SonarQube analysis is taking too much time to scan a .Net based project

I am using the following versions -

  1. SonarQube - Version 7.9.1 Enterprise Edition
  2. SonarScanner for MSBuild : 4.6.0 & 5.0.4
  3. Jenkins version 2.235.5

The problem is Sonar scanner is taking too much time in a particular step while executing the analysis. That step is (highlighted in bold)-

15:29:46 INFO: rule: S2083, entrypoints: 188
15:32:08 INFO: Visited 933 ucfgs in 136785 ms, 496462 steps
15:32:08 INFO: rule: S2083 done

Could you please help me to debug why that particular rule is taking that much time ?

Hi @ravindrakmr,

S2083 is a security rule that performs intensive cross procedural taint value propagation analysis. While we’re continuously working on improving performance of your analyzer, analyzing flow of your 933 methods in almost half a million steps is time consuming.

Underlaying reason for this rule is probably that you have a lot of IO operations in your project that are reachable from controller actions.

Thanks Pavel. Do you have any suggestions to improve this ? Actually I have excluded everything but it is still taking that much time for rule S2083.

Exclusions will not change the time, unfortunately. Issue flow is computed first and then exclusions are used to not-report excluded files.

The only way would be to disable the rule in your quality profile. But you would not get it’s results like that.