO: Scanner configuration file: /tmp/cache/scanner/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/circleci/project/sonar-project.properties
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=581ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /tmp/cache/scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=139ms
INFO: Load/download plugins (done) | time=324ms
INFO: Loaded core extensions: developer-scanner
INFO: Found an active CI vendor: 'CircleCI'
INFO: Load project settings for component key: 'my_component_key'
INFO: Load project settings for component key: 'my component key' (done) | time=117ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: my_project_key
INFO: Base dir: /home/circleci/project
INFO: Working dir: /home/circleci/project/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=114ms
INFO: Check ALM binding of project 'my project'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'my project' (done) | time=107ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=134ms
INFO: Load branch configuration
INFO: Auto-configuring branch feature/EIOTC-566
INFO: Load branch configuration (done) | time=2ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=156ms
INFO: Load active rules
INFO: Load active rules (done) | time=4614ms
INFO: Organization key: my_organisation_key
INFO: Branch name: feature/EIOTC-566, type: short-lived
INFO: Load project repositories
INFO: Load project repositories (done) | time=108ms
INFO: SCM collecting changed files in the branch
INFO: SCM collecting changed files in the branch (done) | time=273ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/build-wrapper-dump.json
INFO: 157 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for json: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module "module_name"
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=110ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=22ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=11ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=3ms
INFO: Sensor Text Sensor [text]
INFO: 118 source files to be analyzed
INFO: 118/118 source files have been analyzed
INFO: Sensor Text Sensor [text] (done) | time=195ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=51ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
INFO: Sensor Python Sensor [python]
INFO: Starting global symbols computation
INFO: 115 source files to be analyzed
INFO: 115/115 source files have been analyzed
INFO: Starting rules execution
INFO: 115 source files to be analyzed
INFO: 115/115 source files have been analyzed
INFO: Sensor Python Sensor [python] (done) | time=6963ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=41ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=21ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor CSS Rules [javascript]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=27ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /home/circleci/project/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=0ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /home/circleci/project/.scannerwork/ir/python
INFO: Analyzing 144 functions to detect bugs.
INFO: Sensor pythonbugs [dbd] (done) | time=282ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/project/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/project/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/project/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/project/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/project/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/project/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/project/.scannerwork/ucfg2/python
INFO: Read 636 type definitions
INFO: Reading UCFGs from: /home/circleci/project/.scannerwork/ucfg2/python
INFO: 12:11:48.543549 Building Runtime Type propagation graph
INFO: 12:11:48.592376 Running Tarjan on 10207 nodes
INFO: 12:11:48.612362 Tarjan found 10190 components
INFO: 12:11:48.687419 Variable type analysis: done
INFO: 12:11:48.689639 Building Runtime Type propagation graph
INFO: 12:11:48.712286 Running Tarjan on 10031 nodes
INFO: 12:11:48.746427 Tarjan found 10014 components
INFO: 12:11:48.770737 Variable type analysis: done
INFO: Analyzing 3058 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 0
INFO: Retained UCFGs : 0
INFO: Taint analysis starting. Entrypoints: 0
INFO: Taint analysis: done.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1197ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /home/circleci/project/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/circleci/project/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=44ms
INFO: CPD Executor 23 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 92 files
INFO: CPD Executor CPD calculation finished (done) | time=62ms
INFO: SCM writing changed lines
INFO: SCM writing changed lines (done) | time=6ms
INFO: Analysis report generated in 151ms, dir size=307 KB
INFO: Analysis report compressed in 137ms, zip size=137 KB
INFO: Analysis report uploaded in 486ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at:
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at
INFO: Analysis total time: 19.759 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 22.413s
INFO: Final Memory: 52M/177M
INFO: ------------------------------------------------------------------------
CircleCI received exit code 0
