As the title describes. We are hosting our code on GitHub and and are using GitHub actions.
Previously, it used to take less than 10 minutes to complete the step. I know there is a similar thread here, but I was not sure if I should reply to it or create a new one.
When I enable verbose logging, I see that it gets stuck on the first file and takes a long time to analyze it.
I can provide the full logs in a DM if required.
Hey @OZoneGuy,
Thank you for contacting us. I’ll reach out to you in a DM for full logs.
Hello Sonarcloud team, we are also experiencing this problem in one of our GitHub repositories. It takes around 4.5 hours to scan 481 files, but most of the time is spent in the first files.
We had previously disabled that Jasmin security scanner and it had been working good, but it seems like it enabled itself again and this time I can’t find the configuration to disable it in the SonarCloud platform.
What can we do in this case?
Hello @walteramadorv, let’s investigate together how to proceed.
Could I ask you to run the analysis again, with the debug mode, and the sonar.jasmin.internal.enable.stacktracing property set to true? This will generate lengthy logs, but it will definitely help to understand better what is happening.
I will reach out to you privately if you are willing to share these logs.
In the meantime, a common situation is that the analysis does not precisely filter out libraries or minified modules. Could you double check what is included in your analysis, and eventually remove what is superfluous?
Thanks,
Quentin
Same happens to us, do you know what may be happenning with that sensor?
I disabled it via sonar.jasmin.internal.js.ts.disabled=true and the scan literally last like 2 minutes (without that it hangs for like +1hour and crash with java heap, even with huge amounts like 8 or 12GB)
I use sonarcloud with github actions using SonarSource/sonarqube-scan-action@v7.2.0
Any help is really appreciated
Hello @abarone
We recently deployed improvements with respect to this sensor stability, if you are using SonarQube Cloud, it should be transparently available.
May I ask you to try again today?
If there is still some performances issues, can you create a new thread, providing a bit more information about what kind of project you are analyzing?
Thanks,
Quentin
