Very first automatic analysis fails: analysis ID is AY7C18Km3QnKmbxiH96r

The analysis on SonarCloud failed again, despite setting the TypeScript tsconfig.json location to tsconfig.sonar.json…

Last analysis failed Analysis ID "AY7TScKZMRtG-vnjXCYX"

I have run the command below to find the largest sub-folders in my app folder.

du app -h -d 1 | sort -n

I have then included app in the analysis scope while excluding its 2 largest sub-folders. The analysis succeeded this time. This does not address my overall problem but it is at least a more structured investigation strategy.

So let me recap the situation…

• I am configuring the analysis scope via the web UI (Project Administration > General Settings > Analysis Scope) rather than via the file .sonarcloud.properties. It allows me to fine tune the analysis scope without impeding the development team. Moreover, SonarLint takes that configuration into account, whereas it seems to ignore the file .sonarcloud.properties.
• I have created a fake TS config file tsconfig.sonar.json (see content above) and I have referenced it from both SonarLint ("sonar.typescript.tsconfigPaths": "tsconfig.sonar.json") and SonarCloud (Project Administration > General Settings > Languages > JavaScript / TypeScript). Doing this fixed the out-of-memory problem for SonarLint. I am not sure if it had any impact on SonarCloud but it seemed logical to align the two configurations.
• I have allocated more memory to SonarLint ("sonar.javascript.node.maxspace": "8192"). Although it is not required, it had a positive impact on the performance of SonarLint.
• I am still getting Last analysis failed on SonarCloud. In order to troubleshoot that error, I am using the 2 commands below to identify the largest folders and files. I then progressively exclude them from the analysis scope to narrow the problem down to a set of files. This is a very slow and frustrating process.

# list sub-folders sorted by size descending
du -d 1 . | sort -n

# list files sorted by size descending
find . -type f -exec wc -l {} + | sort -n

Here are a few observations:

• Why isn’t it possible to configure sonar.sources and sonar.tests via the web UI? This is very misleading, especially for the tests because the inclusions and the exclusions are ignored as long as there is no file .sonarcloud.properties specifying the property sonar.tests. The reason is that sonar.tests defaults to null I guess.
• If you don’t append folder names with /**/* in the exclusions, they don’t seem to work. This is counter-intuitive, as it is not required for sonar.sources.
• Is there a way to re-trigger the analysis for an open pull request from the web UI, e.g. after fine-tuning some configuration? It looks like, at the moment, the only way is to ask the developer to push a new commit in the pull request, which is pretty annoying.
• There should also be an easy way to re-trigger the analysis for the main branch. The only workaround I found was to go to Project Administration > General Settings > Analysis Method and to turn the automatic analysis off and on.
• The error handling for the SonarCloud analysis is just terrible. As a user, you get no indication on what the error is nor on where it could be located. Your only option is to report the identifier of the error in this forum and to wait for a reply. Also, as a support engineer, you don’t seem to have the necessary information to properly guide the user neither.

We are currently in the 14 days free trial, evaluating whether or not we will pay for the tool. This never-ending troubleshooting process is dragging me away from evaluating the features themselves…

Hi @thomas-jakemeyn

Thank you very much for all this detailed information.
I have shared your feedback internally to improve our product. I can assure you this will be seriously taken into account.

To be able to fully test the product despite this problem, I see 2 options, continuing to exclude/include files within the app directory to identify the file(s) that break the process (with the limitation that those files won’t be analyzed, and I can’t guarantee now that we would support them on automatic analysis in the future depending on the issue), or switching to CI-based analysis to be able to add more memory to your workers.

Again, I’m really sorry for the inconvenience, and I thank you for your dedication in this trial and for your meaningful feedback.

Claire

The automatic analysis is what put SonarCloud on top of our list of alternatives.
Can’t you give me more details about the failure? The folders? The files? The rules?

I have replicated my SonarCloud configuration in a local instance of SonarQube running in a Docker container. My project has been analysed by sonar-scanner in 4 minutes. The memory footprint never exceeded 4Gb. 500k lines of code were analysed and less than 8k issues were reported. It does not seem huge…

Moreover, the more I refine the exclusions, the less I see potential performance killers.

To help spot the difference, here are the scanner logs from one of the failed executions at the beginning of this thread.

The error happens during the execution of JsSecuritySensor, and on your quality profile on SonarCloud those rules are activated:
S6287, S5144, S2083, S5883, S6096, S6105, S6350, S5334, S5131, S5696, S2076, S3649, S2631, S5146, S5147

Is there any difference with the SonarQube quality profile?

