SonarCloud Zero Code Coverage using Laravel Bitbucket PCOV

I can’t figure out why my coverage report says 0% on SonarCloud. Here is all the information I have:

  • Bitbucket Cloud for all the things
  • Laravel app
  • using PCOV to generate code coverage.xml report
  • There are no errors being generated. At one point I was getting path errors that couldn’t be found. But that’s because there were files in the coverage.xml report that were being ignored in SonarCloud. I since fixed those and there are no errors but still coverage is 0%.
  • If you look in the screenshots below you can see that I have a tests.xml artifact. I have removed it from SonarCloud because I’m having the exact same issue and I figured I would tackle them one at a time. The issue is the same though, it seems to pick up the file but it doesn’t read it(?).

phpunit.xml

    <coverage>
        <report>
            <clover outputFile="./coverage.xml"/>
        </report>
    </coverage>

SonarScanner Context:

SonarCloud plugins:
  - JaCoCo 1.3.0.1538 (jacoco)
  - License for SonarLint 8.0.0.56801 (license)
  - IaC Code Quality and Security 1.36.0.12431 (iac)
  - Text Code Quality and Security 2.15.0.3845 (text)
  - XML Code Quality and Security 2.10.0.4108 (xml)
Project server settings:
  - sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog
  - sonar.apex.file.suffixes=.cls,.trigger
  - sonar.autoscan.enabled=false
  - sonar.azureresourcemanager.file.suffixes=.bicep
  - sonar.c.file.suffixes=.c,.h
  - sonar.coverage.exclusions=**/vendor/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/*.xml
  - sonar.cpd.exclusions=**/Seeders/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/*.xml,**/stubs/**,**/storage/**,**/resources/**,**/public/**,**/database/**
  - sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m
  - sonar.cs.file.suffixes=.cs,.razor
  - sonar.css.file.suffixes=.css,.less,.scss,.sass
  - sonar.dart.file.suffixes=.dart
  - sonar.docker.file.patterns=Dockerfile,*.dockerfile
  - sonar.exclusions=**/Seeders/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/stubs/**,**/storage/**,**/resources/**,**/public/**,**/database/**,**/*.xml
  - sonar.flex.file.suffixes=as
  - sonar.go.file.suffixes=.go
  - sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig
  - sonar.ipynb.file.suffixes=ipynb
  - sonar.java.file.suffixes=.java,.jav
  - sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/application*.properties,**/src/main/resources/**/application*.yaml,**/src/main/resources/**/application*.yml
  - sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue
  - sonar.jcl.file.suffixes=.jcl
  - sonar.json.file.suffixes=.json
  - sonar.jsp.file.suffixes=.jsp,.jspf,.jspx
  - sonar.kotlin.file.suffixes=.kt,.kts
  - sonar.objc.file.suffixes=.m
  - sonar.php.coverage.reportPaths=coverage.xml
  - sonar.php.file.suffixes=php,php3,php4,phtml,inc,php5
  - sonar.pli.file.suffixes=.pli
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.pullrequest.provider=BitbucketCloud
  - sonar.python.file.suffixes=py
  - sonar.rpg.file.suffixes=.rpg,.rpgle,.sqlrpgle,.RPG,.RPGLE,.SQLRPGLE
  - sonar.ruby.file.suffixes=.rb
  - sonar.scala.file.suffixes=.scala
  - sonar.scm.disabled=true
  - sonar.swift.file.suffixes=.swift
  - sonar.terraform.file.suffixes=.tf
  - sonar.tsql.file.suffixes=.tsql
  - sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts
  - sonar.vb.file.suffixes=.bas,.frm,.ctl
  - sonar.vbnet.file.suffixes=.vb
  - sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config
  - sonar.yaml.file.suffixes=.yaml,.yml
Project scanner properties:
  - sonar.host.url=https://sonarcloud.io
  - sonar.organization=*********
  - sonar.projectBaseDir=/opt/atlassian/pipelines/agent/build/src
  - sonar.projectKey=*********
  - sonar.scanner.app=ScannerCLI
  - sonar.scanner.appVersion=5.0.1.3006
  - sonar.scanner.home=/opt/sonar-scanner
  - sonar.scanner.opts=-Xmx3072m
  - sonar.sourceEncoding=UTF-8
  - sonar.working.directory=/opt/atlassian/pipelines/agent/build/src/.scannerwork
  • My artifacts are being generated correctly and I have an image of it but since I’m new I can only post 3 media items. You’ll have to take my word for it.
  • You can find the coverage ignore patterns in the log but I’ll also have to remove that image from the SonarCloud dashboard due to the 3 media limit.

