Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Hi,
Welcome to the community!
The overall coverage was 0%? That sounds like your coverage report wasn’t passed into analysis. Can you share your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
This guide will help you find them.
Ann
Here are
command used:
$ chmod +x /tmp/scanner/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner
$ chmod +x /tmp/scanner/sonar-scanner-5.0.1.3006-linux/jre/bin/java
$ /tmp/scanner/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner
the logs:
INFO: Project root configuration file: /home/circleci/project/libs/polymer/sonar-project.properties
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 5.15.0-1057-aws amd64
INFO: User cache: /home/circleci/.sonar/cache
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=400ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: Loading required plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=144ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=393ms
INFO: Found an active CI vendor: 'CircleCI'
INFO: Load project settings for component key: '*****************************'
INFO: Load project settings for component key: '*****************************' (done) | time=150ms
INFO: Process project properties
INFO: Project key: *****************************
INFO: Base dir: /home/circleci/project/libs/polymer
INFO: Working dir: /home/circleci/project/libs/polymer/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=138ms
INFO: Check ALM binding of project '*****************************'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project '*****************************' (done) | time=128ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=173ms
INFO: Load branch configuration
INFO: Auto-configuring pull request ****
INFO: Load branch configuration (done) | time=772ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=663ms
INFO: Load active rules
INFO: Load active rules (done) | time=5956ms
INFO: Organization key: *****************
INFO: Pull request **** for merge into main from webinar-28609
INFO: Preprocessing files...
INFO: 2 languages detected in 1408 preprocessed files
INFO: 1408 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Loading plugins for detected languages
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=485ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=207ms
INFO: SCM collecting changed files in the branch
INFO: SCM collecting changed files in the branch (done) | time=157ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/build-wrapper-dump.json, src/**/*.test.js, src/**/*.test.js
INFO: Included tests: src/**/*.test.js
INFO: 1408 files indexed
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: ------------- Run sensors on module *****************
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=108ms
INFO: Sensor cache enabled
INFO: Load sensor cache
INFO: Load sensor cache (2 MB) | time=2365ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=6ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
INFO: Sensor Java Config Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor Java Config Sensor [iac] (done) | time=25ms
INFO: Sensor JavaScript/TypeScript analysis [javascript]
INFO: Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
INFO: Using embedded Node.js runtime
INFO: Using Node.js executable: '/home/circleci/.sonar/js/node-runtime/node'.
INFO: Memory configuration: OS (70213 MB), Node.js (4144 MB).
INFO: Found 0 tsconfig.json file(s): []
INFO: Creating TypeScript program
INFO: TypeScript configuration file /tmp/tmp-1965-EFld4QqJoqlo
INFO: 1181 source files to be analyzed
INFO: Starting analysis with current program
INFO: Analyzed 1181 file(s) with current program
INFO: 1181/1181 source files have been analyzed
INFO: Hit the cache for 1178 out of 1181
INFO: Miss the cache for 3 out of 1181: FILE_CHANGED [3/1181]
INFO: Sensor JavaScript/TypeScript analysis [javascript] (done) | time=12636ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=3ms
INFO: Sensor JavaScript/TypeScript Coverage [javascript]
INFO: No LCOV files were found using ./coverage/lcov.info
WARN: No coverage information will be saved because all LCOV files cannot be found.
INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=307ms
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=1ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=57ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: Available processors: 32
INFO: Using 32 threads for analysis.
INFO: Using git CLI to retrieve untracked files
INFO: Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
INFO: 3 source files to be analyzed
INFO: 3/3 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=450ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /home/circleci/project/libs/polymer/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.001
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.002
INFO: No UCFGs have been included for analysis.
INFO: java security sensor: Time spent was 00:00:00.011
INFO: java security sensor: Begin: 2024-07-29T14:22:30.270873181Z, End: 2024-07-29T14:22:30.282290435Z, Duration: 00:00:00.011
Load type hierarchy and UCFGs: Begin: 2024-07-29T14:22:30.272514859Z, End: 2024-07-29T14:22:30.274552779Z, Duration: 00:00:00.002
Load type hierarchy: Begin: 2024-07-29T14:22:30.272575080Z, End: 2024-07-29T14:22:30.274129035Z, Duration: 00:00:00.001
Load UCFGs: Begin: 2024-07-29T14:22:30.274435307Z, End: 2024-07-29T14:22:30.274481017Z, Duration: 00:00:00.000
INFO: java security sensor peak memory: 330 MB
INFO: Sensor JavaSecuritySensor [security] (done) | time=16ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6639, S6641
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /home/circleci/project/libs/polymer/ucfg2/cs
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: csharp security sensor: Time spent was 00:00:00.000
INFO: csharp security sensor: Begin: 2024-07-29T14:22:30.284411225Z, End: 2024-07-29T14:22:30.285223860Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2024-07-29T14:22:30.284609993Z, End: 2024-07-29T14:22:30.284982750Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-07-29T14:22:30.284623891Z, End: 2024-07-29T14:22:30.284833306Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-07-29T14:22:30.284907890Z, End: 2024-07-29T14:22:30.284940692Z, Duration: 00:00:00.000
INFO: csharp security sensor peak memory: 330 MB
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /home/circleci/project/libs/polymer/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: php security sensor: Time spent was 00:00:00.000
INFO: php security sensor: Begin: 2024-07-29T14:22:30.286095322Z, End: 2024-07-29T14:22:30.287024685Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2024-07-29T14:22:30.286543875Z, End: 2024-07-29T14:22:30.286795262Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-07-29T14:22:30.286557446Z, End: 2024-07-29T14:22:30.286670509Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-07-29T14:22:30.286733046Z, End: 2024-07-29T14:22:30.286751143Z, Duration: 00:00:00.000
INFO: php security sensor peak memory: 330 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /home/circleci/project/libs/polymer/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Time spent was 00:00:00.000
INFO: python security sensor: Begin: 2024-07-29T14:22:30.287596139Z, End: 2024-07-29T14:22:30.288181655Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2024-07-29T14:22:30.287720144Z, End: 2024-07-29T14:22:30.287966674Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-07-29T14:22:30.287732686Z, End: 2024-07-29T14:22:30.287848011Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-07-29T14:22:30.287905859Z, End: 2024-07-29T14:22:30.287924082Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 330 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S6105, S2631, S5131, S5144, S5696, S6350, S2076, S6287, S6096, S2083, S5334, S3649, S5883, S5146, S5147
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /home/circleci/project/libs/polymer/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.008
INFO: Load UCFGs: Starting
INFO: Reading UCFGs from: /home/circleci/project/libs/polymer/.scannerwork/ucfg2/js
INFO: Load UCFGs: Time spent was 00:00:00.680
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.688
INFO: Analyzing 3188 UCFGs to detect vulnerabilities.
INFO: Check cache: Starting
INFO: Load cache: Starting
INFO: Load cache: Time spent was 00:00:00.003
INFO: Compare cache: Starting
INFO: Cache loaded: SecuritySensorCache{ucfgsHashes.count=3186, typeDefinitionsHashes.count=0}
INFO: Compare cache: Time spent was 00:00:00.001
INFO: Check cache: Time spent was 00:00:00.005
INFO: Create runtime call graph: Starting
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.088
INFO: Run SCC (Tarjan) on 24439 nodes: Starting
INFO: Run SCC (Tarjan) on 24439 nodes: Time spent was 00:00:00.031
INFO: Tarjan found 24438 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.053
INFO: Variable Type Analysis #1: Time spent was 00:00:00.174
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.096
INFO: Run SCC (Tarjan) on 24439 nodes: Starting
INFO: Run SCC (Tarjan) on 24439 nodes: Time spent was 00:00:00.024
INFO: Tarjan found 24438 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.039
INFO: Variable Type Analysis #2: Time spent was 00:00:00.161
INFO: Create runtime call graph: Time spent was 00:00:00.340
INFO: Load config: Starting
INFO: Load config: Time spent was 00:00:00.063
INFO: Compute entry points: Starting
INFO: Compute entry points: Time spent was 00:00:00.649
INFO: All rules entry points : 890
INFO: Slice call graph: Starting
INFO: Slice call graph: Time spent was 00:00:00.000
INFO: Live variable analysis: Starting
INFO: Live variable analysis: Time spent was 00:00:00.302
INFO: Taint analysis for js: Starting
INFO: 0 / 3188 UCFGs simulated, memory usage: 220 MB
INFO: 219 / 3188 UCFGs simulated, memory usage: 232 MB
INFO: 431 / 3188 UCFGs simulated, memory usage: 180 MB
INFO: 625 / 3188 UCFGs simulated, memory usage: 209 MB
INFO: 892 / 3188 UCFGs simulated, memory usage: 349 MB
INFO: Taint analysis for js: Time spent was 00:00:01.990