Also, which version of SonarQube are you using, and which version of the sonar-security and sonar-security-js-frontend-plugin plugins are you using? (SonarCloud uses 10.5, for the record)

2024-04-10 16:48:08.676,INFO: SonarScanner 5.0.1.3006
2024-04-10 16:48:08.676,INFO: Java 17.0.10 Amazon.com Inc. (64-bit)
2024-04-10 16:48:08.678,INFO: SONAR_SCANNER_OPTS=-XX:+ExitOnOutOfMemoryError -Xmx8g -Duser.language=en -Duser.country=US -Dsonar.javascript.node.maxspace=4096 -Dsonar.sourceEncoding=UTF-8
2024-04-10 16:48:08.865,INFO: User cache: /opt/sonar-scanner/.sonar/cache
2024-04-10 16:48:09.092,INFO: Analyzing on SonarCloud
2024-04-10 16:48:09.092,"INFO: Default locale: ""en_US"", source code encoding: ""UTF-8"""
2024-04-10 16:48:09.379,INFO: Load global settings
2024-04-10 16:48:09.534,INFO: Load global settings (done) | time=156ms
2024-04-10 16:48:09.545,INFO: User cache: /opt/sonar-scanner/.sonar/cache
2024-04-10 16:48:09.550,INFO: Loading required plugins
2024-04-10 16:48:09.550,INFO: Load plugins index
2024-04-10 16:48:09.637,INFO: Load plugins index (done) | time=87ms
2024-04-10 16:48:09.638,INFO: Load/download plugins
2024-04-10 16:48:09.658,INFO: Load/download plugins (done) | time=21ms
2024-04-10 16:48:09.889,INFO: Found an active CI vendor: 'Autoscan'
2024-04-10 16:48:09.900,INFO: Load project settings for component key: '***'
2024-04-10 16:48:09.968,INFO: Load project settings for component key: '***' (done) | time=68ms
2024-04-10 16:48:09.973,INFO: Process project properties
2024-04-10 16:48:09.980,INFO: Project key: ***
2024-04-10 16:48:09.980,INFO: Base dir: /tmp/clone14469518950438931417
2024-04-10 16:48:09.980,INFO: Working dir: /tmp/scanner/14497035242405654590/.scannerwork
2024-04-10 16:48:09.984,INFO: Load project branches
2024-04-10 16:48:10.068,INFO: Load project branches (done) | time=84ms
2024-04-10 16:48:10.071,INFO: Check ALM binding of project '***'
2024-04-10 16:48:10.123,WARN: Failed to check if project '***' is bound
2024-04-10 16:48:10.123,INFO: Detected project binding: ERROR
2024-04-10 16:48:10.123,INFO: Check ALM binding of project '***' (done) | time=52ms
2024-04-10 16:48:10.125,INFO: Load project pull requests
2024-04-10 16:48:10.213,INFO: Load project pull requests (done) | time=88ms
2024-04-10 16:48:10.216,INFO: Load branch configuration
2024-04-10 16:48:10.217,INFO: Load branch configuration (done) | time=1ms
2024-04-10 16:48:10.224,INFO: Load quality profiles
2024-04-10 16:48:10.373,INFO: Load quality profiles (done) | time=148ms
2024-04-10 16:48:10.379,INFO: Load active rules
2024-04-10 16:48:12.727,INFO: Load active rules (done) | time=2348ms
2024-04-10 16:48:12.812,INFO: Organization key: ***
2024-04-10 16:48:12.830,INFO: Preprocessing files...
2024-04-10 16:48:14.987,INFO: 9 languages detected in 5891 preprocessed files
2024-04-10 16:48:14.987,INFO: 28 files ignored because of inclusion/exclusion patterns
2024-04-10 16:48:14.987,INFO: 4 files ignored because of scm ignore settings
2024-04-10 16:48:15.015,INFO: Loading plugins for detected languages
2024-04-10 16:48:15.015,INFO: Load/download plugins
2024-04-10 16:48:15.065,INFO: Load/download plugins (done) | time=50ms
2024-04-10 16:48:15.197,INFO: Load project repositories
2024-04-10 16:48:15.280,INFO: Load project repositories (done) | time=83ms
2024-04-10 16:48:15.284,INFO: Indexing files...
2024-04-10 16:48:15.285,INFO: Project configuration:
2024-04-10 16:48:15.285,"INFO:   Excluded sources: **/build-wrapper-dump.json, **/*.spec.*, **/*.java, **/*.jav, **/*.cs, **/*.vb, **/*.c, **/*.h, **/*.cc, **/*.cpp, **/*.cxx, **/*.c++, **/*.hh, **/*.hpp, **/*.hxx, **/*.h++, **/*.ipp, **/*.tab, **/*.pkb, **/*.m"
2024-04-10 16:48:15.285,"INFO:   Excluded tests: **/*.java, **/*.jav, **/*.cs, **/*.vb, **/*.c, **/*.h, **/*.cc, **/*.cpp, **/*.cxx, **/*.c++, **/*.hh, **/*.hpp, **/*.hxx, **/*.h++, **/*.ipp, **/*.tab, **/*.pkb, **/*.m"
2024-04-10 16:48:15.285,INFO:   Excluded sources for coverage: **/*
