Sonarqube full analysis mode is working fine, but incremental analysis is failing with below error:-
Main error is:-
Fail to download [http://IP:9000/sonar/batch_bootstrap/db?project=project_name], Response code: 500
I have 2 projects, JS and Java project.
For JS project, the incremental analysis is working, but it's not working for java code's analysis.
Sonarqube version - 4.5.2
Java version - 8
Mysql - 5.7
Update 1
Full analysis has detected 500 000 issues. So, is it possible that incremental analysis is failing because of scaling issues.
Moreover, full analysis did have some ERRORs in console like class not found, and ignored certain files. Still, analysis ultimately succeeded. So, could this be the reason that incremental analysis is failing?
Related
We have setup pull request analysis for C# .Net code. It is observed old code(unmodified) is being considered for analysis which is not expected, this is blocking us from using quality gates.
The new code condition is set based on the “number of days” condition which is set to 1.
Even then the PR/short branch analysis reports issues that are present in old code (which are not updated\edited as part of the pull request), because of this issue we are unable to enable quality gates.
Following tasks are used in the azure devops pipeline:
Prepare analysis for sonar cloud
Run code analysis
Publish quality gate result
ALM used: Git in Azure DevOps CI system used Azure DevOps
Languages of the repository: C# .Net
This is an example SonarQube pipeline configuration which is executed on every merge to the master branch.
Example pipeline steps
Steps:
Node is installed for building purposes
Prepare analysis is initiated which downloads necessary for scanning, configurations and rulesets
Nugget package manager is installed
Nugget restore is initiated
Solution is built (important step)
Code analysis is checking every .cs file contained in the solution previously built
Strict quality gate are the scan results
Custom build step which breaks the pipeline if quality gate has failed
This might be obvious but make sure you are building the C# solution in between the Prepare analysis on SonarQube and Run Code Analysis in order to provide updated code that SonarQube will analyze.
The "Get results from SonarQube" step is a powershell script that calls the SonarQube API to get the quality gate results of the scan initiated in order to fail if issues have been found.
We are evaluating how incremental Sonar static code analysis can be achieved. We usually do full code quality check and post the results on Sonarqube dashboard. The requirement is to run incremental scan on the modified changes from Git repository. My concern is results will be overwritten every time incremental scan is executed. Is there a way to resolve that issue? I need to have full report and also delta scan results (on every build) on Sonarqube project. Is it possible?
I'm using gitlab-ci pipeline, it will run a new docker container with following commands:
mvn --batch-mode verify sonar:sonar
-Dsonar.analysis.mode=preview
-Dsonar.gitlab.project_id=$CI_PROJECT_ID
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
-Dsonar.gitlab.only_issue_from_commit_file=true
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
-Dsonar.host.url=xxx
-Dsonar.test.inclusions="/src/test/java/**/*.java"
-Dsonar.login=xxx
It becomes quite slow for my project, almost run for 20mins.
I found it will scan all files instead of only the commited files.
Is there anything wrong with my configurations?
In some past SonarQube versions we changed the preview mode to only scan changed files. But it has some drawback, like not being able to properly detect cross file issues.
In recent SonarQube versions, the preview mode is deprecated in favor of pull request analysis. But even this PR analysis feature is scanning all files, for the same reasons (cross file issues, coverage measures, duplication detections, ...).
We stopped trying to do partial analysis, and are instead trying to optimize full analysis duration. How big is your project? Is SonarQube analysis time long compared to your regular build (compile + tests)? If yes, then I suggest you report you case on the SonarSource community forum.
I am using SonarQube 4.3 version to show Unit tests and other code metrics analysis results. Now I am looking for incremental preview or mode for my analysis results as described here.
I am looking to see whether the last code checked-in has a 100% unit test coverage, no security violations and has other quality gates passed.
Currently sonar gives overall combined report for all the files within project. Can we have one for the changed files in the last build as well?
When I run an incremental analysis on my project through maven, build warner plugin is not called, resulting in an analysis completing successfully even if there are violations.
I have quality gate setup correctly (0 violations) and I have tried configuring sonar sonar.preview.includePlugins with buildwarner plugin in General settings, but without luck - the plugin is still not called in an incremental analysis.
The plugin works correctly with SonarQube 5.1 as it is called in full analysis without problems.
It is the expected behavior. This plugin does not work for incremental analysis for now. But maybe soon. See http://sonarqube.15.x6.nabble.com/Sonarqube-and-Build-Breaker-Plugin-td5034703.html