INFO: Report issues: Starting
INFO: Report issues: Time spent was 00:00:00.002
INFO: Store cache: Starting
INFO: Store cache: Time spent was 00:00:00.000
INFO: js security sensor: Time spent was 00:00:04.045
INFO: js security sensor: Begin: 2024-07-29T14:22:30.288666140Z, End: 2024-07-29T14:22:34.334548572Z, Duration: 00:00:04.045
Load type hierarchy and UCFGs: Begin: 2024-07-29T14:22:30.288825303Z, End: 2024-07-29T14:22:30.977752211Z, Duration: 00:00:00.688
Load type hierarchy: Begin: 2024-07-29T14:22:30.288838144Z, End: 2024-07-29T14:22:30.297227040Z, Duration: 00:00:00.008
Load UCFGs: Begin: 2024-07-29T14:22:30.297310359Z, End: 2024-07-29T14:22:30.977555750Z, Duration: 00:00:00.680
Check cache: Begin: 2024-07-29T14:22:30.977823171Z, End: 2024-07-29T14:22:30.983472915Z, Duration: 00:00:00.005
Load cache: Begin: 2024-07-29T14:22:30.977843721Z, End: 2024-07-29T14:22:30.981672194Z, Duration: 00:00:00.003
Compare cache: Begin: 2024-07-29T14:22:30.982063886Z, End: 2024-07-29T14:22:30.983367967Z, Duration: 00:00:00.001
Create runtime call graph: Begin: 2024-07-29T14:22:30.983546343Z, End: 2024-07-29T14:22:31.324477922Z, Duration: 00:00:00.340
Variable Type Analysis #1: Begin: 2024-07-29T14:22:30.984092065Z, End: 2024-07-29T14:22:31.158312518Z, Duration: 00:00:00.174
Create runtime type propagation graph: Begin: 2024-07-29T14:22:30.984792821Z, End: 2024-07-29T14:22:31.073282416Z, Duration: 00:00:00.088
Run SCC (Tarjan) on 24439 nodes: Begin: 2024-07-29T14:22:31.073685916Z, End: 2024-07-29T14:22:31.104788078Z, Duration: 00:00:00.031
Propagate runtime types to strongly connected components: Begin: 2024-07-29T14:22:31.105002165Z, End: 2024-07-29T14:22:31.158138773Z, Duration: 00:00:00.053
Variable Type Analysis #2: Begin: 2024-07-29T14:22:31.159818200Z, End: 2024-07-29T14:22:31.321524929Z, Duration: 00:00:00.161
Create runtime type propagation graph: Begin: 2024-07-29T14:22:31.159890094Z, End: 2024-07-29T14:22:31.256439859Z, Duration: 00:00:00.096
Run SCC (Tarjan) on 24439 nodes: Begin: 2024-07-29T14:22:31.256605111Z, End: 2024-07-29T14:22:31.281512816Z, Duration: 00:00:00.024
Propagate runtime types to strongly connected components: Begin: 2024-07-29T14:22:31.281699405Z, End: 2024-07-29T14:22:31.321354464Z, Duration: 00:00:00.039
Load config: Begin: 2024-07-29T14:22:31.324629224Z, End: 2024-07-29T14:22:31.387831153Z, Duration: 00:00:00.063
Compute entry points: Begin: 2024-07-29T14:22:31.387956305Z, End: 2024-07-29T14:22:32.037329356Z, Duration: 00:00:00.649
Slice call graph: Begin: 2024-07-29T14:22:32.037499579Z, End: 2024-07-29T14:22:32.037524097Z, Duration: 00:00:00.000
Live variable analysis: Begin: 2024-07-29T14:22:32.037554648Z, End: 2024-07-29T14:22:32.339784101Z, Duration: 00:00:00.302
Taint analysis for js: Begin: 2024-07-29T14:22:32.340137872Z, End: 2024-07-29T14:22:34.330956738Z, Duration: 00:00:01.990
Report issues: Begin: 2024-07-29T14:22:34.331031387Z, End: 2024-07-29T14:22:34.333742208Z, Duration: 00:00:00.002
Store cache: Begin: 2024-07-29T14:22:34.333847275Z, End: 2024-07-29T14:22:34.333870159Z, Duration: 00:00:00.000
INFO: js security sensor peak memory: 388 MB
INFO: Sensor JsSecuritySensor [security] (done) | time=4047ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=15ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 3 source files to be analyzed
INFO: SCM Publisher 3/3 source files have been analyzed (done) | time=129ms
INFO: CPD Executor 363 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 526 files
INFO: CPD Executor CPD calculation finished (done) | time=107ms
INFO: SCM writing changed lines
INFO: SCM writing changed lines (done) | time=42ms
INFO: Analysis report generated in 205ms, dir size=330 KB
INFO: Analysis report compressed in 282ms, zip size=336 KB
INFO: Analysis report uploaded in 930ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=******************&pullRequest=****
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=*******************
INFO: Time spent writing ucfgs 10ms
INFO: Analysis total time: 33.878 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 39.889s
INFO: Final Memory: 172M/480M
INFO: ------------------------------------------------------------------------
Ann guessed it the scanner can’t find the cover file.
You need to find the generated coverage file and configure its path in the sonar-project.properties file or when running the scanner using this parameter sonar.javascript.lcov.reportPaths.
Are you running the test coverage before the scanner setup?
Also check the report format in the test config, probably jest.config.ts or vite.config.ts?
The coverage path is already configured and it had run succesfully for previous scan.
We do run test and coverage command before running the sonar scan command.
I ran into similar issue today and I ran sonar-scanner in my local.
The scan does not resolve some files and hence it gave me same error.
No LCOV files were found using ./coverage/lcov.info Once I solved it’s working.
The coverage report is not uploaded for me, that was my issue.
This is part of my CI file.
- name: Test and Coverage
run: yarn test:coverage
- name: Verify Coverage Report
run: ls -l coverage
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}