I can’t figure out why my coverage report says 0% on SonarCloud. Here is all the information I have:
- Bitbucket Cloud for all the things
- Laravel app
- using PCOV to generate code coverage.xml report
- There are no errors being generated. At one point I was getting path errors that couldn’t be found. But that’s because there were files in the coverage.xml report that were being ignored in SonarCloud. I since fixed those and there are no errors but still coverage is 0%.
- If you look in the screenshots below you can see that I have a
tests.xml
artifact. I have removed it from SonarCloud because I’m having the exact same issue and I figured I would tackle them one at a time. The issue is the same though, it seems to pick up the file but it doesn’t read it(?).
phpunit.xml
<coverage>
<report>
<clover outputFile="./coverage.xml"/>
</report>
</coverage>
SonarScanner Context:
SonarCloud plugins:
- JaCoCo 1.3.0.1538 (jacoco)
- License for SonarLint 8.0.0.56801 (license)
- IaC Code Quality and Security 1.36.0.12431 (iac)
- Text Code Quality and Security 2.15.0.3845 (text)
- XML Code Quality and Security 2.10.0.4108 (xml)
Project server settings:
- sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog
- sonar.apex.file.suffixes=.cls,.trigger
- sonar.autoscan.enabled=false
- sonar.azureresourcemanager.file.suffixes=.bicep
- sonar.c.file.suffixes=.c,.h
- sonar.coverage.exclusions=**/vendor/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/*.xml
- sonar.cpd.exclusions=**/Seeders/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/*.xml,**/stubs/**,**/storage/**,**/resources/**,**/public/**,**/database/**
- sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m
- sonar.cs.file.suffixes=.cs,.razor
- sonar.css.file.suffixes=.css,.less,.scss,.sass
- sonar.dart.file.suffixes=.dart
- sonar.docker.file.patterns=Dockerfile,*.dockerfile
- sonar.exclusions=**/Seeders/**,**/tests/**,**/config/**,**/lang/**,**/resources/**,**/vendor/**,**/stubs/**,**/storage/**,**/resources/**,**/public/**,**/database/**,**/*.xml
- sonar.flex.file.suffixes=as
- sonar.go.file.suffixes=.go
- sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig
- sonar.ipynb.file.suffixes=ipynb
- sonar.java.file.suffixes=.java,.jav
- sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/application*.properties,**/src/main/resources/**/application*.yaml,**/src/main/resources/**/application*.yml
- sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue
- sonar.jcl.file.suffixes=.jcl
- sonar.json.file.suffixes=.json
- sonar.jsp.file.suffixes=.jsp,.jspf,.jspx
- sonar.kotlin.file.suffixes=.kt,.kts
- sonar.objc.file.suffixes=.m
- sonar.php.coverage.reportPaths=coverage.xml
- sonar.php.file.suffixes=php,php3,php4,phtml,inc,php5
- sonar.pli.file.suffixes=.pli
- sonar.plsql.file.suffixes=sql,tab,pkb
- sonar.pullrequest.provider=BitbucketCloud
- sonar.python.file.suffixes=py
- sonar.rpg.file.suffixes=.rpg,.rpgle,.sqlrpgle,.RPG,.RPGLE,.SQLRPGLE
- sonar.ruby.file.suffixes=.rb
- sonar.scala.file.suffixes=.scala
- sonar.scm.disabled=true
- sonar.swift.file.suffixes=.swift
- sonar.terraform.file.suffixes=.tf
- sonar.tsql.file.suffixes=.tsql
- sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts
- sonar.vb.file.suffixes=.bas,.frm,.ctl
- sonar.vbnet.file.suffixes=.vb
- sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config
- sonar.yaml.file.suffixes=.yaml,.yml
Project scanner properties:
- sonar.host.url=https://sonarcloud.io
- sonar.organization=*********
- sonar.projectBaseDir=/opt/atlassian/pipelines/agent/build/src
- sonar.projectKey=*********
- sonar.scanner.app=ScannerCLI
- sonar.scanner.appVersion=5.0.1.3006
- sonar.scanner.home=/opt/sonar-scanner
- sonar.scanner.opts=-Xmx3072m
- sonar.sourceEncoding=UTF-8
- sonar.working.directory=/opt/atlassian/pipelines/agent/build/src/.scannerwork
- My artifacts are being generated correctly and I have an image of it but since I’m new I can only post 3 media items. You’ll have to take my word for it.