Duplication ignore patterns:

Files to ignore patterns:

If I remove **/*.xml the coverage.xml file will show up in the SonarCloud code view below.

However, it analyzes the file and that impacts the quality gate. I have tried both ignoring and allowing .xml but it didn’t make a difference.

BitBucket SonarCloud Analysis Log:

Status: Downloaded newer image for sonarsource/sonarcloud-scan:2.0.0
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.8 Amazon.com Inc. (64-bit)
INFO: Linux 5.15.0-1069-aws amd64
INFO: SONAR_SCANNER_OPTS=-Xmx3072m
INFO: Bitbucket Cloud Pipelines detected, no host variable set. Defaulting to sonarcloud.io.
INFO: User cache: /root/.sonar/cache
INFO: Analyzing on SonarQube server 11.3.0.200
INFO: Default locale: "en", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=247ms
INFO: Server id: ****************************
INFO: Loading required plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=161ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=419ms
INFO: Found an active CI vendor: 'Bitbucket Pipelines'
INFO: Detected project key '*************' from 'Bitbucket Cloud Pipelines'
INFO: Detected organization key '*************' from 'Bitbucket Cloud Pipelines'
INFO: Load project settings for component key: '*************'
INFO: Load project settings for component key: '*************' (done) | time=353ms
INFO: Process project properties
INFO: Project key: *************
INFO: Base dir: /opt/atlassian/pipelines/agent/build/src
INFO: Working dir: /opt/atlassian/pipelines/agent/build/src/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=367ms
INFO: Check ALM binding of project '*************'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project '*************' (done) | time=133ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=424ms
INFO: Load branch configuration
INFO: Detected analysis for branch '*******'
INFO: Auto-configuring branch '*******'
INFO: Load branch configuration (done) | time=2ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=649ms
INFO: Load active rules
INFO: Load active rules (done) | time=12221ms
INFO: Organization key: *************
INFO: Branch name: '*******', type: long-lived
INFO: Preprocessing files...
INFO: 2 languages detected in 2912 preprocessed files
INFO: 16326 files ignored because of inclusion/exclusion patterns
INFO: Loading plugins for detected languages
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=212ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=1292ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/build-wrapper-dump.json, **/Seeders/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/stubs/**, **/storage/**, **/resources/**, **/public/**, **/database/**, **/*.xml
INFO:   Excluded sources for coverage: **/vendor/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/*.xml
INFO:   Excluded sources for duplication: **/Seeders/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/*.xml, **/stubs/**, **/storage/**, **/resources/**, **/public/**, **/database/**
INFO: 2912 files indexed
INFO: Quality profile for json: Sonar way
INFO: Quality profile for php: SP quality php
INFO: ------------- Run sensors on module *************
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=140ms
INFO: Sensor cache enabled
INFO: Load sensor cache
INFO: Load sensor cache (6 MB) | time=2452ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=974ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=10ms
INFO: Sensor PHPUnit report sensor [php]
INFO: No PHPUnit tests reports provided (see 'sonar.php.tests.reportPath' property)
INFO: Importing /opt/atlassian/pipelines/agent/build/src/coverage.xml
INFO: Sensor PHPUnit report sensor [php] (done) | time=495ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=10ms
INFO: Sensor IaC AzureResourceManager Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC AzureResourceManager Sensor [iac] (done) | time=59ms
INFO: Sensor Java Config Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor Java Config Sensor [iac] (done) | time=24ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=39ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Available processors: 8
INFO: Using 8 threads for analysis.
INFO: The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