2024-04-10 16:48:17.307,INFO: 5871 files indexed
2024-04-10 16:48:17.313,INFO: Quality profile for css: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for docker: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for js: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for json: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for plsql: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for web: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for xml: Sonar way
2024-04-10 16:48:17.313,INFO: Quality profile for yaml: Sonar way
2024-04-10 16:48:17.313,INFO: ------------- Run sensors on module ***
2024-04-10 16:48:17.355,INFO: Load metrics repository
2024-04-10 16:48:17.412,INFO: Load metrics repository (done) | time=57ms
2024-04-10 16:48:17.418,INFO: Sensor cache enabled
2024-04-10 16:48:17.421,INFO: Load sensor cache
2024-04-10 16:48:17.551,INFO: Load sensor cache (404) | time=131ms
2024-04-10 16:48:18.193,INFO: Sensor HTML [web]
2024-04-10 16:48:18.344,INFO: Sensor HTML [web] (done) | time=150ms
2024-04-10 16:48:18.344,INFO: Sensor JaCoCo XML Report Importer [jacoco]
2024-04-10 16:48:18.345,"INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml"
2024-04-10 16:48:18.346,"INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer"
2024-04-10 16:48:18.346,INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
2024-04-10 16:48:18.346,INFO: Sensor IaC CloudFormation Sensor [iac]
2024-04-10 16:48:18.385,INFO: 0 source files to be analyzed
2024-04-10 16:48:18.397,INFO: 0/0 source files have been analyzed
2024-04-10 16:48:18.397,INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=51ms
2024-04-10 16:48:18.397,INFO: Sensor IaC Kubernetes Sensor [iac]
2024-04-10 16:48:18.476,INFO: 0 source files to be analyzed
2024-04-10 16:48:18.482,INFO: 0/0 source files have been analyzed
2024-04-10 16:48:18.482,INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=85ms
2024-04-10 16:48:18.483,INFO: Sensor IaC AzureResourceManager Sensor [iac]
2024-04-10 16:48:18.491,INFO: 0 source files to be analyzed
2024-04-10 16:48:18.558,INFO: 0/0 source files have been analyzed
2024-04-10 16:48:18.558,INFO: Sensor IaC AzureResourceManager Sensor [iac] (done) | time=75ms
2024-04-10 16:48:18.558,INFO: Sensor JavaScript/TypeScript analysis [javascript]
2024-04-10 16:48:19.670,INFO: Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
2024-04-10 16:48:19.680,INFO: Configured Node.js --max-old-space-size=4096.
2024-04-10 16:48:19.680,INFO: Using embedded Node.js runtime
2024-04-10 16:48:19.680,INFO: Using Node.js executable: '/opt/sonar-scanner/.sonar/js/node-runtime/node'.
2024-04-10 16:48:21.429,"INFO: Memory configuration: OS (15720 MB), Node.js (4144 MB)."
2024-04-10 16:48:23.364,INFO: Found 0 tsconfig.json file(s): []
2024-04-10 16:48:23.406,INFO: Creating TypeScript program
2024-04-10 16:48:23.407,INFO: TypeScript configuration file /tmp/tmp-11654-di3m9XFWqItj
2024-04-10 16:48:23.407,INFO: 3273 source files to be analyzed
2024-04-10 16:48:28.024,INFO: Starting analysis with current program
2024-04-10 16:48:33.407,"INFO: 18/3273 files analyzed, current file: app/forward_engineering/helpers/idsHelper.js"
2024-04-10 16:48:43.408,"INFO: 224/3273 files analyzed, current file: app/configurations/defaultDataConfig/modelConfig.js"
2024-04-10 16:48:53.408,"INFO: 307/3273 files analyzed, current file: app/main/centralPane/collectionLevel/JSONPreview/services/defaultJsonData/helpers/typeAnyJsonData.js"
2024-04-10 16:49:03.408,"INFO: 390/3273 files analyzed, current file: app/compare_models/advanced_visual_model_comparison/modelComparisonHelper.js"
2024-04-10 16:49:13.408,"INFO: 583/3273 files analyzed, current file: app/menu/menuService.js"
2024-04-10 16:49:23.409,"INFO: 696/3273 files analyzed, current file: app/storage/controlVersionService/helpers/synchronizeRequiredWithPrimaryKey.js"
2024-04-10 16:49:33.409,"INFO: 817/3273 files analyzed, current file: app/shared/treeNode/treeNodeService.js"
