I’m stuck at Running symbolic analysis for ‘JS’, How to skip/bypass/disable this step ?
My Sonarqube version is 9.9.3.79811
Hi,
Did you let this run through to completion? And if so how long did it take, and can you share the size of your codebase?
Thx,
Ann
Hi Ann,
I’ll answer the question below.
Did you let this run through to completion? And if so how long did it take.
Ans: No, It was a never ending run, I let the pipeline run over the night (around 12hrs++) and it’s still running when I woke up.
size of your codebase
Ans: Size of code is around 80 mb
Pond
After adjust some setting and enable debug mode I’ve found the new message below.
The log show “Large history size while concatenating flows.” with never-ending loop but the pipeline didn’t terminate.
Hi Pond,
Could you post the full analysis log (in text format)?
Thx,
Ann
Hi Ann,
For security reason I’m delete some record that contain our confidential info. The full logs are in attach.
log.txt (3.4 MB)
Pond
Hi,
Thanks for the log. I’ve referred this to the experts.
Ann
Hello Chanon,
Thank you for the information you’ve provided so far.
From the logs alone, it is very hard for us to investigate and understand the root cause of such a performance issue.
Would you be willing to share privately with us the content of the .scannerwork/ucfg2/js
folder? It contains an intermediate representation of the JS files, on which the security analyzer is running. That would be very helpful, as with this, we would be able to reproduce the issue on our side.
In the meantime, as a temporary workaround, you could disable the following rules from your JavaScript profile: S2076, S2083, S2631, S3649, S5131, S5144, S5146, S5147, S5334, S5696, S5883, S6096, S6105, S6287, S6350. This would make the scanner skip the taint analysis for JS rule.
Thanks.
-Christophe
js.zip (17.7 MB)
Hello Christophe,
If only the workspace .scannerwork/ucfg2/js is ok, I’m just attach it for you to investigate.
Pond
Hello Channon,
Thanks a lot for sharing this with us, it will be a great help to look into the root cause issue of this performance problem.
I’ve created a ticket on our side: we will investigate and get back to you as soon as we can.
In the meantime, is the temporary workaround I suggested working for you?
Thanks again!
Best,
-Christophe
Hello Christophe,
Thank for your assist and help. About the workaround, our team didn’t want to skip the rule cause it’s the critical application for our company.
Pond
A post was split to a new topic: Slow JS analysis for large project
Hello,
For transparency, I’ve moved the recent message that was posted in this thread into a separate thread, in case the root cause is different and needs separate and specific discussions/investigations.
To answer the question that was asked in the post and might be of interest here:
Any insight gained in the ticket you’ve created in august ?
Yes: we have some team members working on it at the moment, and we’re hoping to have a fix ready soon.
Best,
-Christophe
Hello @Chanon_Jitrapitugoon ,
As shared by @czurn , we recently tackled some performance issues we were facing with the analysis of Angular applications. I am happy to report that this effort has been completed successfully. I expect that you should see (substantially) faster analysis times in the next version of SonarQube Server.
Thank you a lot for highlighting this problem, as well as sharing valuable information that was crucial in helping to resolve this issue. It is much appreciated!
Cheers,
Malte
Hi Malte,
Thank for your help, So which version of sonarqube enterprise that can solve slow scan issue ?
Pond
Hey Chanon,
This is going to be part of the next SonarQube Server release. I do not think that there is an official ETA for the release yet, but, usually, a new release comes every ~2 months or so.
You can subscribe to our blog so that you know immediately when the new release is out!