英文:

When SonarQube scans the Git Submodule project, only the files of the super project are scanned

问题

当SonarQube扫描Git子模块项目时，只扫描了超级项目的文件。
在Jenkins（Linux）上运行。
SonarQube版本为7.9.3。
这是一个Maven项目。

超级项目：

在其他项目中，Maven项目有模块，但不使用Git子模块也可以工作。

日志：
只扫描了1个文件，超级项目的pom.xml。

[INFO] 用户缓存: /var/lib/jenkins/.sonar/cache
[INFO] SonarQube版本: 7.9.3
[INFO] 默认区域设置: "en_US"，源代码编码: "UTF-8"
[WARNING] SonarScanner需要Java 11才能在SonarQube 8.x中运行
[INFO] 加载全局设置
[INFO] 加载全局设置 (完成) | 时间=86毫秒
[INFO] 服务器ID: 0697A0C6-AXLFaD-v57HRhyHJwu5i
[INFO] 用户缓存: /var/lib/jenkins/.sonar/cache
[INFO] 加载/下载插件
[INFO] 加载插件索引
[INFO] 加载插件索引 (完成) | 时间=55毫秒
[INFO] 插件 [l10nzh] 将 'l10nen' 定义为基本插件。自版本5.2以来，此元数据可以从l10n插件的清单中删除。
[INFO] 加载/下载插件 (完成) | 时间=83毫秒
[INFO] 处理项目属性
[INFO] 执行项目构建器
[INFO] 执行项目构建器 (完成) | 时间=5毫秒
[INFO] 项目键: szyh_apps
[INFO] 基本目录: /var/lib/jenkins/workspace/sonar/ ****
[INFO] 工作目录: /var/lib/jenkins/workspace/sonar/ **** /target/sonar
[INFO] 为组件键 'szyh_apps' 加载项目设置
[INFO] 为组件键 'szyh_apps' 加载项目设置 (完成) | 时间=14毫秒
[INFO] 加载质量配置文件
[INFO] 加载质量配置文件 (完成) | 时间=51毫秒
[INFO] 检测到Jenkins
[INFO] 加载活动规则
[INFO] 加载活动规则 (完成) | 时间=567毫秒
[INFO] 正在索引文件...
[INFO] 项目配置:
[INFO] 模块 '******' 的文件索引
[INFO]   基本目录: /var/lib/jenkins/workspace/sonar/ ****
[INFO]   源路径: pom.xml, src/main/java
[INFO]   测试路径: src/test/java
...
[INFO] 模块 '****(聚合项目)****' 的文件索引
[INFO]   基本目录: /var/lib/jenkins/workspace/sonar/ ****
[INFO]   源路径: pom.xml
[INFO] 已索引1个文件
[INFO] 由于SCM忽略设置，忽略了0个文件
[INFO] XML的质量配置: Sonar way
[INFO] ------------- 在模块 **** 上运行传感器
[INFO] 加载度量存储库
[INFO] 加载度量存储库 (完成) | 时间=16毫秒
[INFO] 传感器 JavaXmlSensor [java]
[INFO] 传感器 JavaXmlSensor [java] (完成) | 时间=1毫秒
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco]
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco] (完成) | 时间=3毫秒
[INFO] ------------- 在模块 **** 上运行传感器
[INFO] 传感器 JavaXmlSensor [java]
[INFO] 传感器 JavaXmlSensor [java] (完成) | 时间=0毫秒
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco]
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco] (完成) | 时间=1毫秒
...
[INFO] 传感器 MyBatisLint Sensor [mybatis]
[INFO] stmtIdExcludeList: []
[INFO] 传感器 MyBatisLint Sensor [mybatis] (完成) | 时间=78毫秒
[INFO] 传感器 JavaXmlSensor [java]
[INFO] 分析1个源文件
[INFO] 加载项目存储库
[INFO] 加载项目存储库 (完成) | 时间=16毫秒
[INFO] 传感器 JavaXmlSensor [java] (完成) | 时间=172毫秒
[INFO] 已分析1/1个源文件
[INFO] 传感器 HTML [web]
[INFO] 传感器 HTML [web] (完成) | 时间=13毫秒
[INFO] 传感器 XML传感器 [xml]
[INFO] 分析1个源文件
[INFO] 传感器 XML传感器 [xml] (完成) | 时间=143毫秒
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco]
[INFO] 已分析1/1个源文件
[INFO] 传感器 JaCoCo XML报告导入器 [jacoco] (完成) | 时间=2毫秒
[INFO] ------------- 在项目上运行传感器
[INFO] 传感器零覆盖传感器
[INFO] 传感器零覆盖传感器 (完成) | 时间=0毫秒
[INFO] 此项目的SCM提供程序是: git
[INFO] 1个文件要分析
[INFO] 已分析1/1个文件
[INFO] 正在计算0个文件的CPD
[INFO] CPD计算完成
[INFO] 分析报告在70毫秒内生成，目录大小=191 KB
[INFO] 分析报告在9毫秒内压缩，zip大小=16 KB
[INFO] 分析报告在20毫秒内上传
[

<details>
<summary>英文:</summary>

When SonarQube scans the Git submodule project, only the files of the super project are scanned.\
Run in jenkins(Linux)\
SonarQube version is 7.9.3\
a maven project

the super project:
[![only 2 file： .gitmodules and pom.xml][1]][1]

in other project，maven project have module，but not use git submodule can work.

the log:
only 1 file, the pom.xml for super project are scanned.

