The security analyzer runs faster than ever on SonarCloud 🚀

Hello SonarCloud users,

The SAST engine for Java, C#, PHP, Python, JavaScript and TypeScript you are using every day received a major update to run faster than ever. Even if the SonarCloud SAST engine is one of the fastest on the market, we thought you would appreciate if we could run it even faster to get your results quickly so you can spend more time fixing vulnerabilities.

We are happy to report that using our benchmarks, we measured an average of 50% increase in performance. In other words, the security analyzer is twice faster than before

This is only averages. The exact improvement depends on the size of the project. Generally it can be said that the larger the project is, the bigger the performance improvement will be.
For very small projects (say, projects which took only a minute or two to analyze), you may see no difference. For larger projects (which took more than 10 minutes), you will probably see a much more noticeable performance improvement. For example, js-emoji is a project whose analysis took 6 minutes before. Now, the analysis time is down to 1 minute. That’s a 90% performance increase!

This is available now on SonarCloud and will be included in SonarQube 9.1.

Alex

Thank you very much! We can confirm that in our largest CI pipeline our Sonar stage went from 16m average to 9m average.

A post was split to a new topic: On what task is the performance targeted

A post was split to a new topic: Do I need to change anything in Azure Pipeline to get the perf enhancement delivered in SonarCloud?