SonarQube analysis results show zero results for Mulesoft execution (java based project)

SonarQube Server / Community Build
1

Issue: SonarQube analysis results show zero results
Versions: SonarQube Version 6.7.6 (build 38781), Scanner version: sonar-scanner-3.2.0.1227
Problem statement: We are trying to setup sonar qube analysis for Mulesoft (java based project). The analysis runs successfully but SonarQube analysis dashboard says “0 Bugs, 0 vulnerabilities” and the log says “Calculating CPD for 0 files”.
Steps so far:
We have set up the sonar qube analysis and build in Jenkins for this java based project. The verbose logs of the analysis are as below

Started by user <testuser>
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on Jenkins in e:\Jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar
[Pipeline] {
[Pipeline] stage
[Pipeline] { (SCM : SVN Checkout)
[Pipeline] checkout
Switching from https://vsvn.test.com/svn/PROGRAMP/MuleSoft/branches/R1Mulesoft1.0.0.0/s-apiforwatchlistvalidation to https://vsvn.test.com/svn/PROGRAMP/MuleSoft/branches/R1Mulesoft1.0.0.0
Cleaning up e:\Jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\.
Deleting e:\Jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\.scannerwork
Switching to https://vsvn.test.com/svn/PROGRAMP/MuleSoft/branches/R1Mulesoft1.0.0.0 at revision '2019-05-16T02:45:44.730 -0400' --quiet
Using sole credentials JENKINS_SVCACCOUNT/****** (service account Jenkins_SVCAccount  to access SVN and respective environment for deployment) in realm ‘<https://vsvn.test.com:443> VisualSVN Server’
At revision 8321

[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build & Run SonarQube Analysis)
[Pipeline] withSonarQubeEnv
Injecting SonarQube environment variables using the configuration: SonarQubeServer
[Pipeline] {
[Pipeline] bat
[mule_sonar] Running batch script

e:\Jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar>cd e:\Jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar//s_apiforsalesforcetest   && mvn clean install sonar:sonar -D sonar.projectKey=Mule-s_apiforsalesforcetest -D sonar.projectName=Mule-s_apiforsalesforcetest -D sonar.sources=. -Dsonar.verbose=true 
[INFO] Scanning for projects...
[WARNING] The POM for org.apache.maven.plugins:maven-site-plugin:jar:3.6.1 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Failed to retrieve plugin descriptor for org.apache.maven.plugins:maven-site-plugin:3.6.1: Plugin org.apache.maven.plugins:maven-site-plugin:3.6.1 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-site-plugin:jar:3.6.1
Downloading from :<nexus_url>
Downloading from : :<nexus_url>

Progress (1): 7.6/20 kB
Progress (1): 16/20 kB 
Progress (1): 16/20 kB
Progress (1): 16/20 kB
Progress (1): 20 kB   
                   
Downloaded from : :<nexus_url>
 (20 kB at 3.1 kB/s)
Progress (1): 7.6/14 kB
Progress (1): 8.2/14 kB
Progress (1): 14 kB    
                   
Downloaded from : :<nexus_url>
 (14 kB at 2.1 kB/s)
Downloading from : :<nexus_url>

