SonarQube with buildroot

Anto · November 13, 2020, 10:09am

Hello,

I have an issue when analyzing a project build with buildroot framework.
The sonar-scanner analysis run but no result are present on the server: “The main branch has no lines of code.”

Sonarqube Version 8.2 (build 32929)
Sonar scanner:
INFO: Scanner configuration file: /home/anto/sonar-scanner-cli-4.2.0.1873-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/anto/dev/msf_dhs_bsp/sonar-project.properties
INFO: SonarQube Scanner 4.2.0.1873
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 5.4.0-52-generic amd64

sonar-project.properties

Blockquote
sonar.projectKey=DHS_APP_2017
sonar.projectName=Build
sonar.projectVersion=1.0
Blockquote

I compile the full project with buildroot, then I launch the sonar-scanner command:
sonar-scanner -Dsonar.projectKey=msf_dhs_bsp -Dsonar.sources=buildroot/output/build -Dsonar.host.url=http://XXX.XXX.XXX.XXX:8080

buildroot/output/build directory contains our proprietary source code and required library.

Details provided by the server:
{“task”:{“id”:“AXXBDkKnUAxIJNN5FDwK”,“type”:“REPORT”,“componentId”:“AXFRA_LS9xmsd_xWchkw”,“componentKey”:“msf_dhs_bsp”,“componentName”:“Build”,“componentQualifier”:“TRK”,“analysisId”:“AXXBDkYA-NdxDMNSOa7z”,“status”:“SUCCESS”,“submittedAt”:“2020-11-13T11:02:18+0100”,“startedAt”:“2020-11-13T11:02:19+0100”,“executedAt”:“2020-11-13T11:02:20+0100”,“executionTimeMs”:1764,“logs”:false,“hasScannerContext”:true,“organization”:“default-organization”,“warningCount”:0,“warnings”:}}

Another question is how to tell sonar-scanner to check only our proprietary source code.

Thanks in advance

Anto · November 13, 2020, 10:51am

Below the result of the sonar-scanner execution:

sonar-scanner -Dsonar.projectKey=msf_dhs_bsp -Dsonar.sources=buildroot/output/build -Dsonar.host.url=http://10.138.129.14:8080
INFO: Scanner configuration file: /home/anto/sonar-scanner-cli-4.2.0.1873-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/anto/dev/msf_dhs_bsp/sonar-project.properties
INFO: SonarQube Scanner 4.2.0.1873
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 5.4.0-52-generic amd64
INFO: User cache: /home/anto/.sonar/cache
INFO: SonarQube server 8.2.0
INFO: Default locale: “en_US”, source code encoding: “UTF-8” (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=89ms
INFO: Server id: 48A8E9DF-AXE7uOYl9xmsd_xWceO5
INFO: User cache: /home/anto/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=74ms
INFO: Load/download plugins (done) | time=3056ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=6ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: msf_dhs_bsp
INFO: Base dir: /home/anto/dev/msf_dhs_bsp
INFO: Working dir: /home/anto/dev/msf_dhs_bsp/.scannerwork
INFO: Load project settings for component key: ‘msf_dhs_bsp’
INFO: Load project settings for component key: ‘msf_dhs_bsp’ (done) | time=53ms
INFO: Load project branches
INFO: Load project branches (done) | time=28ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=29ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=1ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=57ms
INFO: Load active rules
INFO: Load active rules (done) | time=1596ms
INFO: Indexing files…
INFO: Project configuration:
WARN: Not indexing due to symlink loop: /home/anto/dev/msf_dhs_bsp/buildroot/output/build/host-acl-2.2.53/include/sys
WARN: Not indexing due to symlink loop: /home/anto/dev/msf_dhs_bsp/buildroot/output/build/host-acl-2.2.53/include/acl
WARN: Not indexing due to symlink loop: /home/anto/dev/msf_dhs_bsp/buildroot/output/build/host-attr-2.4.48/include/attr
INFO:
INFO: 0 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: ------------- Run sensors on module Build
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=32ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/anto/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte,int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=2ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/anto/dev/msf_dhs_bsp/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/anto/dev/msf_dhs_bsp/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/anto/dev/msf_dhs_bsp/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=1ms
INFO: CPD Executor Calculating CPD for 0 files
INFO: CPD Executor CPD calculation finished (done) | time=0ms
INFO: Analysis report generated in 99ms, dir size=133 KB
INFO: Analysis report compressed in 11ms, zip size=17 KB
INFO: Analysis report uploaded in 54ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://10.138.129.14:8080/dashboard?id=msf_dhs_bsp
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://XXX.XXX.XXX.XXX:8080/api/ce/task?id=AXXBDkKnUAxIJNN5FDwK
INFO: Analysis total time: 20.793 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 24.847s
INFO: Final Memory: 22M/80M
INFO: ------------------------------------------------------------------------

Anto · November 16, 2020, 4:32pm

The solution was: “sonar.scm.exclusions.disabled=true”
Source code is copied by buildroot in its build directory with objects and this directory was present in .gitignore.
Easy to detect if I knew the debug option of sonar-scanner before…

system · November 23, 2020, 4:32pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.