  * The filename starts with "test"
  * The filename contains "test." or "tests."
  * Any directory in the file path is named: "doc", "docs", "test" or "tests"
  * Any directory in the file path has a name ending in "test" or "tests"
INFO: Using git CLI to retrieve untracked files
WARN: Analyzing only language associated files, make sure to run the analysis inside a git repository to make use of inclusions specified via "sonar.text.inclusions"
INFO: 2901 source files to be analyzed
INFO: 2901/2901 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=6157ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.002
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.002
INFO: No UCFGs have been included for analysis.
INFO: java security sensor: Time spent was 00:00:00.019
INFO: java security sensor: Begin: 2024-09-28T12:23:03.194267165Z, End: 2024-09-28T12:23:03.213475016Z, Duration: 00:00:00.019
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.200692670Z, End: 2024-09-28T12:23:03.203622198Z, Duration: 00:00:00.002
    Load type hierarchy: Begin: 2024-09-28T12:23:03.200796478Z, End: 2024-09-28T12:23:03.203062748Z, Duration: 00:00:00.002
    Load UCFGs: Begin: 2024-09-28T12:23:03.203452160Z, End: 2024-09-28T12:23:03.203510736Z, Duration: 00:00:00.000
INFO: java security sensor peak memory: 347 MB
INFO: Sensor JavaSecuritySensor [security] (done) | time=24ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/ucfg2/cs
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.001
INFO: No UCFGs have been included for analysis.
INFO: csharp security sensor: Time spent was 00:00:00.003
INFO: csharp security sensor: Begin: 2024-09-28T12:23:03.217346739Z, End: 2024-09-28T12:23:03.220356657Z, Duration: 00:00:00.003
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.217730145Z, End: 2024-09-28T12:23:03.219508029Z, Duration: 00:00:00.001
    Load type hierarchy: Begin: 2024-09-28T12:23:03.217805409Z, End: 2024-09-28T12:23:03.218666720Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-09-28T12:23:03.218849025Z, End: 2024-09-28T12:23:03.219233042Z, Duration: 00:00:00.000
INFO: csharp security sensor peak memory: 347 MB
INFO: Sensor CSharpSecuritySensor [security] (done) | time=3ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/php
INFO: Read 3086 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.326
INFO: Load UCFGs: Starting
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/php
INFO: Load UCFGs: Time spent was 00:00:02.981
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:03.308
INFO: Analyzing 11640 UCFGs to detect vulnerabilities.
INFO: Check cache: Starting
INFO: Load cache: Starting
INFO: Load cache: Time spent was 00:00:00.000
INFO: Check cache: Time spent was 00:00:00.000
INFO: Create runtime call graph: Starting
INFO: Create declared type propagation graph: Starting
INFO: Create declared type propagation graph: Time spent was 00:00:00.289
INFO: Run SCC (Tarjan) on 42284 nodes: Starting
INFO: Run SCC (Tarjan) on 42284 nodes: Time spent was 00:00:00.071
INFO: Tarjan found 41902 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.110
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.538
INFO: Run SCC (Tarjan) on 54600 nodes: Starting
INFO: Run SCC (Tarjan) on 54600 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 54146 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.213
INFO: Variable Type Analysis #1: Time spent was 00:00:00.811
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.372
INFO: Run SCC (Tarjan) on 53565 nodes: Starting
INFO: Create runtime call graph: Time spent was 00:00:01.962
INFO: Load config: Starting
INFO: Load config: Time spent was 00:00:00.180
INFO: Compute entry points: Starting
INFO: Compute entry points: Time spent was 00:00:01.906
INFO: All rules entry points : 45
INFO: Slice call graph: Starting
INFO: Retained UCFGs : 1107
INFO: Slice call graph: Time spent was 00:00:00.016
INFO: Live variable analysis: Starting
INFO: Live variable analysis: Time spent was 00:00:00.109
INFO: Taint analysis for php: Starting
INFO: 0 / 1107 UCFGs simulated, memory usage: 566 MB
INFO: 211 / 1107 UCFGs simulated, memory usage: 602 MB
INFO: Taint analysis for php: Time spent was 00:00:00.352