Progress (1): 1.2 kB
                    
Downloaded from : :<nexus_url>
 (1.2 kB at 795 B/s)
[INFO] 
[INFO] --------------< com.test.Programp:S-APIForSalesforceTest >---------------
[INFO] Building S-APIForSalesforceTest 1.0.0-SNAPSHOT
[INFO] --------------------------[ mule-application ]--------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean-1) @ S-APIForSalesforceTest ---
[INFO] Deleting e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\target
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:clean (default-clean) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:validate (default-validate) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:initialize (default-initialize) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:generate-sources (default-generate-sources) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:process-sources (default-process-sources) @ S-APIForSalesforceTest ---
[INFO] About to fetch required dependencies for artifact: com.test.Programp:S-APIForSalesforceTest:pom:1.0.0-SNAPSHOT. This may take a while...
[INFO] About to fetch required dependencies for artifact: org.mule.connectors:mule-sockets-connector:pom:1.1.2. This may take a while...
[INFO] About to fetch required dependencies for artifact: com.mulesoft.connectors:mule-salesforce-connector:pom:9.4.0. This may take a while...
[INFO] About to fetch required dependencies for artifact: org.mule.connectors:mule-objectstore-connector:pom:1.0.0. This may take a while...
[INFO] 
[INFO] --- maven-resources-plugin:3.0.2:resources (default-resources) @ S-APIForSalesforceTest ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:process-resources (default-process-resources) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- maven-compiler-plugin:3.6.1:compile (default-compile) @ S-APIForSalesforceTest ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:compile (default-compile) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:process-classes (default-process-classes) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:generate-test-sources (default-generate-test-sources) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- maven-resources-plugin:3.0.2:testResources (default-testResources) @ S-APIForSalesforceTest ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:generate-test-resources (default-generate-test-resources) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- maven-compiler-plugin:3.6.1:testCompile (default-testCompile) @ S-APIForSalesforceTest ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:test-compile (default-test-compile) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ S-APIForSalesforceTest ---
[INFO] 
[INFO] --- mule-maven-plugin:3.1.6:package (default-package) @ S-APIForSalesforceTest ---
[INFO] Building zip: e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\target\S-APIForSalesforceTest-1.0.0-SNAPSHOT-mule-application.jar
[INFO] 
[INFO] --- maven-install-plugin:2.5.2:install (default-install) @ S-APIForSalesforceTest ---
[INFO] No primary artifact to install, installing attached artifacts instead.
[INFO] Installing e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\pom.xml to E:\.m2\repository\com\test\Programp\S-APIForSalesforceTest\1.0.0-SNAPSHOT\S-APIForSalesforceTest-1.0.0-SNAPSHOT.pom
[INFO] Installing e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\target\S-APIForSalesforceTest-1.0.0-SNAPSHOT-mule-application.jar to E:\.m2\repository\com\test\Programp\S-APIForSalesforceTest\1.0.0-SNAPSHOT\S-APIForSalesforceTest-1.0.0-SNAPSHOT-mule-application.jar
[INFO] 
[INFO] --------------< com.test.Programp:S-APIForSalesforceTest >---------------
[INFO] Building S-APIForSalesforceTest 1.0.0-SNAPSHOT
[INFO] --------------------------[ mule-application ]--------------------------
[WARNING] The POM for org.apache.maven.plugins:maven-site-plugin:jar:3.6.1 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[WARNING] Failed to retrieve plugin descriptor for org.apache.maven.plugins:maven-site-plugin:3.6.1: Plugin org.apache.maven.plugins:maven-site-plugin:3.6.1 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-site-plugin:jar:3.6.1
[INFO] 
[INFO] --- sonar-maven-plugin:3.6.0.1398:sonar (default-cli) @ S-APIForSalesforceTest ---
[INFO] User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
[INFO] SonarQube version: 6.7.6
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] Publish mode
[INFO] Load global settings
[INFO] Load global settings (done) | time=361ms
[INFO] Server id: <serveridmasked>
[INFO] User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=107ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=5ms
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=444ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=347ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=1946ms
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=92ms
[INFO] Project key: Mule-s_apiforsalesforcetest
[INFO] -------------  Scan Mule-s_apiforsalesforcetest
[INFO] Load server rules
[INFO] Load server rules (done) | time=250ms
[INFO] Base dir: E:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest
[INFO] Working dir: e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\target\sonar
[INFO] Source paths: .
[INFO] Test paths: src/test/java
[INFO] Source encoding: UTF-8, default locale: en_US
[INFO] Index files
[INFO] Excluded sources: 
[INFO]   **/*.xml
[INFO]   *SL_*
[INFO]   *_Test*
[INFO]   *cnx_ prefix*
[INFO] 186 files indexed
[INFO] 13 files ignored because of inclusion/exclusion patterns
[INFO] Sensor SonarJavaXmlFileSensor [java]
[INFO] Sensor SonarJavaXmlFileSensor [java] (done) | time=1ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=60ms
[INFO] Sensor CPD Block Indexer
[INFO] Sensor CPD Block Indexer (done) | time=1ms
[INFO] Sensor Apex CPD [codescan]
[INFO] Sensor Apex CPD [codescan] (done) | time=11ms
[INFO] Sensor VisualForce/Lightning CPD [codescan]
[INFO] Sensor VisualForce/Lightning CPD [codescan] (done) | time=1ms
[INFO] SCM Publisher is disabled
[INFO] Calculating CPD for 0 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 267ms, dir size=54 KB
[INFO] Analysis reports compressed in 15ms, zip size=13 KB
[INFO] Analysis report generated in e:\jenkins\workspace\PROGRAM-PIPELINE-TEST_REVIEW\PROGRAM-MuleSoft-POCs\mule_sonar\s_apiforsalesforcetest\target\sonar\scanner-report
[INFO] Analysis report uploaded in 122ms
[INFO] ANALYSIS SUCCESSFUL, you can browse https://sonarqube.test.com/dashboard/index/Mule-s_apiforsalesforcetest
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at https://sonarqube.test.com/api/ce/task?id=AWq_ay_PGn5AdWaqyREk
[INFO] Task total time: 7.198 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 31.120 s
[INFO] Finished at: 2019-05-16T02:53:54-04:00
[INFO] ------------------------------------------------------------------------
2