- You can find the coverage ignore patterns in the log but I’ll also have to remove that image from the SonarCloud dashboard due to the 3 media limit.
Duplication ignore patterns:
Files to ignore patterns:
If I remove **/*.xml
the coverage.xml
file will show up in the SonarCloud code view below.
However, it analyzes the file and that impacts the quality gate. I have tried both ignoring and allowing .xml but it didn’t make a difference.
BitBucket SonarCloud Analysis Log:
Status: Downloaded newer image for sonarsource/sonarcloud-scan:2.0.0
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.8 Amazon.com Inc. (64-bit)
INFO: Linux 5.15.0-1069-aws amd64
INFO: SONAR_SCANNER_OPTS=-Xmx3072m
INFO: Bitbucket Cloud Pipelines detected, no host variable set. Defaulting to sonarcloud.io.
INFO: User cache: /root/.sonar/cache
INFO: Analyzing on SonarQube server 11.3.0.200
INFO: Default locale: "en", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=247ms
INFO: Server id: ****************************
INFO: Loading required plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=161ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=419ms
INFO: Found an active CI vendor: 'Bitbucket Pipelines'
INFO: Detected project key '*************' from 'Bitbucket Cloud Pipelines'
INFO: Detected organization key '*************' from 'Bitbucket Cloud Pipelines'
INFO: Load project settings for component key: '*************'
INFO: Load project settings for component key: '*************' (done) | time=353ms
INFO: Process project properties
INFO: Project key: *************
INFO: Base dir: /opt/atlassian/pipelines/agent/build/src
INFO: Working dir: /opt/atlassian/pipelines/agent/build/src/.scannerwork
INFO: Load project branches
INFO: Load project branches (done) | time=367ms
INFO: Check ALM binding of project '*************'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project '*************' (done) | time=133ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=424ms
INFO: Load branch configuration
INFO: Detected analysis for branch '*******'
INFO: Auto-configuring branch '*******'
INFO: Load branch configuration (done) | time=2ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=649ms
INFO: Load active rules
INFO: Load active rules (done) | time=12221ms
INFO: Organization key: *************
INFO: Branch name: '*******', type: long-lived
INFO: Preprocessing files...
INFO: 2 languages detected in 2912 preprocessed files
INFO: 16326 files ignored because of inclusion/exclusion patterns
INFO: Loading plugins for detected languages
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=212ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=1292ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/build-wrapper-dump.json, **/Seeders/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/stubs/**, **/storage/**, **/resources/**, **/public/**, **/database/**, **/*.xml
INFO: Excluded sources for coverage: **/vendor/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/*.xml
INFO: Excluded sources for duplication: **/Seeders/**, **/tests/**, **/config/**, **/lang/**, **/resources/**, **/vendor/**, **/*.xml, **/stubs/**, **/storage/**, **/resources/**, **/public/**, **/database/**
INFO: 2912 files indexed
INFO: Quality profile for json: Sonar way
INFO: Quality profile for php: SP quality php
INFO: ------------- Run sensors on module *************
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=140ms
INFO: Sensor cache enabled
INFO: Load sensor cache
INFO: Load sensor cache (6 MB) | time=2452ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=974ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=10ms
INFO: Sensor PHPUnit report sensor [php]
INFO: No PHPUnit tests reports provided (see 'sonar.php.tests.reportPath' property)
INFO: Importing /opt/atlassian/pipelines/agent/build/src/coverage.xml
INFO: Sensor PHPUnit report sensor [php] (done) | time=495ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=10ms
INFO: Sensor IaC AzureResourceManager Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC AzureResourceManager Sensor [iac] (done) | time=59ms
INFO: Sensor Java Config Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor Java Config Sensor [iac] (done) | time=24ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=39ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=2ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Available processors: 8
INFO: Using 8 threads for analysis.
INFO: The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
* The filename starts with "test"
* The filename contains "test." or "tests."
* Any directory in the file path is named: "doc", "docs", "test" or "tests"
* Any directory in the file path has a name ending in "test" or "tests"
INFO: Using git CLI to retrieve untracked files
WARN: Analyzing only language associated files, make sure to run the analysis inside a git repository to make use of inclusions specified via "sonar.text.inclusions"
INFO: 2901 source files to be analyzed
INFO: 2901/2901 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=6157ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.002
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.002
INFO: No UCFGs have been included for analysis.