INFO: Report issues: Starting
INFO: Report issues: Time spent was 00:00:00.007
INFO: Store cache: Starting
INFO: Store cache: Time spent was 00:00:00.022
INFO: php security sensor: Time spent was 00:00:07.871
INFO: php security sensor: Begin: 2024-09-28T12:23:03.221365357Z, End: 2024-09-28T12:23:11.092394705Z, Duration: 00:00:07.871
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.221527710Z, End: 2024-09-28T12:23:06.529545549Z, Duration: 00:00:03.308
    Load type hierarchy: Begin: 2024-09-28T12:23:03.221558095Z, End: 2024-09-28T12:23:03.547655197Z, Duration: 00:00:00.326
    Load UCFGs: Begin: 2024-09-28T12:23:03.547909242Z, End: 2024-09-28T12:23:06.529267878Z, Duration: 00:00:02.981
  Check cache: Begin: 2024-09-28T12:23:06.529740237Z, End: 2024-09-28T12:23:06.530367391Z, Duration: 00:00:00.000
    Load cache: Begin: 2024-09-28T12:23:06.529800591Z, End: 2024-09-28T12:23:06.529877887Z, Duration: 00:00:00.000
  Create runtime call graph: Begin: 2024-09-28T12:23:06.530504574Z, End: 2024-09-28T12:23:08.493009172Z, Duration: 00:00:01.962
    Create declared type propagation graph: Begin: 2024-09-28T12:23:06.535446193Z, End: 2024-09-28T12:23:06.824966390Z, Duration: 00:00:00.289
    Run SCC (Tarjan) on 42284 nodes: Begin: 2024-09-28T12:23:06.828478883Z, End: 2024-09-28T12:23:06.899906937Z, Duration: 00:00:00.071
    Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:06.900403916Z, End: 2024-09-28T12:23:07.010933428Z, Duration: 00:00:00.110
    Variable Type Analysis #1: Begin: 2024-09-28T12:23:07.013301578Z, End: 2024-09-28T12:23:07.825267875Z, Duration: 00:00:00.811
      Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.013647829Z, End: 2024-09-28T12:23:07.552000811Z, Duration: 00:00:00.538
      Run SCC (Tarjan) on 54600 nodes: Begin: 2024-09-28T12:23:07.552249542Z, End: 2024-09-28T12:23:07.611739107Z, Duration: 00:00:00.059
      Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:07.611942373Z, End: 2024-09-28T12:23:07.825068508Z, Duration: 00:00:00.213
    Variable Type Analysis #2: Begin: 2024-09-28T12:23:07.825806527Z, End: 2024-09-28T12:23:08.482370893Z, Duration: 00:00:00.656
      Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.825892317Z, End: 2024-09-28T12:23:08.198098806Z, Duration: 00:00:00.372
      Run SCC (Tarjan) on 53565 nodes: Begin: 2024-09-28T12:23:08.198360211Z, End: 2024-09-28T12:23:08.257628056Z, Duration: 00:00:00.059
      Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:08.257850324Z, End: 2024-09-28T12:23:08.482143751Z, Duration: 00:00:00.224
  Load config: Begin: 2024-09-28T12:23:08.493223977Z, End: 2024-09-28T12:23:08.673397972Z, Duration: 00:00:00.180
  Compute entry points: Begin: 2024-09-28T12:23:08.674405616Z, End: 2024-09-28T12:23:10.581273701Z, Duration: 00:00:01.906
  Slice call graph: Begin: 2024-09-28T12:23:10.581471077Z, End: 2024-09-28T12:23:10.597786193Z, Duration: 00:00:00.016
  Live variable analysis: Begin: 2024-09-28T12:23:10.597954169Z, End: 2024-09-28T12:23:10.707840645Z, Duration: 00:00:00.109
  Taint analysis for php: Begin: 2024-09-28T12:23:10.708148961Z, End: 2024-09-28T12:23:11.060951902Z, Duration: 00:00:00.352
  Report issues: Begin: 2024-09-28T12:23:11.061070284Z, End: 2024-09-28T12:23:11.068542423Z, Duration: 00:00:00.007
  Store cache: Begin: 2024-09-28T12:23:11.068680339Z, End: 2024-09-28T12:23:11.091166686Z, Duration: 00:00:00.022
INFO: php security sensor peak memory: 763 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=7872ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Time spent was 00:00:00.001
INFO: python security sensor: Begin: 2024-09-28T12:23:11.093958543Z, End: 2024-09-28T12:23:11.095044172Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.094269841Z, End: 2024-09-28T12:23:11.094733260Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-09-28T12:23:11.094322851Z, End: 2024-09-28T12:23:11.094525346Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-09-28T12:23:11.094598281Z, End: 2024-09-28T12:23:11.094642172Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 763 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S2083, S2631, S2076, S5696, S5334, S3649, S6096, S6105, S6350, S5144, S5146, S5147, S5883, S5131, S6287