[INFO] User cache: /var/lib/jenkins/.sonar/cache
[INFO] SonarQube version: 7.9.3
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[WARNING] SonarScanner will require Java 11 to run starting in SonarQube 8.x
[INFO] Load global settings
[INFO] Load global settings (done) | time=86ms
[INFO] Server id: 0697A0C6-AXLFaD-v57HRhyHJwu5i
[INFO] User cache: /var/lib/jenkins/.sonar/cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=55ms
[INFO] Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
[INFO] Load/download plugins (done) | time=83ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=5ms
[INFO] Project key: szyh_apps
[INFO] Base dir: /var/lib/jenkins/workspace/sonar/ ****
[INFO] Working dir: /var/lib/jenkins/workspace/sonar/ **** /target/sonar
[INFO] Load project settings for component key: 'szyh_apps'
[INFO] Load project settings for component key: 'szyh_apps' (done) | time=14ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=51ms
[INFO] Detected Jenkins
[INFO] Load active rules
[INFO] Load active rules (done) | time=567ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] Indexing files of module ''
[INFO] Base dir: /var/lib/jenkins/workspace/sonar/ ****
[INFO] Source paths: pom.xml, src/main/java
[INFO] Test paths: src/test/java
...
[INFO] Indexing files of module '(the aggregator project)'
[INFO] Base dir: /var/lib/jenkins/workspace/sonar/ ****
[INFO] Source paths: pom.xml
[INFO] 1 file indexed
[INFO] 0 files ignored because of scm ignore settings
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module ****
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=16ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] Sensor JavaXmlSensor [java] (done) | time=1ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] ------------- Run sensors on module ****
[INFO] Sensor JavaXmlSensor [java]
[INFO] Sensor JavaXmlSensor [java] (done) | time=0ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
...
[INFO] Sensor MyBatisLint Sensor [mybatis]
[INFO] stmtIdExcludeList: []
[INFO] Sensor MyBatisLint Sensor [mybatis] (done) | time=78ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=16ms
[INFO] Sensor JavaXmlSensor [java] (done) | time=172ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=13ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=143ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 1/1 source files have been analyzed
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=0ms
[INFO] SCM provider for this project is: git
[INFO] 1 files to be analyzed
[INFO] 1/1 files analyzed
[INFO] Calculating CPD for 0 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 70ms, dir size=191 KB
[INFO] Analysis report compressed in 9ms, zip size=16 KB
[INFO] Analysis report uploaded in 20ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http:// **** /dashboard?id=szyh_apps
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http:// **** /api/ce/task?id=**
[INFO] Analysis total time: 5.244 s
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]

[![In SonarQube，only pom.xml][2]][2]
disabled scm can work, but no time and author information
```shell
mvn jacoco:prepare-agent sonar:sonar \
-Dsonar.projectKey=szyh_apps \
-Dsonar.host.url=http://**** \
-Dsonar.login=**** \
-Dsonar.scm.disabled \
-s /usr/share/maven/conf/settings-szyh_apps.xml

答案1

得分: 1

你可以在命令行中设置-Dsonar.scm.exclusions.disabled=true，或者从SonarQube仪表板->管理->常规设置->SCM->禁用SCM传感器=TRUE。

这对我来说运行正常，我正在使用SonarQube V7.9.5。

这与git如何读取你的仓库有关。首先尝试在你的仓库中运行命令：git ls-tree -r HEAD。

你可以参考Ann的回答：https://community.sonarsource.com/t/no-results-for-git-submodules/8464：

查看sonar-scm-git-plugin的源代码，我了解到它实际上并不严格地“根据项目的.gitignore添加排除”，而是忽略了根仓库未管理的每个文件。
你可以通过在你的git仓库中运行git ls-tree -r HEAD来验证这一点。子模块的文件未列出，基本上这就是Git插件1.8正在做的事情。

英文:

you can set -Dsonar.scm.exclusions.disabled=true in cmd line or
from SonarQube Dashboard->Administration->General settings->SCM->Disable the scm sensor=TRUE

This is working fine for me, I am using SonarQube V7.9.5

This is something related with how git is reading your repo.
first try cmd in you repository: git ls-tree -r HEAD

You can refer to Ann's answer :https://community.sonarsource.com/t/no-results-for-git-submodules/8464:
"""
Looking at the source of sonar-scm-git-plugin, I understand that actually it’s not strictly "adding exclusions based on project’s .gitignore", but instead it’s ignoring every file that’s not managed by the root repository.

You can verify this running git ls-tree -r HEAD in your git repo. The submodule’s files are not listed and basically this is what the Git Plugin 1.8 is doing.
"""