Xcode + sonarqube for C/C++/Objective C

Hi, I’m trying to use sonarqube to build Xcode project written using Object C. I try using sonar-scanner to run the scan in Enterprise edition.

I have used build-wrapper-macosx-x86 --out-dir build_wrapper_output_directory xcodebuild clean ./build to build my project and it successfully generated the build-wrapper-dump.json.

./build → Has xcodebuild command like xcodebuild clean build.

After above step, when I launch sonarqube analysis I have error:

`##[error]java.lang.IllegalStateException: “vfsoverlay” file used during build doesn’t exist, please make sure you are not cleaning build files before launching the analysis.

ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: "vfsoverlay" file used during build doesn't exist, please make sure you are not cleaning build files before launching the analysis. The missing file: /Users/arunbharath.krishnan/Library/Developer/Xcode/DerivedData/BFGFramework-fizxtlzxqyuqsgeuuvuljilsuphe/Build/Intermediates.noindex/ArchiveIntermediates/BFGFramework/IntermediateBuildFilesPath/BFGFramework.build/Debug-iphoneos/BFGFramework.build/all-product-headers.yaml

I don’t know what is the problem here. any help would be appreciated. below are my specs

build-wrapper version : 6.50
Sonar Scanner : 5.0.1
Sonar Qube : Enterprise edition

Hi,

Welcome to the community!

Searching tells me

VFS overlays are YAML files which provide a mechanism to simulate a filesystem structure which is overlaid on top of the real filesystem.

Is your build system using or creating these files?

If so, as a first step, I would try setting an exclusion for **/vfsoverlay*.

 
HTH,
Ann

Hi Ann, I tried setting an exclusion for **/vfsoverlay* under sonar-project.prop
But still I’m getting the same error. I don’t think my build system are creating these files.

Hi,

Can you share your SonarQube version? You’ll find it in your page footer.

I’d also like your full analysis log.

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

Hi Ann. I’m using

  • Enterprise Edition
  • Version 10.2.1 (build 78527)
Plugins:
Bundled analyzers:
  - Clean as You Code 2.1.0.500 (cayc)
  - IaC Code Quality and Security 1.20.0.5654 (iac)
  - PL/SQL Code Quality and Security 3.10.0.5282 (plsql)
  - Scala Code Quality and Security 1.14.0.4481 (sonarscala)
  - C# Code Quality and Security 9.8.0.76515 (csharp)
  - Vulnerability Analysis 10.2.0.22608 (security)
  - Java Code Quality and Security 7.24.0.32100 (java)
  - HTML Code Quality and Security 3.9.0.3600 (web)
  - Flex Code Quality and Security 2.10.0.3458 (flex)
  - XML Code Quality and Security 2.10.0.4108 (xml)
  - Text Code Quality and Security 2.3.0.1632 (text)
  - VB.NET Code Quality and Security 9.8.0.76515 (vbnet)
  - Swift Code Quality and Security 4.10.0.5999 (swift)
  - CFamily Code Quality and Security 6.48.1.62610 (cpp)
  - Python Code Quality and Security 4.7.0.12181 (python)
  - Dataflow Bug Detection Rules for Python 1.17.0.4892 (dbdpythonfrontend)
  - Dataflow Bug Detection 1.17.0.4892 (dbd)
  - Go Code Quality and Security 1.14.0.4481 (go)
  - JaCoCo 1.3.0.1538 (jacoco)
  - Kotlin Code Quality and Security 2.17.0.2902 (kotlin)
  - RPG Code Quality 3.6.0.3520 (rpg)
  - Dataflow Bug Detection Rules for Java 1.17.0.4892 (dbdjavafrontend)
  - PL/I Code Quality and Security 1.14.0.3735 (pli)
  - T-SQL Code Quality and Security 1.10.0.5799 (tsql)
  - VB6 Code Quality and Security 2.11.0.3706 (vb)
  - Apex Code Quality and Security 1.14.0.4481 (sonarapex)
  - JavaScript/TypeScript/CSS Code Quality and Security 10.5.1.22382 (javascript)
  - Ruby Code Quality and Security 1.14.0.4481 (ruby)
  - Vulnerability Rules for C# 10.2.0.22608 (securitycsharpfrontend)
  - Vulnerability Rules for Java 10.2.0.22608 (securityjavafrontend)
  - Vulnerability Rules for JS 10.2.0.22608 (securityjsfrontend)
  - COBOL Code Quality 5.5.0.6450 (cobol)
  - Vulnerability Rules for Python 10.2.0.22608 (securitypythonfrontend)
  - PHP Code Quality and Security 3.32.0.10180 (php)
  - ABAP Code Quality and Security 3.13.0.4389 (abap)
  - Configuration detection for Code Quality and Security 1.3.0.654 (config)
  - Vulnerability Rules for PHP 10.2.0.22608 (securityphpfrontend)
Global server settings:
  - email.from=noreply.quality@mycomapny.com
  - sonar.auth.gitlab.allowUsersToSignUp=true
  - sonar.auth.saml.applicationId=https://quality.mycompany.com
  - sonar.auth.saml.enabled=true
  - sonar.auth.saml.group.name=group
  - sonar.auth.saml.loginUrl=https://mycompany.okta.com/app/mycompany_sonarqubeprod_1/************/sso/saml
  - sonar.auth.saml.providerId=http://www.okta.com/*******
  - sonar.auth.saml.user.email=email
  - sonar.auth.saml.user.login=email
  - sonar.auth.saml.user.name=email
  - sonar.core.id=4A97C60E-AXmAWJ4adMtjOr9HCEan
  - sonar.core.serverBaseURL=https://quality.mycaompany.com
  - sonar.core.startTime=2023-11-05T07:35:14+0000
  - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk,main
  - sonar.forceAuthentication=true
  - sonar.plugins.risk.consent=ACCEPTED
Project server settings:
Project scanner properties:
  - sonar.cfamily.build-wrapper-output=/Users/arunbharath.krishnan/Documents/sdks/core-ios-sdk/build_wrapper_output_directory
  - sonar.exclusions=all-product-headers.yaml
  - sonar.host.url=https://quality.mycompany.com/
  - sonar.log.path=sonar-scanner.log
  - sonar.projectBaseDir=/Users/arunbharath.krishnan/Documents/sdks/core-ios-sdk
  - sonar.projectKey=bfg-core-ios-sdk
  - sonar.projectName=bfg-core-ios-sdk
  - sonar.projectVersion=1.0
  - sonar.scanner.app=ScannerCLI
  - sonar.scanner.appVersion=5.0.1.3006
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.token=******
  - sonar.verbose=true
  - sonar.working.directory=/Users/arunbharath.krishnan/Documents/sdks/core-ios-sdk/.scannerwork

