SonarQube Advanced Security: Hitting limits for legacy repository

• which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
  • Enterprise Edition v2025.6.1 (117629) ACTIVE + Advanced Security Enabled
• how is SonarQube deployed: zip, Docker, Helm
  • Zip
• what are you trying to achieve
  • We are trying run sonar analysis along with sca scan enabled.
• what have you tried so far to achieve this
  • run sonar sca analysis on big legacy repository.

We are facing Http Error code 413 issue on Sonar SCA for couple of legacy big repository .

Repository contains more than 500 modules, lot of dependencies including backend and frontend. As this is legacy project we can not refactor it.

We are facing below issue once every scan is run.

2026.05.07 16:26:40 ERROR ce[ca158b20-164d-4f9f-a2ba-7f965f438d5b][com.sonar.sca.$.H] Error 413 (not retriable). Check that the SonarQube instance can reach 'https://api.sonarcloud.io/sca/dependency-service/v1/parse-dependency-files’.\nResponse 413 message ‘’ body ‘Archive limit exceeded: Archive contains too many entries (limit: 1250)’

Please fine the attached log file.

sonar-sca-error.txt (3.7 KB)

The error message is correct: there is a limit on the number of files processed in an individual analysis.

Check the scanner log file to see what it’s including; you may need to set sonar.sca.exclusions or sonar.exclusions properly.

Also if you pass sonar.scanner.keepReport=true, and look at the dependency-files.tar.xz in the work directory you can see how many files are in it. There are adjustments we can make to the limit, but we cannot accept an unbounded set of files.