Hi,

It looks like what you run inside your withSonarQubeEnv step is a batch script. It would be helpful to share the contents of that.

 
Ann

3

Hi Ann,
Thanks for your response. The batch command is as below

bat “cd ${WORKSPACE}//s_apiforsalesforcetest && mvn clean install sonar:sonar -D sonar.projectKey=Mule-s_apiforsalesforcetest -D sonar.projectName=Mule-s_apiforsalesforcetest -D sonar.sources=. -Dsonar.verbose=true”

4

Hi,

Thanks for sharing the contents of your bat. They look normal enough (altho there’s not usually a space after -D but based on your logs it doesn’t seem to be an issue here). I’d like to clarify the problem now.

Your title says “Mulesoft execution” and your post talks about having 0 values for measures. To be clear, by “execution” you mean (successful) execution of analysis?

And have you shared the full analysis logs?

You mention that your analysis logs included “Calculating CPD for 0 files”. What do yo see on your project dashboard? At the top-left you should have numbers for lines of code per language.

 
Ann

5

Hi Ann,

Thanks for the response. Yes, I meant the execution of analysis. Unable to upload the full log but the rest of the steps are related to the code build output.

The dashboard shows 0 bugs, 0 vulnerabilities. Under the code tab, it shows just the project name with zero lines.

I did one more thing. I opened the project in Eclipse, installed SonarLint and ran the analysis it says 0 issues there as well for at least 10 different Mulesoft projects. I am suspecting that Mulesoft as a product doesn’t have more than the bunch of XML files.

It looks Mulesoft is yet to add the support.
https://forums.mulesoft.com/questions/78325/munit-coverage-on-sonarqube-jacoco.html

Regards, Abdul

6

Hi Abdul,

Thanks for the link to the post about MuleSoft coverage. To be clear, your MuleSoft project is written in standard Java? And if so, can you share your analysis logs? Because it seems that analysis is either not finding your source code or not recognizing it as an analyzable language.

 
Ann

7

Hi Ann - Apologies for the late response. It is written in Java but most of the features are configuration driven in XML. Only the custom components will have Java libraries and in my case the developers haven’t created any custom libraries yet. So, literally there was no java code to be scanned hence the results are zero all the time.

Thanks for all your support though.

Regards, Abdul