Hi,

Thanks for your version. Can you share the full analysis log?

 
Ann

Hi Ann. I have attached the log for your reference.
sonar-analysis.log (3.4 MB)

Hi,

Thanks for the log. I’ve flagged this for more expert eyes.

 
Ann

Hi again,

On looking again, I don’t see that exclusion in this log:

Where did you set the exclusion? Or is this an earlier log?

 
Ann

I did after above logs. below is my prop file

sonar.projectKey=proj-key

sonar.projectName=proj-key

sonar.projectVersion=1.0

sonar.sources=.

sonar.cfamily.build-wrapper-output=/Documents/sdks/core-ios-sdk/build_wrapper_output_directory

sonar.sourceEncoding=UTF-8

sonar.exclusions=**/vfsoverlay*

sonar.host.url=*****

sonar.token=*****

Hi,

Could we have the logs that include the exclusion, please?

 
Thx,
Ann

Hey! I’m having the same issue. Adding the file to sonar.exclusions doesn’t seem to avoid the error. Do you know how we can avoid this error?

Hi @brunomdac,

Welcome to the community!

Can you provide the analysis log that includes the exclusion, please?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

I am also facing the Similar issue. Even after set exclusion for sonar.exclusions=**/vfsoverlay*. Please find the error details below.

##[error]java.lang.IllegalStateException: "vfsoverlay" file used during build doesn't exist, please make sure you are not cleaning build files before launching the analysis. The missing file: /Users/runner/Library/Developer/Xcode/DerivedData/Clare-/Build/Intermediates.noindex/Pods.build/Debug-iphoneos/nanopb.build/all-product-headers.yaml
##[debug]Processed: ##vso[task.logissue type=error;]java.lang.IllegalStateException: "vfsoverlay" file used during build doesn't exist, please make sure you are not cleaning build files before launching the analysis. The missing file: /Users/runner/Library/Developer/Xcode/DerivedData/Clare/Build/Intermediates.noindex/Pods.build/Debug-iphoneos/nanopb.build/all-product-headers.yaml
java.lang.IllegalStateException: "vfsoverlay" file used during build doesn't exist, please make sure you are not cleaning build files before launching the analysis. The missing file: /Users/runner/Library/Developer/Xcode/DerivedData/Clare-/Build/Intermediates.noindex/Pods.build/Debug-iphoneos/nanopb.build/all-product-headers.yaml

Hi @sundar_ram,

Welcome to the community!

Can you provide a full analysis log, please?

 
Thx,
Ann

Hi ganncamp , Thanks for the quick response. I have attached the log. Please find the attachment for your reference. Kindly check and update me here.
Updated sonar logs.txt (13.6 KB)

Hi @sundar_ram,

Thanks for the error message. What I’m looking for is the full analysis log, starting from - and including - the analysis command.

 
Thx,
Ann