Disply duplication percentage, number of bugs, vulnerabilities, etc.
I am trying to integrate SonarQube into a Jenkins job - this jenkins job is triggered each time a new change in my multi-module Java/Maven project is pushed.
Currently, only the code coverage is working, as well as the code smells. While it seems to show total number of duplicated lines, the percentage still shows as 0.0%.
You have a multi-module project with only 311 lines, total (lines, not lines of code)? I find this a strangely low line count, even if we’re talking about a new, greenfields project.
Are you running the build before analysis?
Can you provide your pipeline and the full analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
Yes, at the moment the project is quite small - only 4 Java classes atm, each with about 30 lines (total). Then there would be 4 test classes (written in Spock).
Quality Gate - this runs something else that takes about 2 minutes to run (this is coming from some internal library so I’m not full sure on that command/steps it would run)
Some final stages
Please find the log from the Sonar Analysis stage (mvn sonar:sonar) below. There is no real logs from the Quality Gate stage. Let me know if you need any more info.
Sonar Analysis log
[Pipeline] sh
+ mvn sonar:sonar -Dsonar.projectKey=<sonar_project_key> -Dsonar.login=****** -Dsonar.host.url=<sonar_host_url> -Dsonar.branch.name=master -Dsonar.branch.target=master
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Picked up JAVA_TOOL_OPTIONS: -Dmaven.ext.class.path="<jenkins-workspace>/<job_name>/<maven-project-submodule>@tmp/withMaven7b89d786/pipeline-maven-spy.jar" -Dorg.jenkinsci.plugins.pipeline.maven.reportsFolder="<jenkins_workspace>/<sonar_project_key>_precommit/<maven-project-submodule>@tmp/withMaven7b89d786"
[INFO] [jenkins-event-spy] Generate <jenkins-workspace>/<job_name>/<maven-project-submodule>@tmp/withMaven7b89d786/maven-spy-20240816-170654-8911519193722503287027.log.tmp ...
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for <maven_project_group_id>:<maven-project-submodule>:jar:1.0-SNAPSHOT
[WARNING] 'build.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.codehaus.gmavenplus:gmavenplus-plugin @ <maven_project_group_id>:<maven-project-submodule>:[unknown-version], <jenkins-workspace>/<job_name>/<maven-project-submodule>/pom.xml, line 154, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] ------< <maven_project_group_id>:<maven-project-submodule> >-------
[INFO] Building <maven_project_artifact_id> 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.8.0.2131:sonar (default-cli) @ <maven-project-submodule> ---
[INFO] User cache: /home/<jenkins_username>/.sonar/cache
[INFO] SonarQube version: 9.9.4.87374
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=158ms
[INFO] Server id: CC3BF1A8-AWsJIc11vWW8knz70Xuv
[INFO] User cache: /home/<jenkins_username>/.sonar/cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=50ms
[INFO] Load/download plugins (done) | time=266ms
[INFO] Loaded core extensions: developer-scanner
[INFO] Process project properties
[INFO] Process project properties (done) | time=9ms
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=2ms
[INFO] Project key: <sonar_project_key>
[INFO] Base dir: <jenkins-workspace>/<job_name>/<maven-project-submodule>
[INFO] Working dir: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar
[INFO] Load project settings for component key: '<sonar_project_key>'
[INFO] Load project settings for component key: '<sonar_project_key>' (done) | time=28ms
[INFO] Load project branches
[INFO] Load project branches (done) | time=21ms
[INFO] Load branch configuration
[WARNING] Parameter 'sonar.branch.target' is no longer supported. See the Branch Analysis documentation for more information on current branch setup.
[INFO] Found manual configuration of branch/PR analysis. Skipping automatic configuration.
[INFO] Load branch configuration (done) | time=3ms
[INFO] Auto-configuring with CI 'Jenkins'
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=82ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=1700ms
[INFO] Load analysis cache
[INFO] Load analysis cache | time=18ms
[INFO] Branch name: master
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=25ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] Excluded tests: **/<maven-project-submodule>/src/test/groovy/<maven_project_group_id>/TestBaseSpec.groovy
[INFO] 10 files indexed
[INFO] 0 files ignored because of inclusion/exclusion patterns
[INFO] 0 files ignored because of scm ignore settings
[INFO] Quality profile for grvy: Sonar way
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module <maven_project_artifact_id>
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=16ms
[INFO] Sensor JavaSensor [java]
[INFO] Configured Java source version (sonar.java.source): 8
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=8ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Server-side caching is enabled. The Java analyzer will not try to leverage data from a previous analysis.
[INFO] Using ECJ batch to parse 4 Main java source files with batch size 500 KB.
[INFO] Starting batch processing.
[INFO] The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.
[INFO] 100% analyzed
[INFO] Batch processing: Done.
[INFO] Did not optimize analysis for any files, performed a full analysis for all 4 files.