2024-04-10 16:49:43.409,"INFO: 904/3273 files analyzed, current file: app/forward_engineering/excel/excelService.js"
2024-04-10 16:49:53.409,"INFO: 1003/3273 files analyzed, current file: app/compare_models/comparisonHelpers/entityComparisonUtils.js"
2024-04-10 16:50:03.409,"INFO: 1153/3273 files analyzed, current file: app/gitContext/shared/GitStashAction/GitStashAction.js"
2024-04-10 16:50:13.410,"INFO: 1189/3273 files analyzed, current file: app/reverse_engineering/database_connection/shared/connections_list/connectionsListModalActions.js"
2024-04-10 16:50:23.410,"INFO: 1219/3273 files analyzed, current file: app/main/mainModel/bucket/bucketActions.js"
2024-04-10 16:50:33.410,"INFO: 1246/3273 files analyzed, current file: app/main/mainModel/collection/collectionActions.js"
2024-04-10 16:50:43.410,"INFO: 1325/3273 files analyzed, current file: app/reverse_engineering/ddl_helper/ddlReducer.js"
2024-04-10 16:50:53.411,"INFO: 1385/3273 files analyzed, current file: app/pluginManager/pluginLoadServices/helpers/propertiesPaneConfigHelper.js"
2024-04-10 16:51:03.411,"INFO: 1500/3273 files analyzed, current file: app/main/centralPane/dbLevel/Helpers/HotKeyWrapper.js"
2024-04-10 16:51:13.411,"INFO: 1636/3273 files analyzed, current file: services/forwardEngineering/ddl/providers/redshift/redshiftProvider.js"
2024-04-10 16:51:23.411,"INFO: 1780/3273 files analyzed, current file: app/menu/contextMenu/menuItemsList.js"
2024-04-10 16:51:33.412,"INFO: 1913/3273 files analyzed, current file: test/unit/services/pluginService/helpers/merge/propertiesPane/helpers.js"
2024-04-10 16:51:43.412,"INFO: 2054/3273 files analyzed, current file: app/main/centralPane/dbLevel/Helpers/SelectionCanvas.js"
2024-04-10 16:51:53.412,"INFO: 2178/3273 files analyzed, current file: app/main/centralPane/dbLevel/Diagram/CollectionBox/CollectionDescription.js"
2024-04-10 16:52:03.412,"INFO: 2299/3273 files analyzed, current file: app/main/centralPane/dbLevel/Diagram/ModelPage/ModelPage.js"
2024-04-10 16:52:13.412,"INFO: 2410/3273 files analyzed, current file: services/reverseEngineering/mongodb/mongoDBConnectionService.js"
2024-04-10 16:52:23.413,"INFO: 2568/3273 files analyzed, current file: services/reverseEngineering/cloudConnection/googleCloud/googleCloudStorageService.js"
2024-04-10 16:52:33.413,"INFO: 2706/3273 files analyzed, current file: app/reverse_engineering/database_connection/shared/connections_list/wrappers/ApplyToInstanceConnectionsList.js"
2024-04-10 16:52:43.413,"INFO: 2792/3273 files analyzed, current file: app/documentation/Documentation.js"
2024-04-10 16:52:53.413,"INFO: 3058/3273 files analyzed, current file: test/testcafe/workgroup/pushLocalCommitsScreen.spec.js"
2024-04-10 16:53:02.408,INFO: Analyzed 3273 file(s) with current program
2024-04-10 16:53:02.418,INFO: 3273/3273 source files have been analyzed
2024-04-10 16:53:02.418,INFO: Hit the cache for 0 out of 3273
2024-04-10 16:53:02.420,INFO: Miss the cache for 3273 out of 3273: ANALYSIS_MODE_INELIGIBLE [3273/3273]
2024-04-10 16:53:02.420,INFO: Sensor JavaScript/TypeScript analysis [javascript] (done) | time=283862ms
2024-04-10 16:53:02.421,INFO: Sensor JavaScript inside YAML analysis [javascript]
2024-04-10 16:53:02.495,INFO: No input files found for analysis
2024-04-10 16:53:02.495,INFO: Hit the cache for 0 out of 0
2024-04-10 16:53:02.495,INFO: Miss the cache for 0 out of 0
2024-04-10 16:53:02.495,INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=74ms
2024-04-10 16:53:02.495,INFO: Sensor JavaScript inside HTML analysis [javascript]
2024-04-10 16:53:02.501,INFO: 13 source files to be analyzed
2024-04-10 16:53:05.996,INFO: 13/13 source files have been analyzed
2024-04-10 16:53:05.996,INFO: Hit the cache for 0 out of 13
2024-04-10 16:53:05.996,INFO: Miss the cache for 13 out of 13: ANALYSIS_MODE_INELIGIBLE [13/13]
2024-04-10 16:53:05.996,INFO: Sensor JavaScript inside HTML analysis [javascript] (done) | time=3501ms