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: js security sensor: Time spent was 00:00:00.000
INFO: js security sensor: Begin: 2024-09-28T12:23:11.095764756Z, End: 2024-09-28T12:23:11.096653277Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.095947883Z, End: 2024-09-28T12:23:11.096360364Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-09-28T12:23:11.095991244Z, End: 2024-09-28T12:23:11.096148725Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-09-28T12:23:11.096222024Z, End: 2024-09-28T12:23:11.096288728Z, Duration: 00:00:00.000
INFO: js security sensor peak memory: 763 MB
INFO: Sensor JsSecuritySensor [security] (done) | time=2ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: SCM Publisher is disabled
INFO: CPD Executor 413 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 2485 files
INFO: CPD Executor CPD calculation finished (done) | time=682ms
INFO: Analysis report generated in 449ms, dir size=8 MB
INFO: Analysis report compressed in 5194ms, zip size=6 MB
INFO: Analysis report uploaded in 2343ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=*************&branch=*************
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=**********************
INFO: Sensor cache published successfully
INFO: Analysis total time: 2:00.850 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:04.452s
INFO: Final Memory: 17M/80M
INFO: ------------------------------------------------------------------------
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.110
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.538
INFO: Run SCC (Tarjan) on 54600 nodes: Starting
INFO: Run SCC (Tarjan) on 54600 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 54146 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.213
INFO: Variable Type Analysis #1: Time spent was 00:00:00.811
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.372
INFO: Run SCC (Tarjan) on 53565 nodes: Starting
INFO: Run SCC (Tarjan) on 53565 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 53178 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.224
INFO: Variable Type Analysis #2: Time spent was 00:00:00.656
INFO: Create runtime call graph: Time spent was 00:00:01.962
INFO: Load config: Starting
INFO: Load config: Time spent was 00:00:00.180
INFO: Compute entry points: Starting
INFO: Compute entry points: Time spent was 00:00:01.906
INFO: All rules entry points : 45
INFO: Slice call graph: Starting
INFO: Retained UCFGs : 1107
INFO: Slice call graph: Time spent was 00:00:00.016
INFO: Live variable analysis: Starting
INFO: Live variable analysis: Time spent was 00:00:00.109
INFO: Taint analysis for php: Starting
INFO: 0 / 1107 UCFGs simulated, memory usage: 566 MB
INFO: 211 / 1107 UCFGs simulated, memory usage: 602 MB
INFO: Taint analysis for php: Time spent was 00:00:00.352
INFO: Report issues: Starting
INFO: Report issues: Time spent was 00:00:00.007
INFO: Store cache: Starting
INFO: Store cache: Time spent was 00:00:00.022
INFO: php security sensor: Time spent was 00:00:07.871
INFO: php security sensor: Begin: 2024-09-28T12:23:03.221365357Z, End: 2024-09-28T12:23:11.092394705Z, Duration: 00:00:07.871
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.221527710Z, End: 2024-09-28T12:23:06.529545549Z, Duration: 00:00:03.308
    Load type hierarchy: Begin: 2024-09-28T12:23:03.221558095Z, End: 2024-09-28T12:23:03.547655197Z, Duration: 00:00:00.326
    Load UCFGs: Begin: 2024-09-28T12:23:03.547909242Z, End: 2024-09-28T12:23:06.529267878Z, Duration: 00:00:02.981
  Check cache: Begin: 2024-09-28T12:23:06.529740237Z, End: 2024-09-28T12:23:06.530367391Z, Duration: 00:00:00.000
    Load cache: Begin: 2024-09-28T12:23:06.529800591Z, End: 2024-09-28T12:23:06.529877887Z, Duration: 00:00:00.000
  Create runtime call graph: Begin: 2024-09-28T12:23:06.530504574Z, End: 2024-09-28T12:23:08.493009172Z, Duration: 00:00:01.962
    Create declared type propagation graph: Begin: 2024-09-28T12:23:06.535446193Z, End: 2024-09-28T12:23:06.824966390Z, Duration: 00:00:00.289
    Run SCC (Tarjan) on 42284 nodes: Begin: 2024-09-28T12:23:06.828478883Z, End: 2024-09-28T12:23:06.899906937Z, Duration: 00:00:00.071
    Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:06.900403916Z, End: 2024-09-28T12:23:07.010933428Z, Duration: 00:00:00.110