[INFO] No "Test" source files to scan.
[INFO] No "Generated" source files to scan.
[INFO] Sensor JavaSensor [java] (done) | time=1671ms
[INFO] Sensor PmdSensor [pmd]
[INFO] Sensor PmdSensor [pmd] (done) | time=1ms
[INFO] Sensor C# Project Type Information [csharp]
[INFO] Sensor C# Project Type Information [csharp] (done) | time=0ms
[INFO] Sensor C# Analysis Log [csharp]
[INFO] Sensor C# Analysis Log [csharp] (done) | time=12ms
[INFO] Sensor C# Properties [csharp]
[INFO] Sensor C# Properties [csharp] (done) | time=0ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [<jenkins-workspace>/<job_name>/<maven-project-submodule>/target/surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=63ms
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=2ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source file to be analyzed
[INFO] 1/1 source file has been analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=162ms
[INFO] Sensor TextAndSecretsSensor [text]
[INFO] 10 source files to be analyzed
[INFO] 10/10 source files have been analyzed
[INFO] Sensor TextAndSecretsSensor [text] (done) | time=33ms
[INFO] Sensor CheckstyleSensor [checkstyle]
[INFO] Checkstyle output report: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/checkstyle-result.xml
[INFO] Checkstyle configuration: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/checkstyle.xml
[INFO] Checkstyle charset: UTF-8
[INFO] Sensor CheckstyleSensor [checkstyle] (done) | time=390ms
[INFO] Sensor VB.NET Project Type Information [vbnet]
[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
[INFO] Sensor VB.NET Analysis Log [vbnet]
[INFO] Sensor VB.NET Analysis Log [vbnet] (done) | time=13ms
[INFO] Sensor VB.NET Properties [vbnet]
[INFO] Sensor VB.NET Properties [vbnet] (done) | time=0ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[INFO] Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=27ms
[INFO] Sensor CSS Rules [javascript]
[INFO] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
[INFO] Sensor CSS Rules [javascript] (done) | time=1ms
[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend]
[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
[INFO] Sensor FindBugs Sensor [findbugs]
[INFO] Findbugs plugin version: 4.2.8
[INFO] Sensor FindBugs Sensor [findbugs] (done) | time=1ms
[INFO] Sensor GroovySensor [groovy]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/home/<jenkins_username>/.sonar/cache/152d41171495dc0b3f4c572a7d3631e3/sonar-groovy-plugin.jar_unzip/META-INF/lib/groovy-2.4.21.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] No matching files found for FileSet with basedir [<jenkins-workspace>/<job_name>/<maven-project-submodule>]
[INFO] GMetrics completed: 161ms
[INFO] Sensor GroovySensor [groovy] (done) | time=445ms
[INFO] Sensor CodeNarc [groovy]
[INFO] Executing CodeNarc
[INFO] Loaded properties file in 21ms; 385 rules
[INFO] Loading ruleset from [file:<jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/codenarc/profile.xml]
[INFO] RuleSet configuration properties file [codenarc.properties] not found.
CodeNarc completed: (p1=0; p2=0; p3=0) 324ms
[INFO] Sensor CodeNarc [groovy] (done) | time=353ms
[INFO] Sensor GroovySurefireSensor [groovy]
[INFO] parsing [<jenkins-workspace>/<job_name>/<maven-project-submodule>/target/surefire-reports]
[INFO] Sensor GroovySurefireSensor [groovy] (done) | time=37ms
[INFO] Sensor Groovy CoberturaSensor [groovy]
[INFO] No Cobertura report provided (see 'sonar.groovy.cobertura.reportPath' property)
[INFO] Sensor Groovy CoberturaSensor [groovy] (done) | time=0ms
[INFO] Sensor Groovy JaCoCo Coverage [groovy]
[INFO] Sensor Groovy JaCoCo Coverage [groovy] (done) | time=1ms
[INFO] Sensor IaC Docker Sensor [iac]
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Sensor IaC Docker Sensor [iac] (done) | time=52ms
[INFO] Sensor Serverless configuration file sensor [security]
[INFO] 0 Serverless function entries were found in the project
[INFO] 0 Serverless function handlers were kept as entrypoints
[INFO] Sensor Serverless configuration file sensor [security] (done) | time=4ms
[INFO] Sensor AWS SAM template file sensor [security]
[INFO] Sensor AWS SAM template file sensor [security] (done) | time=1ms
[INFO] Sensor AWS SAM Inline template file sensor [security]
[INFO] Sensor AWS SAM Inline template file sensor [security] (done) | time=0ms
[INFO] Sensor javabugs [dbd]
[INFO] Reading IR files from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ir/java
[INFO] Analyzing 11 functions to detect bugs.
[INFO] Sensor javabugs [dbd] (done) | time=174ms
[INFO] Sensor pythonbugs [dbd]
[INFO] Reading IR files from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ir/python
[INFO] No IR files have been included for analysis.