2024-04-10 16:53:05.996,INFO: Sensor CSS Rules [javascript]
2024-04-10 16:53:06.008,INFO: 254 source files to be analyzed
2024-04-10 16:53:07.700,INFO: 254/254 source files have been analyzed
2024-04-10 16:53:07.700,INFO: Hit the cache for 0 out of 0
2024-04-10 16:53:07.700,INFO: Miss the cache for 0 out of 0
2024-04-10 16:53:07.700,INFO: Sensor CSS Rules [javascript] (done) | time=1704ms
2024-04-10 16:53:07.700,INFO: Sensor CSS Metrics [javascript]
2024-04-10 16:53:08.098,INFO: Sensor CSS Metrics [javascript] (done) | time=398ms
2024-04-10 16:53:08.099,INFO: Sensor IaC Docker Sensor [iac]
2024-04-10 16:53:08.112,INFO: 0 source files to be analyzed
2024-04-10 16:53:08.154,INFO: 0/0 source files have been analyzed
2024-04-10 16:53:08.154,INFO: Sensor IaC Docker Sensor [iac] (done) | time=56ms
2024-04-10 16:53:08.155,INFO: Sensor Serverless configuration file sensor [security]
2024-04-10 16:53:08.160,INFO: 0 Serverless function entries were found in the project
2024-04-10 16:53:08.163,INFO: 0 Serverless function handlers were kept as entrypoints
2024-04-10 16:53:08.163,INFO: Sensor Serverless configuration file sensor [security] (done) | time=8ms
2024-04-10 16:53:08.163,INFO: Sensor AWS SAM template file sensor [security]
2024-04-10 16:53:08.183,INFO: Sensor AWS SAM template file sensor [security] (done) | time=20ms
2024-04-10 16:53:08.183,INFO: Sensor AWS SAM Inline template file sensor [security]
2024-04-10 16:53:08.199,INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=16ms
2024-04-10 16:53:08.199,INFO: Sensor TextAndSecretsSensor [text]
2024-04-10 16:53:08.199,INFO: Available processors: 4
2024-04-10 16:53:08.200,INFO: Using 4 threads for analysis.
2024-04-10 16:53:10.730,INFO: 4986 source files to be analyzed
2024-04-10 16:53:20.730,"INFO: 20/4986 files analyzed, current files: test/feature/forwardEngineering/feScript/models/Swagger/model.json, test/feature/reverseEngineering/xsd/models/MSSQL/normalized.json, test/feature/reverseEngineering/xsd/models/Snowflake/normalized.json, ..."
2024-04-10 16:53:30.730,"INFO: 377/4986 files analyzed, current files: services/gitService/gitProviders/providers/bitbucketServer/bitbucketServerProvider.js, test/feature/forwardEngineering/alterScript/models/DeltaLake/alterPK/runtime-9/originalModels/model1.json, app/main/mainModel/lineage/lineageActions.js, ..."
2024-04-10 16:53:40.530,INFO: 4986/4986 source files have been analyzed
2024-04-10 16:53:40.531,INFO: Sensor TextAndSecretsSensor [text] (done) | time=32332ms
2024-04-10 16:53:40.531,INFO: Sensor JavaSecuritySensor [security]
2024-04-10 16:53:40.534,"INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549"
2024-04-10 16:53:40.534,INFO: Load type hierarchy and UCFGs: Starting
2024-04-10 16:53:40.534,INFO: Load type hierarchy: Starting
2024-04-10 16:53:40.534,INFO: Reading type hierarchy from: /tmp/scanner/14497035242405654590/.scannerwork/ucfg2/java
2024-04-10 16:53:40.534,INFO: Read 0 type definitions
2024-04-10 16:53:40.536,INFO: Load type hierarchy: Time spent was 00:00:00.001
2024-04-10 16:53:40.536,INFO: Load UCFGs: Starting
2024-04-10 16:53:40.536,INFO: Load UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.536,INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.001
2024-04-10 16:53:40.536,INFO: No UCFGs have been included for analysis.
2024-04-10 16:53:40.537,INFO: java security sensor: Time spent was 00:00:00.003
2024-04-10 16:53:40.542,INFO: Sensor JavaSecuritySensor [security] (done) | time=10ms
2024-04-10 16:53:40.542,INFO: Sensor CSharpSecuritySensor [security]
2024-04-10 16:53:40.542,"INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6639, S6641"
2024-04-10 16:53:40.542,INFO: Load type hierarchy and UCFGs: Starting
2024-04-10 16:53:40.542,INFO: Load type hierarchy: Starting
2024-04-10 16:53:40.542,INFO: Reading type hierarchy from: /tmp/scanner/14497035242405654590/ucfg2/cs
2024-04-10 16:53:40.542,INFO: Read 0 type definitions