INFO: java security sensor: Time spent was 00:00:00.019
INFO: java security sensor: Begin: 2024-09-28T12:23:03.194267165Z, End: 2024-09-28T12:23:03.213475016Z, Duration: 00:00:00.019
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.200692670Z, End: 2024-09-28T12:23:03.203622198Z, Duration: 00:00:00.002
Load type hierarchy: Begin: 2024-09-28T12:23:03.200796478Z, End: 2024-09-28T12:23:03.203062748Z, Duration: 00:00:00.002
Load UCFGs: Begin: 2024-09-28T12:23:03.203452160Z, End: 2024-09-28T12:23:03.203510736Z, Duration: 00:00:00.000
INFO: java security sensor peak memory: 347 MB
INFO: Sensor JavaSecuritySensor [security] (done) | time=24ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/ucfg2/cs
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.001
INFO: No UCFGs have been included for analysis.
INFO: csharp security sensor: Time spent was 00:00:00.003
INFO: csharp security sensor: Begin: 2024-09-28T12:23:03.217346739Z, End: 2024-09-28T12:23:03.220356657Z, Duration: 00:00:00.003
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.217730145Z, End: 2024-09-28T12:23:03.219508029Z, Duration: 00:00:00.001
Load type hierarchy: Begin: 2024-09-28T12:23:03.217805409Z, End: 2024-09-28T12:23:03.218666720Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-09-28T12:23:03.218849025Z, End: 2024-09-28T12:23:03.219233042Z, Duration: 00:00:00.000
INFO: csharp security sensor peak memory: 347 MB
INFO: Sensor CSharpSecuritySensor [security] (done) | time=3ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/php
INFO: Read 3086 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.326
INFO: Load UCFGs: Starting
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/php
INFO: Load UCFGs: Time spent was 00:00:02.981
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:03.308
INFO: Analyzing 11640 UCFGs to detect vulnerabilities.
INFO: Check cache: Starting
INFO: Load cache: Starting
INFO: Load cache: Time spent was 00:00:00.000
INFO: Check cache: Time spent was 00:00:00.000
INFO: Create runtime call graph: Starting
INFO: Create declared type propagation graph: Starting
INFO: Create declared type propagation graph: Time spent was 00:00:00.289
INFO: Run SCC (Tarjan) on 42284 nodes: Starting
INFO: Run SCC (Tarjan) on 42284 nodes: Time spent was 00:00:00.071
INFO: Tarjan found 41902 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.110
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.538
INFO: Run SCC (Tarjan) on 54600 nodes: Starting
INFO: Run SCC (Tarjan) on 54600 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 54146 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.213
INFO: Variable Type Analysis #1: Time spent was 00:00:00.811
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.372
INFO: Run SCC (Tarjan) on 53565 nodes: Starting
INFO: Create runtime call graph: Time spent was 00:00:01.962
INFO: Load config: Starting
INFO: Load config: Time spent was 00:00:00.180
INFO: Compute entry points: Starting
INFO: Compute entry points: Time spent was 00:00:01.906
INFO: All rules entry points : 45
INFO: Slice call graph: Starting
INFO: Retained UCFGs : 1107
INFO: Slice call graph: Time spent was 00:00:00.016
INFO: Live variable analysis: Starting
INFO: Live variable analysis: Time spent was 00:00:00.109
INFO: Taint analysis for php: Starting
INFO: 0 / 1107 UCFGs simulated, memory usage: 566 MB
INFO: 211 / 1107 UCFGs simulated, memory usage: 602 MB
INFO: Taint analysis for php: Time spent was 00:00:00.352
INFO: Report issues: Starting
INFO: Report issues: Time spent was 00:00:00.007
INFO: Store cache: Starting
INFO: Store cache: Time spent was 00:00:00.022
INFO: php security sensor: Time spent was 00:00:07.871
INFO: php security sensor: Begin: 2024-09-28T12:23:03.221365357Z, End: 2024-09-28T12:23:11.092394705Z, Duration: 00:00:07.871
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.221527710Z, End: 2024-09-28T12:23:06.529545549Z, Duration: 00:00:03.308
Load type hierarchy: Begin: 2024-09-28T12:23:03.221558095Z, End: 2024-09-28T12:23:03.547655197Z, Duration: 00:00:00.326
Load UCFGs: Begin: 2024-09-28T12:23:03.547909242Z, End: 2024-09-28T12:23:06.529267878Z, Duration: 00:00:02.981