[INFO] Sensor pythonbugs [dbd] (done) | time=3ms
[INFO] Sensor JavaSecuritySensor [security]
[INFO] Reading type hierarchy from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ucfg2/java
[INFO] Read 34 type definitions
[INFO] Reading UCFGs from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ucfg2/java
[INFO] 17:07:06.695589 Building Runtime Type propagation graph
[INFO] 17:07:06.701437 Running Tarjan on 41 nodes
[INFO] 17:07:06.704167 Tarjan found 41 components
[INFO] 17:07:06.705727 Variable type analysis: done
[INFO] 17:07:06.706217 Building Runtime Type propagation graph
[INFO] 17:07:06.707248 Running Tarjan on 41 nodes
[INFO] 17:07:06.70751 Tarjan found 41 components
[INFO] 17:07:06.707742 Variable type analysis: done
[INFO] Analyzing 8 ucfgs to detect vulnerabilities.
[INFO] All rules entrypoints : 0
[INFO] Retained UCFGs : 0
[INFO] Taint analysis starting. Entrypoints: 0
[INFO] Taint analysis: done.
[INFO] Sensor JavaSecuritySensor [security] (done) | time=1247ms
[INFO] Sensor CSharpSecuritySensor [security]
[INFO] Reading type hierarchy from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/ucfg_cs2
[INFO] Read 0 type definitions
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor CSharpSecuritySensor [security] (done) | time=1ms
[INFO] Sensor PhpSecuritySensor [security]
[INFO] Reading type hierarchy from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ucfg2/php
[INFO] Read 0 type definitions
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor PhpSecuritySensor [security] (done) | time=0ms
[INFO] Sensor PythonSecuritySensor [security]
[INFO] Reading type hierarchy from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ucfg2/python
[INFO] Read 0 type definitions
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor PythonSecuritySensor [security] (done) | time=0ms
[INFO] Sensor JsSecuritySensor [security]
[INFO] Reading type hierarchy from: <jenkins-workspace>/<job_name>/<maven-project-submodule>/target/sonar/ucfg2/js
[INFO] Read 0 type definitions
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor JsSecuritySensor [security] (done) | time=1ms
[INFO] ------------- Run sensors on project
[INFO] Sensor Analysis Warnings import [csharp]
[INFO] Sensor Analysis Warnings import [csharp] (done) | time=1ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=1ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=23ms
[INFO] SCM Publisher SCM provider for this project is: git
[INFO] SCM Publisher 1 source file to be analyzed
[INFO] SCM Publisher 1/1 source file have been analyzed (done) | time=82ms
[INFO] CPD Executor Calculating CPD for 4 files
[INFO] CPD Executor CPD calculation finished (done) | time=8ms
[INFO] Load New Code definition
[INFO] Load New Code definition (done) | time=12ms
[INFO] Analysis report generated in 108ms, dir size=339.7 kB
[INFO] Analysis report compressed in 83ms, zip size=80.2 kB
[INFO] Analysis report uploaded in 33ms
[INFO] ANALYSIS SUCCESSFUL, you can find the results at: <sonar_host_url>/dashboard?id=<sonar_project>&branch=master
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at <sonar_host_url>/api/ce/task?id=AZFbumZbzrzpIIL0tuwq
[INFO] Analysis total time: 10.579 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 14.112 s
[INFO] Finished at: 2024-08-16T17:07:08+02:00
[INFO] ------------------------------------------------------------------------
[INFO] [jenkins-event-spy] Generated <jenkins-workspace>/<job_name>/<maven-project-submodule>@tmp/withMaven7b89d786/maven-spy-20240816-170654-8911519193722503287027.log
[Pipeline] }
[withMaven] Jenkins FindBugs Plugin not found, don't display org.codehaus.mojo:findbugs-maven-plugin:findbugs results in pipeline screen.
[withMaven] jgivenPublisher - Jenkins JGiven Plugin not found, do not archive jgiven reports.
[withMaven] Jenkins Task Scanner Plugin not found, don't display results of source code scanning for 'TODO' and 'FIXME' in pipeline screen.
[withMaven] Publishers:
And… going back to your OP, your question (from the title) is why do you only see values for coverage and Code Smells.
I’m going to go out on a limb here and say it’s because it actually is a tiny, greenfields project and you haven’t introduced any Bugs or Vulnerabilities yet.
For duplications, this is likely a UI rounding error. If you click through on the 0.0% for Duplications, you should see a list of files with duplicated blocks. What shows up there? How many non-zero files are there and how many lines? What does the math put the duplication percent at?
Thanks for the screenshot of your duplication. It cracks the case.
As you’ll see, there’s a minimum number of tokens & lines before duplication is counted. Your 2-line method is too short to be counted as a duplication.
