Very slow scanning process at large and legacy java project

Hi i´m working with a big and legacy product, and i have some performance issues when i run my sonar scanner.


  • More then 600k loc.
  • More then 8k vulnerabilities, 2k bugs, 100k code smells.
  • More then 4k classes
  • Duplication 12%
  • A lot of cyclomatic complexity and cognitive issues
  • Some classes are too big (30k loc)
  • Some methods and algorithms are unbelievably dumb, wrong and nonperformance

Relevant properties:

  • Java source and target version is 1.6
  • Maven wrapper 3.6.1
  • Maven compiler plugin 3.6.0
  • Maven surefire plugin 2.22.2
  • Sonar maven plugin
  • Sonar server is 6.7

Some of my properties:

  • <sonar.language>java</sonar.language>
  • <>1.6</>

It tooks 09:30 hours to run sonar.
00:30 is about sending the scanner results to server and 9 hours is about running the scanner.

  • Analysis report generated dir size=107 MB

Slowest steps:

  • Java Main Files AST scan
  • Sensor JavaSquidSensor

I know that are some Rules that causes more slow than others.
But i don´t know how to find out which are these slowest rules.

sh “export MAVEN_OPTS=’-Xms1512m -Xmx8096m -XX:PermSize=512m -XX:MaxPermSize=1024m -XX:ReservedCodeCacheSize=128m’ ;” +" ./mvnw sonar:sonar -T 4 -X"


Those are really interesting numbers : could you confirm that you are running with the community edition ?