Check cache: Begin: 2024-09-28T12:23:06.529740237Z, End: 2024-09-28T12:23:06.530367391Z, Duration: 00:00:00.000
Load cache: Begin: 2024-09-28T12:23:06.529800591Z, End: 2024-09-28T12:23:06.529877887Z, Duration: 00:00:00.000
Create runtime call graph: Begin: 2024-09-28T12:23:06.530504574Z, End: 2024-09-28T12:23:08.493009172Z, Duration: 00:00:01.962
Create declared type propagation graph: Begin: 2024-09-28T12:23:06.535446193Z, End: 2024-09-28T12:23:06.824966390Z, Duration: 00:00:00.289
Run SCC (Tarjan) on 42284 nodes: Begin: 2024-09-28T12:23:06.828478883Z, End: 2024-09-28T12:23:06.899906937Z, Duration: 00:00:00.071
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:06.900403916Z, End: 2024-09-28T12:23:07.010933428Z, Duration: 00:00:00.110
Variable Type Analysis #1: Begin: 2024-09-28T12:23:07.013301578Z, End: 2024-09-28T12:23:07.825267875Z, Duration: 00:00:00.811
Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.013647829Z, End: 2024-09-28T12:23:07.552000811Z, Duration: 00:00:00.538
Run SCC (Tarjan) on 54600 nodes: Begin: 2024-09-28T12:23:07.552249542Z, End: 2024-09-28T12:23:07.611739107Z, Duration: 00:00:00.059
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:07.611942373Z, End: 2024-09-28T12:23:07.825068508Z, Duration: 00:00:00.213
Variable Type Analysis #2: Begin: 2024-09-28T12:23:07.825806527Z, End: 2024-09-28T12:23:08.482370893Z, Duration: 00:00:00.656
Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.825892317Z, End: 2024-09-28T12:23:08.198098806Z, Duration: 00:00:00.372
Run SCC (Tarjan) on 53565 nodes: Begin: 2024-09-28T12:23:08.198360211Z, End: 2024-09-28T12:23:08.257628056Z, Duration: 00:00:00.059
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:08.257850324Z, End: 2024-09-28T12:23:08.482143751Z, Duration: 00:00:00.224
Load config: Begin: 2024-09-28T12:23:08.493223977Z, End: 2024-09-28T12:23:08.673397972Z, Duration: 00:00:00.180
Compute entry points: Begin: 2024-09-28T12:23:08.674405616Z, End: 2024-09-28T12:23:10.581273701Z, Duration: 00:00:01.906
Slice call graph: Begin: 2024-09-28T12:23:10.581471077Z, End: 2024-09-28T12:23:10.597786193Z, Duration: 00:00:00.016
Live variable analysis: Begin: 2024-09-28T12:23:10.597954169Z, End: 2024-09-28T12:23:10.707840645Z, Duration: 00:00:00.109
Taint analysis for php: Begin: 2024-09-28T12:23:10.708148961Z, End: 2024-09-28T12:23:11.060951902Z, Duration: 00:00:00.352
Report issues: Begin: 2024-09-28T12:23:11.061070284Z, End: 2024-09-28T12:23:11.068542423Z, Duration: 00:00:00.007
Store cache: Begin: 2024-09-28T12:23:11.068680339Z, End: 2024-09-28T12:23:11.091166686Z, Duration: 00:00:00.022
INFO: php security sensor peak memory: 763 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=7872ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Time spent was 00:00:00.001
INFO: python security sensor: Begin: 2024-09-28T12:23:11.093958543Z, End: 2024-09-28T12:23:11.095044172Z, Duration: 00:00:00.001
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.094269841Z, End: 2024-09-28T12:23:11.094733260Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-09-28T12:23:11.094322851Z, End: 2024-09-28T12:23:11.094525346Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-09-28T12:23:11.094598281Z, End: 2024-09-28T12:23:11.094642172Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 763 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S2083, S2631, S2076, S5696, S5334, S3649, S6096, S6105, S6350, S5144, S5146, S5147, S5883, S5131, S6287
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: js security sensor: Time spent was 00:00:00.000
INFO: js security sensor: Begin: 2024-09-28T12:23:11.095764756Z, End: 2024-09-28T12:23:11.096653277Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.095947883Z, End: 2024-09-28T12:23:11.096360364Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-09-28T12:23:11.095991244Z, End: 2024-09-28T12:23:11.096148725Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-09-28T12:23:11.096222024Z, End: 2024-09-28T12:23:11.096288728Z, Duration: 00:00:00.000
INFO: js security sensor peak memory: 763 MB