    Variable Type Analysis #1: Begin: 2024-09-28T12:23:07.013301578Z, End: 2024-09-28T12:23:07.825267875Z, Duration: 00:00:00.811
      Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.013647829Z, End: 2024-09-28T12:23:07.552000811Z, Duration: 00:00:00.538
      Run SCC (Tarjan) on 54600 nodes: Begin: 2024-09-28T12:23:07.552249542Z, End: 2024-09-28T12:23:07.611739107Z, Duration: 00:00:00.059
      Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:07.611942373Z, End: 2024-09-28T12:23:07.825068508Z, Duration: 00:00:00.213
    Variable Type Analysis #2: Begin: 2024-09-28T12:23:07.825806527Z, End: 2024-09-28T12:23:08.482370893Z, Duration: 00:00:00.656
      Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.825892317Z, End: 2024-09-28T12:23:08.198098806Z, Duration: 00:00:00.372
      Run SCC (Tarjan) on 53565 nodes: Begin: 2024-09-28T12:23:08.198360211Z, End: 2024-09-28T12:23:08.257628056Z, Duration: 00:00:00.059
      Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:08.257850324Z, End: 2024-09-28T12:23:08.482143751Z, Duration: 00:00:00.224
  Load config: Begin: 2024-09-28T12:23:08.493223977Z, End: 2024-09-28T12:23:08.673397972Z, Duration: 00:00:00.180
  Compute entry points: Begin: 2024-09-28T12:23:08.674405616Z, End: 2024-09-28T12:23:10.581273701Z, Duration: 00:00:01.906
  Slice call graph: Begin: 2024-09-28T12:23:10.581471077Z, End: 2024-09-28T12:23:10.597786193Z, Duration: 00:00:00.016
  Live variable analysis: Begin: 2024-09-28T12:23:10.597954169Z, End: 2024-09-28T12:23:10.707840645Z, Duration: 00:00:00.109
  Taint analysis for php: Begin: 2024-09-28T12:23:10.708148961Z, End: 2024-09-28T12:23:11.060951902Z, Duration: 00:00:00.352
  Report issues: Begin: 2024-09-28T12:23:11.061070284Z, End: 2024-09-28T12:23:11.068542423Z, Duration: 00:00:00.007
  Store cache: Begin: 2024-09-28T12:23:11.068680339Z, End: 2024-09-28T12:23:11.091166686Z, Duration: 00:00:00.022
INFO: php security sensor peak memory: 763 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=7872ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Time spent was 00:00:00.001
INFO: python security sensor: Begin: 2024-09-28T12:23:11.093958543Z, End: 2024-09-28T12:23:11.095044172Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.094269841Z, End: 2024-09-28T12:23:11.094733260Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-09-28T12:23:11.094322851Z, End: 2024-09-28T12:23:11.094525346Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-09-28T12:23:11.094598281Z, End: 2024-09-28T12:23:11.094642172Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 763 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S2083, S2631, S2076, S5696, S5334, S3649, S6096, S6105, S6350, S5144, S5146, S5147, S5883, S5131, S6287
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: js security sensor: Time spent was 00:00:00.000
INFO: js security sensor: Begin: 2024-09-28T12:23:11.095764756Z, End: 2024-09-28T12:23:11.096653277Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.095947883Z, End: 2024-09-28T12:23:11.096360364Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-09-28T12:23:11.095991244Z, End: 2024-09-28T12:23:11.096148725Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-09-28T12:23:11.096222024Z, End: 2024-09-28T12:23:11.096288728Z, Duration: 00:00:00.000
INFO: js security sensor peak memory: 763 MB
INFO: Sensor JsSecuritySensor [security] (done) | time=2ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: SCM Publisher is disabled
INFO: CPD Executor 413 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 2485 files
INFO: CPD Executor CPD calculation finished (done) | time=682ms
INFO: Analysis report generated in 449ms, dir size=8 MB
INFO: Analysis report compressed in 5194ms, zip size=6 MB
INFO: Analysis report uploaded in 2343ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=**************************&branch=*************
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=*************
INFO: Sensor cache published successfully
INFO: Analysis total time: 2:00.850 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:04.452s
INFO: Final Memory: 17M/80M
INFO: ------------------------------------------------------------------------
✔ SonarCloud analysis was successful.