2024-04-10 16:53:40.542,INFO: Load type hierarchy: Time spent was 00:00:00.000
2024-04-10 16:53:40.542,INFO: Load UCFGs: Starting
2024-04-10 16:53:40.542,INFO: Load UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.542,INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.543,INFO: No UCFGs have been included for analysis.
2024-04-10 16:53:40.543,INFO: csharp security sensor: Time spent was 00:00:00.000
2024-04-10 16:53:40.543,INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
2024-04-10 16:53:40.543,INFO: Sensor PhpSecuritySensor [security]
2024-04-10 16:53:40.543,"INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350"
2024-04-10 16:53:40.543,INFO: Load type hierarchy and UCFGs: Starting
2024-04-10 16:53:40.543,INFO: Load type hierarchy: Starting
2024-04-10 16:53:40.543,INFO: Reading type hierarchy from: /tmp/scanner/14497035242405654590/.scannerwork/ucfg2/php
2024-04-10 16:53:40.543,INFO: Read 0 type definitions
2024-04-10 16:53:40.543,INFO: Load type hierarchy: Time spent was 00:00:00.000
2024-04-10 16:53:40.543,INFO: Load UCFGs: Starting
2024-04-10 16:53:40.543,INFO: Load UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.544,INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.544,INFO: No UCFGs have been included for analysis.
2024-04-10 16:53:40.544,INFO: php security sensor: Time spent was 00:00:00.000
2024-04-10 16:53:40.544,INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
2024-04-10 16:53:40.544,INFO: Sensor PythonSecuritySensor [security]
2024-04-10 16:53:40.544,"INFO: Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839"
2024-04-10 16:53:40.544,INFO: Load type hierarchy and UCFGs: Starting
2024-04-10 16:53:40.544,INFO: Load type hierarchy: Starting
2024-04-10 16:53:40.544,INFO: Reading type hierarchy from: /tmp/scanner/14497035242405654590/.scannerwork/ucfg2/python
2024-04-10 16:53:40.544,INFO: Read 0 type definitions
2024-04-10 16:53:40.544,INFO: Load type hierarchy: Time spent was 00:00:00.000
2024-04-10 16:53:40.544,INFO: Load UCFGs: Starting
2024-04-10 16:53:40.545,INFO: Load UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.545,INFO: Load type hierarchy and UCFGs: Time spent was 00:00:00.000
2024-04-10 16:53:40.545,INFO: No UCFGs have been included for analysis.
2024-04-10 16:53:40.545,INFO: python security sensor: Time spent was 00:00:00.000
2024-04-10 16:53:40.545,INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
2024-04-10 16:53:40.545,INFO: Sensor JsSecuritySensor [security]
2024-04-10 16:53:40.545,"INFO: Enabled taint analysis rules: S6287, S5144, S2083, S5883, S6096, S6105, S6350, S5334, S5131, S5696, S2076, S3649, S2631, S5146, S5147"
2024-04-10 16:53:40.545,INFO: Load type hierarchy and UCFGs: Starting
2024-04-10 16:53:40.546,INFO: Load type hierarchy: Starting
2024-04-10 16:53:40.546,INFO: Reading type hierarchy from: /tmp/scanner/14497035242405654590/.scannerwork/ucfg2/js
2024-04-10 16:53:40.559,INFO: Read 0 type definitions
2024-04-10 16:53:40.559,INFO: Load type hierarchy: Time spent was 00:00:00.013
2024-04-10 16:53:40.559,INFO: Load UCFGs: Starting
2024-04-10 16:53:40.559,INFO: Reading UCFGs from: /tmp/scanner/14497035242405654590/.scannerwork/ucfg2/js
2024-04-10 16:53:46.337,INFO: Load UCFGs: Time spent was 00:00:05.776
2024-04-10 16:53:46.337,INFO: Load type hierarchy and UCFGs: Time spent was 00:00:05.790
2024-04-10 16:53:46.337,INFO: Analyzing 38463 UCFGs to detect vulnerabilities.
2024-04-10 16:53:46.337,INFO: Check cache: Starting
2024-04-10 16:53:46.337,INFO: Load cache: Starting
2024-04-10 16:53:46.337,INFO: Load cache: Time spent was 00:00:00.000
2024-04-10 16:53:46.337,INFO: Check cache: Time spent was 00:00:00.000
2024-04-10 16:53:46.337,INFO: Create runtime call graph: Starting
2024-04-10 16:53:46.338,INFO: Variable Type Analysis #1: Starting
2024-04-10 16:53:46.338,INFO: Create runtime type propagation graph: Starting
