Hi,
I have a number of project repo’s that we scan using the SonarScan pipe. But we have one slightly larger (but not huge) repo that is constantly failing for us.
The repo itself contains a React based app and a number of associated components.
The pipeline just seems to stop in most cases, but others we get a weird EOF error that seems completely out of place.
I’ve gradually increased both the Docker and Java memory, but there’s only so far you can go with this. Sometimes the scan runs fine but mostly it fails.
I don’t believe we are doing anything out of the ordinary as all our other repo’s scan fine completing the pipeline.
Here’s the last few lines of the latest failing pipeline but I don’t believe its of any use:
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Enabled taint analysis rules: S3649, S2631, S5131, S6105, S5147, S5883, S5334, S5696, S2083, S6287, S5146, S2076, S5144, S6096, S6350
INFO: Load type hierarchy and UCFGs: Starting
INFO: Load type hierarchy: Starting
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Load type hierarchy: Time spent was 00:00:00.015
INFO: Load UCFGs: Starting
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
INFO: Load UCFGs: Time spent was 00:00:03.032
INFO: Load type hierarchy and UCFGs: Time spent was 00:00:03.048
INFO: Analyzing 9987 UCFGs to detect vulnerabilities.
INFO: Check cache: Starting
INFO: Load cache: Starting
INFO: Load cache: Time spent was 00:00:00.000
INFO: Check cache: Time spent was 00:00:00.000
INFO: Create runtime call graph: Starting
INFO: Variable Type Analysis #1: Starting
INFO: Create runtime type propagation graph: Starting
INFO: Create runtime type propagation graph: Time spent was 00:00:00.643
INFO: Run SCC (Tarjan) on 64827 nodes: Starting
INFO: Run SCC (Tarjan) on 64827 nodes: Time spent was 00:00:00.233
INFO: Tarjan found 64814 strongly connected components
INFO: Propagate runtime types to strongly connected components: Starting
INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:12.904
INFO: Variable Type Analysis #1: Time spent was 00:00:14.675
INFO: Variable Type Analysis #2: Starting
INFO: Create runtime type propagation graph: Starting
Anyone else having similar issues? or a solution?