Hey there.

Say you add a cat /opt/atlassian/pipelines/agent/build/src/coverage.xmlto your build – does it actually show coverage as expected?

It does, and I can download the file. Here’s a sample of it:

<?xml version="1.0" encoding="UTF-8"?>
<coverage generated="1727793367">
  <project timestamp="1727793367">

 ...
<file name="/var/www/html/app/Academic/Actions/ListAllSchools.php">
      <class name="App\Academic\Actions\ListAllSchools" namespace="global">
        <metrics complexity="1" methods="1" coveredmethods="0" conditionals="0" coveredconditionals="0" statements="29" coveredstatements="22" elements="30" coveredelements="22"/>
      </class>
      <line num="16" type="method" name="handle" visibility="public" complexity="1" crap="1.01" count="1"/>
      <line num="18" type="stmt" count="1"/>
      <line num="19" type="stmt" count="1"/>
      <line num="20" type="stmt" count="1"/>
      <line num="21" type="stmt" count="1"/>
      <line num="22" type="stmt" count="1"/>
      <line num="23" type="stmt" count="1"/>
      <line num="24" type="stmt" count="1"/>
      <line num="25" type="stmt" count="1"/>
      <line num="26" type="stmt" count="1"/>
      <line num="27" type="stmt" count="1"/>
      <line num="28" type="stmt" count="1"/>
      <line num="29" type="stmt" count="1"/>
      <line num="30" type="stmt" count="1"/>
      <line num="31" type="stmt" count="1"/>
      <line num="32" type="stmt" count="1"/>
      <line num="33" type="stmt" count="1"/>
      <line num="34" type="stmt" count="1"/>
      <line num="35" type="stmt" count="1"/>
      <line num="36" type="stmt" count="0"/>
      <line num="38" type="stmt" count="0"/>
      <line num="39" type="stmt" count="0"/>
      <line num="41" type="stmt" count="0"/>
      <line num="42" type="stmt" count="0"/>
      <line num="43" type="stmt" count="0"/>
      <line num="44" type="stmt" count="0"/>
      <line num="45" type="stmt" count="1"/>
      <line num="46" type="stmt" count="1"/>
      <line num="47" type="stmt" count="1"/>
      <line num="48" type="stmt" count="1"/>
      <metrics loc="51" ncloc="51" classes="1" methods="1" coveredmethods="0" conditionals="0" coveredconditionals="0" statements="29" coveredstatements="22" elements="30" coveredelements="22"/>
    </file>
...

I have corrected the path by adding: sed 's|\(<file name="\)[^"]*/app/|\1./app/|' clover.xml > coverage.xml

So now this path: /var/www/html/app/Academic/Actions/Classes/CreateNewClass.php = ./app/Academic/Actions/Classes/CreateNewClass.php

Still no dice.

Nvm… you might be onto something here. That sample was generated locally. When I generate the code coverage report in the pipeline count="0" for all lines.

1 Like