INFO: Sensor JsSecuritySensor [security] (done) | time=2ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: SCM Publisher is disabled
INFO: CPD Executor 413 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 2485 files
INFO: CPD Executor CPD calculation finished (done) | time=682ms
INFO: Analysis report generated in 449ms, dir size=8 MB
INFO: Analysis report compressed in 5194ms, zip size=6 MB
INFO: Analysis report uploaded in 2343ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=*************&branch=*************
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=**********************
INFO: Sensor cache published successfully
INFO: Analysis total time: 2:00.850 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:04.452s
INFO: Final Memory: 17M/80M
INFO: ------------------------------------------------------------------------
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.110
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.538
INFO: Run SCC (Tarjan) on 54600 nodes: Starting
INFO: Run SCC (Tarjan) on 54600 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 54146 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.213
INFO: Variable Type Analysis #1: Time spent was 00:00:00.811
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.372
INFO: Run SCC (Tarjan) on 53565 nodes: Starting
INFO: Run SCC (Tarjan) on 53565 nodes: Time spent was 00:00:00.059
INFO: Tarjan found 53178 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.224
INFO: Variable Type Analysis #2: Time spent was 00:00:00.656
INFO: Create runtime call graph: Time spent was 00:00:01.962
INFO: Load config: Starting
INFO: Load config: Time spent was 00:00:00.180
INFO: Compute entry points: Starting
INFO: Compute entry points: Time spent was 00:00:01.906
INFO: All rules entry points : 45
INFO: Slice call graph: Starting
INFO: Retained UCFGs : 1107
INFO: Slice call graph: Time spent was 00:00:00.016
INFO: Live variable analysis: Starting
INFO: Live variable analysis: Time spent was 00:00:00.109
INFO: Taint analysis for php: Starting
INFO: 0 / 1107 UCFGs simulated, memory usage: 566 MB
INFO: 211 / 1107 UCFGs simulated, memory usage: 602 MB
INFO: Taint analysis for php: Time spent was 00:00:00.352
INFO: Report issues: Starting
INFO: Report issues: Time spent was 00:00:00.007
INFO: Store cache: Starting
INFO: Store cache: Time spent was 00:00:00.022
INFO: php security sensor: Time spent was 00:00:07.871
INFO: php security sensor: Begin: 2024-09-28T12:23:03.221365357Z, End: 2024-09-28T12:23:11.092394705Z, Duration: 00:00:07.871
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:03.221527710Z, End: 2024-09-28T12:23:06.529545549Z, Duration: 00:00:03.308
Load type hierarchy: Begin: 2024-09-28T12:23:03.221558095Z, End: 2024-09-28T12:23:03.547655197Z, Duration: 00:00:00.326
Load UCFGs: Begin: 2024-09-28T12:23:03.547909242Z, End: 2024-09-28T12:23:06.529267878Z, Duration: 00:00:02.981
Check cache: Begin: 2024-09-28T12:23:06.529740237Z, End: 2024-09-28T12:23:06.530367391Z, Duration: 00:00:00.000
Load cache: Begin: 2024-09-28T12:23:06.529800591Z, End: 2024-09-28T12:23:06.529877887Z, Duration: 00:00:00.000
Create runtime call graph: Begin: 2024-09-28T12:23:06.530504574Z, End: 2024-09-28T12:23:08.493009172Z, Duration: 00:00:01.962
Create declared type propagation graph: Begin: 2024-09-28T12:23:06.535446193Z, End: 2024-09-28T12:23:06.824966390Z, Duration: 00:00:00.289
Run SCC (Tarjan) on 42284 nodes: Begin: 2024-09-28T12:23:06.828478883Z, End: 2024-09-28T12:23:06.899906937Z, Duration: 00:00:00.071
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:06.900403916Z, End: 2024-09-28T12:23:07.010933428Z, Duration: 00:00:00.110
Variable Type Analysis #1: Begin: 2024-09-28T12:23:07.013301578Z, End: 2024-09-28T12:23:07.825267875Z, Duration: 00:00:00.811
Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.013647829Z, End: 2024-09-28T12:23:07.552000811Z, Duration: 00:00:00.538
Run SCC (Tarjan) on 54600 nodes: Begin: 2024-09-28T12:23:07.552249542Z, End: 2024-09-28T12:23:07.611739107Z, Duration: 00:00:00.059
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:07.611942373Z, End: 2024-09-28T12:23:07.825068508Z, Duration: 00:00:00.213
