Specific rule taking an awesome lot of time


We’re running SQ version 8.9.8
I’m running a scan which turns out to take approx. 30 minutes. Diving deeper into the logging, it turns out one specific rule is taking approx 28 minutes of analysis time: SonarAnalyzer.Rules.CSharp.DoNotHardcodeCredentials (S2068)

2 Questions:

  • Any idea why this specific rule is using so much time.
  • Is there a way to exclude the rules via the project file (as a workarround), until I get a solution for this issue. I don’t want to change the ruleset, as other projects don’t have the same issues


Welcome to the community!

When I see a report about a rule in a non-latest version, the first thing I do is check the analyzer tickets to see if we’ve worked on the rule since the user’s version. While we’ve done some work on the rule, nothing related to performance jumps out at me, so I’m going to flag this for the developers.

You could set a rule/file exclusion but I don’t believe that keeps the rule from being run, just from being reported on the files in question.

You really would need to either exclude the files in question from analysis entirely (so yes, another type of exclusion could work) or disable the rules in the profile.

Perhaps a second Quality Profile that was assigned only to the project in question?


1 Like

Hi Ann,

thanks for the feedback. I’ll see what I can do with that second Quality Profile


1 Like

Hi @KoenRD, thanks for your feedback.

It is unexpected for DoNotHardcodeCredentials to take that long.

  • Is it anything in particular special with the code, structure wise? e.g. lots of types, arrays or identifiers?
  • Are there lots of strings or very large ones?
  • Would it be possible to create a reproducer for us?
  • Would it be possible to export a binary build log?

Thanks again,

Hi Costin

I’m only the messenger here.
I’ll pass your questions to our developer, and request for feedback.


Hi Costin,
tnx for your time. The C# solution includes 7 wcf/lib projects with 28.000 lines of code, it is really hard to understand if the problems depends from strings or number of types.
In numerical terms what do you mean by “lots”?
However, I will try to provide the binary build log as soon as possible


1 Like

Hi Costin,

Apologies for the delay. I’ll share the binary log.

SQRule.zip (869.2 KB)