2024-04-10 16:53:47.745,INFO: Create runtime type propagation graph: Time spent was 00:00:01.406
2024-04-10 16:53:47.746,INFO: Run SCC (Tarjan) on 293879 nodes: Starting
2024-04-10 16:53:48.021,INFO: Run SCC (Tarjan) on 293879 nodes: Time spent was 00:00:00.275
2024-04-10 16:53:48.021,INFO: Tarjan found 293796 strongly connected components
2024-04-10 16:53:48.021,INFO: Propagate runtime types to strongly connected components: Starting
2024-04-10 16:53:48.620,INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.598
2024-04-10 16:53:48.620,INFO: Variable Type Analysis #1: Time spent was 00:00:02.282
2024-04-10 16:53:48.622,INFO: Variable Type Analysis #2: Starting
2024-04-10 16:53:48.622,INFO: Create runtime type propagation graph: Starting
2024-04-10 16:53:49.704,INFO: Create runtime type propagation graph: Time spent was 00:00:01.081
2024-04-10 16:53:49.704,INFO: Run SCC (Tarjan) on 293879 nodes: Starting
2024-04-10 16:53:49.909,INFO: Run SCC (Tarjan) on 293879 nodes: Time spent was 00:00:00.204
2024-04-10 16:53:49.909,INFO: Tarjan found 293796 strongly connected components
2024-04-10 16:53:49.909,INFO: Propagate runtime types to strongly connected components: Starting
2024-04-10 16:53:50.286,INFO: Propagate runtime types to strongly connected components: Time spent was 00:00:00.377
2024-04-10 16:53:50.286,INFO: Variable Type Analysis #2: Time spent was 00:00:01.663
2024-04-10 16:53:50.314,INFO: Create runtime call graph: Time spent was 00:00:03.976
2024-04-10 16:53:50.314,INFO: Load config: Starting
2024-04-10 16:53:50.379,INFO: Load config: Time spent was 00:00:00.065
2024-04-10 16:53:50.379,INFO: Compute entry points: Starting
2024-04-10 16:53:58.024,INFO: Compute entry points: Time spent was 00:00:07.644
2024-04-10 16:53:58.024,INFO: All rules entry points : 2754
2024-04-10 16:53:58.024,INFO: Slice call graph: Starting
2024-04-10 16:53:58.024,INFO: Slice call graph: Time spent was 00:00:00.000
2024-04-10 16:53:58.024,INFO: Live variable analysis: Starting
2024-04-10 16:54:01.444,INFO: Live variable analysis: Time spent was 00:00:03.420
2024-04-10 16:54:01.445,INFO: Taint analysis for js: Starting
2024-04-10 16:54:02.151,"INFO: 0 / 38463 UCFGs simulated, memory usage: 952 MB"
2024-04-10 16:54:02.916,"INFO: 144 / 38463 UCFGs simulated, memory usage: 1132 MB"
2024-04-10 16:54:06.054,"INFO: 265 / 38463 UCFGs simulated, memory usage: 3438 MB"
2024-04-10 16:54:09.019,"INFO: 360 / 38463 UCFGs simulated, memory usage: 3005 MB"
2024-04-10 16:54:12.893,"INFO: 495 / 38463 UCFGs simulated, memory usage: 1417 MB"
2024-04-10 16:54:18.138,"INFO: 598 / 38463 UCFGs simulated, memory usage: 2410 MB"
2024-04-10 16:54:23.323,"INFO: 702 / 38463 UCFGs simulated, memory usage: 3646 MB"
2024-04-10 16:54:29.358,"INFO: 879 / 38463 UCFGs simulated, memory usage: 3119 MB"
2024-04-10 16:54:34.211,"INFO: 990 / 38463 UCFGs simulated, memory usage: 3870 MB"
2024-04-10 16:54:41.776,"INFO: 1079 / 38463 UCFGs simulated, memory usage: 3026 MB"
2024-04-10 16:54:52.181,"INFO: 1188 / 38463 UCFGs simulated, memory usage: 3598 MB"
2024-04-10 16:55:02.928,"INFO: 1289 / 38463 UCFGs simulated, memory usage: 4280 MB"
2024-04-10 16:55:10.576,"INFO: 1405 / 38463 UCFGs simulated, memory usage: 3102 MB"
2024-04-10 16:55:23.787,"INFO: 1479 / 38463 UCFGs simulated, memory usage: 4505 MB"
2024-04-10 16:55:58.203,"INFO: 1525 / 38463 UCFGs simulated, memory usage: 4679 MB"
2024-04-10 16:56:24.297,"INFO: 1547 / 38463 UCFGs simulated, memory usage: 4964 MB"
2024-04-10 16:56:38.272,"INFO: 1592 / 38463 UCFGs simulated, memory usage: 4559 MB"
2024-04-10 16:57:19.052,"INFO: 1701 / 38463 UCFGs simulated, memory usage: 6119 MB"
2024-04-10 16:57:45.645,"INFO: 1722 / 38463 UCFGs simulated, memory usage: 6453 MB"
2024-04-10 16:58:17.739,"INFO: 1803 / 38463 UCFGs simulated, memory usage: 7244 MB"
2024-04-10 16:58:43.036,"INFO: 1906 / 38463 UCFGs simulated, memory usage: 7838 MB"
2024-04-10 17:02:52.505,Terminating due to java.lang.OutOfMemoryError: Java heap space

