SonarQube Analysis: Investigation into Missing Line Counts in Mule 4, YAML Files

SonarQube Server / Community Build
1

We’ve run two SonarQube scans(version EE 10.5), one analyzing Mule 4 flows and the other analyzing YAML configurations. In both cases, the ‘Code’ tab within SonarQube does not display the number of lines of code. We’ve verified that the scans complete without errors. Is this the normal behavior for YAML and XML files? If line counts should be visible, what configurations or plugin settings should we examine to ensure they are correctly reported? Additionally, should the sonar.text.inclusions.activate property be enabled when scanning text files like YAML or XML?

Here are two example scan screenshots:

Mule:

image
image1869×505 29.3 KB

Yaml:

image
image1864×703 35.1 KB

Regards

2

Hi,

This is the typical display for non-code files, such as tests. E.G.

Selection_2231
Selection_22311486×434 27.9 KB

However, YAML and XML are generally not considered “non-code”.

Can you share your analysis configuration and analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Thx,
Ann

4

Hi Hann, I’m attaching the logs of the analysis done on Mulesoft
log-scan-mulesoft-build-32123-9 1.txt (3.9 MB)

Thx,
Giovanni

5

Hi Giovanni,

Thanks for the log. Nothing obvious is jumping out at me from it. However, there are a few interesting things:

2025-02-21T10:59:10.3508166Z [command]/opt/maven/apache-maven-3.9.6/bin/mvn -f /agent/_work/1/s/hera-exp-consultazione/pom.xml -s /agent/_work/_temp/settings.xml -DskipTests=true -Dsonar.sources=/agent/_work/1/s/hera-exp-consultazione/src/ -X sonar:sonar

You’re artificially constraining analysis to what looks like a small subset of the project code. Why?

2025-02-21T11:00:07.9708609Z [INFO] 11:00:07.970 Found manual configuration of branch/PR analysis. Skipping automatic configuration.

This is going to constrain analysis to only what was changed in the PR. However, we also have this:

2025-02-21T11:00:11.9878604Z [DEBUG] 11:00:11.987 loading config FileBasedConfig[/home/AzDevOps/.config/jgit/config]
2025-02-21T11:00:12.0084349Z [DEBUG] 11:00:12.007 readpipe [/usr/bin/git, --version],/usr/bin
2025-02-21T11:00:12.0481879Z [DEBUG] 11:00:12.045 readpipe may return 'git version 2.34.1'
2025-02-21T11:00:12.0495041Z [DEBUG] 11:00:12.046 remaining output:
2025-02-21T11:00:12.0495649Z 
2025-02-21T11:00:12.0496596Z [DEBUG] 11:00:12.046 readpipe [/usr/bin/git, config, --system, --show-origin, --list, -z],/usr/bin
2025-02-21T11:00:12.0642669Z [DEBUG] 11:00:12.063 readpipe may return 'null'
2025-02-21T11:00:12.0643165Z [DEBUG] 11:00:12.063 remaining output:
2025-02-21T11:00:12.0643346Z 
2025-02-21T11:00:12.1052313Z [DEBUG] 11:00:12.101 readpipe rc=128
2025-02-21T11:00:12.1053160Z [DEBUG] 11:00:12.104 Exception caught during execution of command '[/usr/bin/git, config, --system, --show-origin, --list, -z]' in '/usr/bin', return code '128', error message 'fatal: unable to read config file '/etc/gitconfig': No such file or directory
2025-02-21T11:00:12.1054183Z '

So Git errors-out trying to figure out which files should be part of the analysis scope.

When you click into the files in your screenshots, what do you see? And is anything marked as “new”? Since this is a PR analysis, and analysis couldn’t determine what was in the PR (that’s based on SCM metadata) it may well be that your dashes simply mean that no LOC were found for the PR analysis.

Altho why the files show up at all in that context is a good question. But basically, analysis is fundamentally broken at this point, so I kinda think all bets are off.

Can you sort these things out and try again?

 
Ann