Hi @KoenRD,
Thanks a lot for the logs and sorry for delayed response. Unfortunately, only now I had time to take a look.
Some notes:
- 28k lines of code should not be an issue. The analysis should be a lot faster even on larger projects. As an example analyzing sonar-dotnet which is 73k lines of code, takes under 2 min.
- at the first glance the problem seems to appear while analyzing the “MvcTestWebsite” project but I cannot narrow down further.
Would it be possible to do another run, this time with the -p:reportanalyzer=true property set when doing the build, and send the binary log file to us?
Something like:
dotnet build -p:reportanalyzer=true -v:diag
or
MsBuild.exe /t:Rebuild /p:reportanalyzer=true /v:d
This will enable verbose logging and will also log the CPU time used by the analyzers.
If you are sure that the DoNotHardcodeCredentials rule is the problem, you can disable it as a workaround until we manage to pinpoint and fix the problem. We have here a guide that explain how you can do this: The Sonar guide for investigating the performance of .NET analysis
Thank you,
Costin