Sonarqube not scanning JavaScript language after upgrade to SonarQube 8.9.9 LTS

jaystan · September 30, 2022, 2:20pm

SonarQube – 8.9.9 LTS
SonarScanner - 4.7.0.2747

I have a project that contains JavaScript and CSS code.

When I run a scan, only the CSS code is scanned, the JS code is not included in analysis.

SQ 7.9.1 LTS was working.

Please advise.

sonar-project.properties file contains the following:

sonar.sources=dist/build/rpmbuild/BUILD/app-2.0.1/src
sonar.branch.name=master

$ find . -name *.js | wc -l
259
$ find . -name *.scss | wc -l
71

**Command:**
$ sonar-scanner -Dsonar.host.url=https://XXXXX.XXXXXX.com -Dproject.settings=/home/jenkins/workspace/XXXXXXXX/sonar-project.properties -Dsonar.scm.disabled=true -Dsonar.projectName=JasonTest -Dsonar.projectVersion=2.0.1 -Dsonar.projectKey=JasonTest - Dsonar.scm.exclusions.disabled=true -Dsonar.projectBaseDir==/home/jenkins/workspace/XXXXXXXX
INFO: Scanner configuration file: /home/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/jenkins/workspace/XXXXXXXX/sonar-project.properties
INFO: SonarScanner 4.7.0.2747
INFO: Java 1.8.0_201 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-1062.18.1.el7.x86_64 amd64
INFO: User cache: /home/scm/.sonar/cache
INFO: Scanner configuration file: /home/jekins/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/jenkins/workspace/XXXXXXXX/sonar-project.properties
INFO: Analyzing on SonarQube server 8.9.9
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
WARN: SonarScanner will require Java 11 to run, starting in SonarQube 9.x
INFO: Load global settings
INFO: Load global settings (done) | time=465ms
INFO: Server id: XXXXXXXX
INFO: User cache: /home/scm/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=188ms
INFO: Load/download plugins (done) | time=366ms
INFO: Loaded core extensions: developer-scanner
INFO: JavaScript/TypeScript frontend is enabled
INFO: Process project properties
INFO: Process project properties (done) | time=10ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: JasonTest
INFO: Base dir: /home/jenkins/workspace/XXXXXXXX
INFO: Working dir: /home/jenkins/workspace/XXXXXXXX/.scannerwork
INFO: Load project settings for component key: 'JasonTest'
INFO: Load project settings for component key: 'JasonTest' (done) | time=295ms
INFO: Load project branches
INFO: Load project branches (done) | time=25ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=22ms
INFO: Load branch configuration
INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
INFO: Load branch configuration (done) | time=7ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=96ms
INFO: Load active rules
INFO: Load active rules (done) | time=2026ms
INFO: Branch name: master
INFO: Indexing files...
INFO: Project configuration:
INFO: Load project repositories
INFO: Load project repositories (done) | time=33ms
INFO: 116 files indexed
INFO: Quality profile for css: Sonar way
INFO: Quality profile for web: Sonar way
INFO: ------------- Run sensors on module JasonTest
INFO: JavaScript/TypeScript frontend is enabled
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=31ms
INFO: Sensor CSS Metrics [cssfamily]
INFO: Sensor CSS Metrics [cssfamily] (done) | time=314ms
INFO: Sensor CSS Rules [cssfamily]
INFO: 73 source files to be analyzed
INFO: 73/73 source files have been analyzed
INFO: Sensor CSS Rules [cssfamily] (done) | time=5479ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=3ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=3ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=10ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=115ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=2ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=4ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=8ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor License Check [licensecheck]
INFO: No license-details.json file found in /home/jenkins/workspace/XXXXXXXX/build/reports/dependency-license/license-details.json - skipping Gradle dependency scan
INFO: Sensor License Check [licensecheck] (done) | time=28ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=8ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XXXXXXXX/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XXXXXXXX/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XXXXXXXX/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=3ms
INFO: SCM Publisher is disabled
INFO: CPD Executor Calculating CPD for 1 file
INFO: CPD Executor CPD calculation finished (done) | time=12ms
INFO: Load New Code definition
INFO: Load New Code definition (done) | time=15ms
INFO: Analysis report generated in 208ms, dir size=440 KB
INFO: Analysis report compressed in 179ms, zip size=153 KB
INFO: Analysis report uploaded in 48ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://XXXXXXXX/dashboard?id=JasonTest&branch=master
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://XXXXXXXX/api/ce/task?id=AYOOuHTC1p7K3t9kRPPg
INFO: Analysis total time: 22.086 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 24.458s
INFO: Final Memory: 30M/836M
INFO: ------------------------------------------------------------------------

Colin · October 3, 2022, 1:08pm

If you turn on DEBUG level logging, (sonar-scanner -X), you should be able to see if the Javascript files are being found at all – and if they are excluded, why.

jaystan · October 3, 2022, 2:42pm

Colin
Thanks, when I ran with DEBUG, it does indicate the .js files are excluded. But how?

I dont have either of those parameters defined in the sonar-project.properties or scanner command.

…/actions.js was excluded by sonar.javascript.exclusions or sonar.typescript.exclusions

$ cat sonar-project.properties
sonar.sources= XXXXXXX/src
sonar.javascript.lcov.reportPaths= XXXXX/coverage/lcov.info
sonar.branch.name=bugfix/XXXXXXXXX

$ sonar-scanner -X -Dsonar.host.url=https://XXXXXX -Dproject.settings=XXXX/sonar-project.properties -Dsonar.scm.disabled=true -Dsonar.projectName=JasonTest -Dsonar.projectVersion=2.0.1 -Dsonar.projectKey=JasonTest -Dsonar.scm.exclusions.disabled=true -Dsonar.projectBaseDir=XXXX

Colin · October 3, 2022, 3:27pm

Hey there.

Sharing the exact file path (and associated log message) would be useful.

jaystan · October 3, 2022, 6:42pm

Colin
Please see attached file for output of debug scan.
sonaqubeissue.txt (167.7 KB)

Colin · October 5, 2022, 8:32am

Hey there.

It looks like all your files belong to a /dist/ directory, which is excluded by default in order to avoid analyzing libraries (which can cause unexpected behavior, if not a complete stall of the scanner).

Can you share more about why you’re scanning the /dist/ directory, which typically contains post-processed code (minified/concatenated)?

jaystan · October 5, 2022, 5:49pm

Hi Colin

Updating the sonar.sources entry fixed this problem. Thanks for the help.

Kamil_Dzieniszewski · November 2, 2022, 4:15pm

what have you used in source.sources?