SonarQube failed to analyze C++ project,

SonarQube Server / Community Build
,
1
  • which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
    SonarQube Server * Enterprise Edition v2025.1 (102418)
    SonarScanner 5.0.1.3006
  • how is SonarQube deployed: zip, Docker, Helm
    Docker
  • what are you trying to achieve
    I’m try to analyze C++ code using compilation database
  • what have you tried so far to achieve this
    For my testing I build a simple project code cpp use cmake to generate the Compilation file
    but the scanner failed

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
sonarscanner.log (29.2 KB)

5

Hello @SCHEBBI_ALLIANZ ,

From what I see, /usr/bin/c++ is gcc. It is odd probing it times out.
Can you confirm the following command runs on the same machine than the scanner? Do if before the scanner but after the compilation.

time /usr/bin/c++ -x c++ --std gnu++11 -v -dM -E - < /dev/null

How long does it take to run?

And, while on it, is the build running on hardware, container, VM…? Which OS is it?

6

Hey thanks for your reply

I just run the command here the result
|real|0m 0.01s|
|user|0m 0.00s|
|sys|0m 0.00s|

for the build I run it in the same docker image of the scanner to be sure that we have the same environments

What about this message :
eventual compiler license check over network is not taking too much time
Is there any license check need it?

7

That message is intended for compilers that need a license, which isn’t the case.
Sometimes it triggers in macos when Rosetta is involved, but shouldn’t apply either.

Can you share the docker image you are using, so I can try to reproduce?

8

Unfortunately the image is in private repo I cannot shared but I can share the dockerfile for the scanner if it can help

DockerFile.txt (1.0 KB)

and simple cpp project that we try to scan
— src
------- main.cpp

#include

int main() {
std::cout << “Hello, World!” << std::endl;
return 0;
}

—CMakeLists.txt

cmake_minimum_required(VERSION 3.10)
project(MyProject)

set(CMAKE_CXX_STANDARD 11)

add_executable(main src/main.cpp)

And this is the commad used to build it cpp project
- mkdir build
- cd build
- cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
- make

9

It seems to be Alpine Linux based? We don’t support Alpine Linux because we rely on glibc.

I have also found this old thread with the same issue you are facing, so this confirms it is an issue with musl.

I have linked this conversation to the Jira ticket to helps us record the traction musl has.

For the moment being, I can only suggest using a container based on a distribution that uses glibc.

11

Thanks for your help, I have requested a container based on a distribution that uses glibc, meanwhile I’m trying another solution using AutoConfig to analyze my simpte C++ project with code smells.

But I have an issue this time sonarqube doesn’t detect any of the issues in the code(0 Security, 0 Reliability; 0 Maintainability, 0 Security Hotspots)
sonar_scanner.log (9.7 KB)

Do you have any idea why it doesn’t work correctly?

Regards

12

These logs seem to be the same as the one above, it is using compilation database (plus, the URL is the same, so I imagine discuss has de-duplicated the file)

13

sorry it was the wong file here the correct one
sonar_scanner.log (9.7 KB)

14 
INFO: Java 17.0.12 Alpine (64-bit)

Unfortunately it is still Alpine. Part of the analyzer is native and has the same requirement on glibc.

15

Ok AutoConfig ialso need the glibc
Thanks for help