Sonarscan is very Slow for COBOL source

Sushil_Chauhan · August 2, 2020, 6:38am

SonarQube Server: 7.9.1
Scanner Version: 3.2.0.1227
Plugin: Cobol

Command:1
java -Djava.awt.headless=true -Xmx2760M -classpath .jar -Dscanner.home= ** -Dproject.home = ** -Dsonar.ws.timeout=960 -Dsonar.projectkey=**** -Dsonar.source=. -Dsonar.cobol.file.suffix=.CBL -Dsonar.lanaguage=cobol -Dsonar.host.url=https******* -Dsonar.login=*******

I have around 15k COBOL source to be scan, considering the number of source, I have split the source 5k*3 and trying to scan 5k programs. When i executed above command to scan, scan failed with below error

INFO: Calculating CPD for 5000 Files
INFO: 0/5000 - current file: ABCDE.CBL
INFO: 0/5000 - current file: ABCDE.CBL
INFO: 0/5000 - current file: ABCDE.CBL
INFO: 0/5000 - current file: ABCDE.CBL
INFO: 0/5000 - current file: ABCDE.CBL
INFO:
INFO:--------------------------------
INFO: EXECUTION FAILURE
INFO:--------------------------------
INFO: Total Time: 47:44:66s
INFO: FINAL MEMORY: 17/2760M
INFO:--------------------------------
ERROR: Error During SonarQube Scanner Execution
Error: Fail during the detection of duplication of ABCDE.CBL
ERROR: Caused by: java.lang.OutOfMemoeryError: GC overhead limit exceeded
ERROR: Caused by: GC overhead limit exceeded

So i incased the heap size and skiping package design and executing below command which is now running for more than 24 hours.

Command-2:
java -Djava.awt.headless=true -Xmx8192m -classpath .jar -Dscanner.home= ** -Dproject.homr = ** -Dsonar.skipPackageDesign=true -Dsonar.skipDesign=true -Dsonar.ws.timeout=960 -Dsonar.projectkey=**** -Dsonar.source=. -Dsonar.cobol.file.suffix=.CBL -Dsonar.lanaguage=cobol -Dsonar.host.url=https******* -Dsonar.login=*******

Please advice if anything is wrong in the command, also is there any way to scan all 15k COBOL programs.

Colin · August 3, 2020, 9:13am

Hey there!

It looks like you’re executing the scanner in a really weird way… any particular reason you’re calling {{java}} directly and not the {{sonar-scanner}} executable? While it might work, it’s really not supported.

It appears your analysis is timing out at duplication detection (copy/paste detection or CPD). Can you try disabling it entirely to see if it allows the scan to succeed in a reasonable amount of time? You can do this by adding the following analysis parameter.

-D sonar.cpd.exclusions=**/*

FYI, these analysis parameters have no effect, you might want to remove them.

-Dsonar.source=. (If you need this for some reason, it should be sonar.sources, but the default value is effectively . anyways.)
-Dsonar.lanaguage=cobol

Sushil_Chauhan · August 5, 2020, 12:51pm

Hi Colin,
I executed the scan through the sonar scanner, i had pasted above command from process command and hence it looks like i am executing directly from java.

Adding the cpd exclusion parameter worked. Scan completed in just 2 hours.

Thanks a lot for your your quick turn around.