OK, that’s useful information, thank you!

I have used the procedure documented here to setup my local environment. It looks like I don’t have this JsSecuritySensor. None of the rules you listed are available.

You’re right, the Security analyzer is available only on commercial licenses of SonarQube.

To unlock your trial, I would then suggest disabling those rules on SonarCloud by configuring the Quality Profile (documentation).

Disabling the rules that you listed fixes the problem. I now have a successful analysis for my entire scope.

I have found a lot of problems reported for that JsSecuritySensor: it looks like many users have noticed serious performance degradation. Do you have a track to improve it? Disabling those rules is not a viable option on the long term…

As a side note, I also noticed that, when you click on the number of Accepted Issues in the Main Branch Summary, you get the placeholder We couldn’t find any results matching selected criteria. Removing the query parameter &sinceLeakPeriod=true from the URL fixes the problem.

Yes, we do! We are constantly investigating and improving the performance and reliability of our security rules. For sure, disabling the security checks is absolutely not what we want, and I suggested that only to unlock your trial.

I’m really glad to hear that it solves the memory issue and you are now able to analyze your main branch successfully. I hope you’ll be able to answer all the questions you may had during your trial now!

Feel free to open other threads if you have other questions.

Thanks for the report! Would you mind opening another thread to describe this issue? This part of the software is owned by another team, and they will be much more efficient than me to investigate this!

Done: Link to accepted issues does not work in SonarCloud

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.