-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR: isAlive was interrupted when applying all findbugs rules into my existing sonarway copy profile to scan a monolithic project #1022
Comments
Have you tried setting the |
Yes,I have set the sonar.findbugs.timeout to 7200000. The scan process always hang for serveral hours, I killed the pipeline manually. |
Can you please try to find out what code is running (or waiting) at the end? https://www.baeldung.com/java-thread-dump Can you please also investigate the memory usage of the process? I would need to know if maybe the process is about to run out of memory. A healthy memory usage chart would be something like that: |
Hi, gtoison. I tried to use a lower version spotbugs plugin 4.2.5, and set these parameters to reduce the scan time :
|
Thank you for the thread dump, so it looks like it was doing an injection taint analysis when the dump was captured. This is from the findsecbugs plugin, could you please try disabling all the findsecbugs rules in your sonar quality profile? I would also be interested to see the .hprof dump to check what exactly is taking so much memory, it would be great if you could share it. |
Sorry, the .hprof dump file is too big, almost 17G, and can not transfer to the network due to company restrictions. I'll disable all findsecbugs rules and have a try. |
By the way, I wonder what is the difference of these four profiles, what is the difference between findbugs rules and Sonar way? What is the best practice to use these rules? I created a copy of sonarway and activated all findbugs critical/blocker rules. |
Sonar Way is the built-in SonarQube quality profile, it uses rules implemented by SonarSource, the makers of SonarQube. FindBugs is the old name of SpotBugs, it is a separate tools with its own bug detectors. It is also available as a plugin for SonarQube. That's how you are using it, but you could also use SonarQube from gradle, maven, ant or standalone. SpotBugs itself has plugins, notably FindSecBugs and FbContrib, providing additional bug detectors. The SonarQube SpotBugs plugin is bundled with FindSecBugs and FbContrib and you can use preset quality profile to enable them. Note that currently FindSecBug and FbContrib will run all their respective bug detectors if at least one of their rules is enabled. So you need to disable all FindSecBug rules to test if that solves the memory problem.
It's a bit hard to answer that question as it depends a lot on the team organization, blocker rules might not be relevant to some teams and vice versa some minor rules might be important. |
Issue Description
Applying all findbugs rules and findbugs security rules into my existing sonarway copy profile, when scan project in jenkins pipeline, the scan process hang up and following error occured.
By the way, the scan can be successful before updating sonarqube from 7.9.6 to 9.9.4, findbugs from 4.2.3 to 4.2.9. Also if I change the quality profile to Sonar way, it can be successful with sonarqube 9.9.4. So I think the problem has something to do with findbugs plugin.
Aux: /data/jenkins/workspace/aaa_SONAR/build/classes/src
Aux: /data/jenkins/workspace/aaa_SONAR/.scannerwork/findbugs/annotations.jar
Aux: /data/jenkins/workspace/aaa_SONAR/.scannerwork/findbugs/jsr305.jar
ERROR: isAlive was interrupted
java.lang.InterruptedException: null
at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.isAlive(EslintBridgeServerImpl.java:331)
at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.heartbeat(EslintBridgeServerImpl.java:121)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Environment
| Component | Version |
sonarqube 9.9.4
sonar-scanner 5.0.1
sonar-findbugs plugin 4.2.9
ant 1.9.6
JDK 1.6.7
Set SONAR_SCANNER_OPTS=-Xmx10G
The text was updated successfully, but these errors were encountered: