We’re running SQ version 8.9.8
I’m running a scan which turns out to take approx. 30 minutes. Diving deeper into the logging, it turns out one specific rule is taking approx 28 minutes of analysis time: SonarAnalyzer.Rules.CSharp.DoNotHardcodeCredentials (S2068)
2 Questions:
Any idea why this specific rule is using so much time.
Is there a way to exclude the rules via the project file (as a workarround), until I get a solution for this issue. I don’t want to change the ruleset, as other projects don’t have the same issues
When I see a report about a rule in a non-latest version, the first thing I do is check the analyzer tickets to see if we’ve worked on the rule since the user’s version. While we’ve done some work on the rule, nothing related to performance jumps out at me, so I’m going to flag this for the developers.
You could set a rule/file exclusion but I don’t believe that keeps the rule from being run, just from being reported on the files in question.
You really would need to either exclude the files in question from analysis entirely (so yes, another type of exclusion could work) or disable the rules in the profile.
Perhaps a second Quality Profile that was assigned only to the project in question?
Hi Costin,
tnx for your time. The C# solution includes 7 wcf/lib projects with 28.000 lines of code, it is really hard to understand if the problems depends from strings or number of types.
In numerical terms what do you mean by “lots”?
However, I will try to provide the binary build log as soon as possible