Sonarqube: Coverage-Only scans

SonarQube
, ,
1

Hello team,

We’re currently using Sonarqube Dev Edition. We know this question has been asked in the past but are looking to find a more up to date answer in case things have changed. We are looking to leverage SonarQube for enhanced test coverage analytics. However, we’ve encountered a significant blocker:

Problem Statement

SonarQube currently doesn’t provide an option to disable slow scans, which in some cases take over 4 minutes to complete. This is causing an unacceptable delay in our CI pipelines, especially since our primary interest is in test coverage, which should take only milliseconds to upload.

Based on discussions in the SonarQube forums, it appears that the SonarQube team does not plan to support coverage-only scans, which aligns with our use case:
Disable Sonar analysis for JS/Vue/TS but keep coverage

Two questions:

  1. Has SQ’s stance on coverage only scans changed?
  2. If not, could you please advise on the best way forward or suggest any potential workarounds?

Your guidance on this would be greatly appreciated.Thank you!

2

Hi,

Welcome to the community!

No.

Would you mind sharing the languages and sizes of the code bases in question?

Would you also mind sharing your use case? Generally, a 4 min analysis doesn’t sound so bad to me.

 
Thx,
Ann

3

Our organization performs code analysis independently of Sonar and is primarily focused on aggregating coverage reports. While a 4-minute analysis might seem reasonable, it’s excessive for our needs, given that the analysis doesn’t provide value to us. We’re dealing with codebases consisting of hundreds of thousands of lines of Java code, and our sole concern is with code coverage, not the analysis.

Hope that makes sense. What options do we have here to disable analysis?

4

Hi,

Welcome to the community!

I guess you’re from the same organization as the OP?

If you’re comfortable sharing the details of this, we’d love to know who we’re losing out to & why you find their analysis more useful than ours.

While I understand your appreciation for the beauty and functionality of our UI (:smiley:) SonarQube wasn’t built to just show coverage reports.

We truly feel the biggest value SonarQube offers is in the rules. Have you ever tried us head-to-head against your other tool(s)?

Anyway… If you’re determined to do this

  • Create a Quality Profile for each language with 0 rules and make it the default. The language analyzers will still run, but it should just be milliseconds for each.
  • Set a duplication exclusion - either through the UI or with the sonar.cpd.exclusions parameter to **/*. This will prevent duplication detection from running.

Other things will still happen. You can’t turn off all the metrics as easily as you can duplications. But turning off these two things should speed your “analysis” considerably.

 
HTH,
Ann