Variable Type Analysis #2: Begin: 2024-09-28T12:23:07.825806527Z, End: 2024-09-28T12:23:08.482370893Z, Duration: 00:00:00.656
Create runtime type propagation graph: Begin: 2024-09-28T12:23:07.825892317Z, End: 2024-09-28T12:23:08.198098806Z, Duration: 00:00:00.372
Run SCC (Tarjan) on 53565 nodes: Begin: 2024-09-28T12:23:08.198360211Z, End: 2024-09-28T12:23:08.257628056Z, Duration: 00:00:00.059
Propagate runtime types to strongly connected components: Begin: 2024-09-28T12:23:08.257850324Z, End: 2024-09-28T12:23:08.482143751Z, Duration: 00:00:00.224
Load config: Begin: 2024-09-28T12:23:08.493223977Z, End: 2024-09-28T12:23:08.673397972Z, Duration: 00:00:00.180
Compute entry points: Begin: 2024-09-28T12:23:08.674405616Z, End: 2024-09-28T12:23:10.581273701Z, Duration: 00:00:01.906
Slice call graph: Begin: 2024-09-28T12:23:10.581471077Z, End: 2024-09-28T12:23:10.597786193Z, Duration: 00:00:00.016
Live variable analysis: Begin: 2024-09-28T12:23:10.597954169Z, End: 2024-09-28T12:23:10.707840645Z, Duration: 00:00:00.109
Taint analysis for php: Begin: 2024-09-28T12:23:10.708148961Z, End: 2024-09-28T12:23:11.060951902Z, Duration: 00:00:00.352
Report issues: Begin: 2024-09-28T12:23:11.061070284Z, End: 2024-09-28T12:23:11.068542423Z, Duration: 00:00:00.007
Store cache: Begin: 2024-09-28T12:23:11.068680339Z, End: 2024-09-28T12:23:11.091166686Z, Duration: 00:00:00.022
INFO: php security sensor peak memory: 763 MB
INFO: Sensor PhpSecuritySensor [security] (done) | time=7872ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: python security sensor: Time spent was 00:00:00.001
INFO: python security sensor: Begin: 2024-09-28T12:23:11.093958543Z, End: 2024-09-28T12:23:11.095044172Z, Duration: 00:00:00.001
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.094269841Z, End: 2024-09-28T12:23:11.094733260Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-09-28T12:23:11.094322851Z, End: 2024-09-28T12:23:11.094525346Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-09-28T12:23:11.094598281Z, End: 2024-09-28T12:23:11.094642172Z, Duration: 00:00:00.000
INFO: python security sensor peak memory: 763 MB
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S2083, S2631, S2076, S5696, S5334, S3649, S6096, S6105, S6350, S5144, S5146, S5147, S5883, S5131, S6287
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/src/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.000
INFO: Load UCFGs: Starting
INFO: Load UCFGs: Time spent was 00:00:00.000
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
INFO: No UCFGs have been included for analysis.
INFO: js security sensor: Time spent was 00:00:00.000
INFO: js security sensor: Begin: 2024-09-28T12:23:11.095764756Z, End: 2024-09-28T12:23:11.096653277Z, Duration: 00:00:00.000
Load type hierarchy and UCFGs: Begin: 2024-09-28T12:23:11.095947883Z, End: 2024-09-28T12:23:11.096360364Z, Duration: 00:00:00.000
Load type hierarchy: Begin: 2024-09-28T12:23:11.095991244Z, End: 2024-09-28T12:23:11.096148725Z, Duration: 00:00:00.000
Load UCFGs: Begin: 2024-09-28T12:23:11.096222024Z, End: 2024-09-28T12:23:11.096288728Z, Duration: 00:00:00.000
INFO: js security sensor peak memory: 763 MB
INFO: Sensor JsSecuritySensor [security] (done) | time=2ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=14ms
INFO: SCM Publisher is disabled
INFO: CPD Executor 413 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 2485 files
INFO: CPD Executor CPD calculation finished (done) | time=682ms
INFO: Analysis report generated in 449ms, dir size=8 MB
INFO: Analysis report compressed in 5194ms, zip size=6 MB
INFO: Analysis report uploaded in 2343ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=**************************&branch=*************
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=*************
INFO: Sensor cache published successfully
INFO: Analysis total time: 2:00.850 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:04.452s
INFO: Final Memory: 17M/80M
INFO: ------------------------------------------------------------------------
✔ SonarCloud analysis was successful.