Scanning Issues
Troubleshooting SonarQube analysis and scanning problems.
Sources Not Found
Symptoms
Error: No sources to analyze
Error: sonar.sources does not contain any source file
Causes
- Incorrect source path configuration
- Sources excluded by patterns
- Wrong project structure detection
Diagnosis
# Check current source configuration
cat sonar-project.properties | grep sonar.sources
# List actual source files
find . -name "*.ts" -o -name "*.js" | head -20
Solutions
Auto-Detect Sources
# In your AI assistant
Detect my project structure and configure sources
This runs sonar_project_discovery to analyze your project.
Manual Configuration
# In your AI assistant
Generate a SonarQube config with sources in "src" folder
Or create sonar-project.properties manually:
sonar.projectKey=my-project
sonar.sources=src
sonar.tests=tests,**/*.test.ts
sonar.exclusions=**/node_modules/**,**/dist/**
Common Source Patterns
| Project Type | Typical Sources |
|---|---|
| React/Next.js | src, app, pages |
| Node.js API | src, lib |
| Python | . or src |
| Java Maven | src/main/java |
| Go | . |
Analysis Takes Too Long
Symptoms
- Scan runs for 10+ minutes
- Eventually times out
- Progress stalls at certain percentage
Causes
- Large codebase
- Too many files included
- Missing exclusions
- Slow SonarQube server
Solutions
Add Exclusions
Exclude non-source files:
# In sonar-project.properties
sonar.exclusions=\
**/node_modules/**,\
**/dist/**,\
**/build/**,\
**/coverage/**,\
**/*.min.js,\
**/*.bundle.js,\
**/vendor/**
Or via tool call:
# In your AI assistant
Generate config excluding node_modules, dist, and build directories
Increase Timeouts
# For Codex (most prone to timeouts)
codex mcp add bob-the-fixer \
--env SCAN_TIMEOUT=1200000 \
...
Incremental Analysis
For subsequent scans, use autoSetup: false:
# In your AI assistant
Scan the project (use existing configuration)
This skips project setup and runs faster.
Check Server Resources
# Monitor SonarQube during scan
docker stats bobthefixer_sonarqube
# If CPU/memory maxed, increase Docker resources
No Issues Found
Symptoms
- Clean scan when issues obviously exist
- Zero bugs, zero code smells
- Coverage shows 0%
Causes
- Language plugins not installed
- Quality profile not assigned
- Files not recognized
- Rules disabled
Diagnosis
# In your AI assistant
Show me the project metrics
Check:
- Languages detected
- Files analyzed
- Rules applied
Solutions
Check Language Detection
# In your AI assistant
What languages are detected in this project?
If your language isn't detected:
- Check file extensions are standard (
.ts,.js,.py, etc.) - Verify language plugins in SonarQube UI → Administration → Marketplace
Verify Quality Profile
In SonarQube UI:
- Go to your project
- Project Settings → Quality Profiles
- Ensure a profile is assigned for your language
Check Rules
# In your AI assistant
What rules are enabled for this project?
If rules seem missing:
- SonarQube UI → Quality Profiles
- Check your language profile
- Ensure rules are activated
Coverage Not Detected
Symptoms
Coverage: 0%
No coverage information
Causes
- Coverage report not generated
- Report path not configured
- Wrong report format
Solutions
Generate Coverage First
Run your tests with coverage before scanning:
# JavaScript/TypeScript (Jest)
npm test -- --coverage
# Python (pytest)
pytest --cov=. --cov-report=xml
# Java (Maven)
mvn clean verify
Configure Report Path
# JavaScript/TypeScript
sonar.javascript.lcov.reportPaths=coverage/lcov.info
# Python
sonar.python.coverage.reportPaths=coverage.xml
# Java
sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
Or via tool:
# In your AI assistant
Generate config with coverage report at coverage/lcov.info
Verify Report Exists
# Check the report exists
ls -la coverage/lcov.info
# Verify it has content
head -20 coverage/lcov.info
Scan Fails Immediately
Symptoms
ERROR: Error during SonarScanner execution
Analysis failed
Common Causes & Fixes
Java Version Issues
# Check Java version
java -version
# SonarQube requires Java 17+
# Install if needed:
brew install openjdk@17 # macOS
sudo apt install openjdk-17-jdk # Ubuntu
Scanner Not Found
# The installer includes sonar-scanner
# Verify it exists:
ls /path/to/bob-the-fixer/bin/sonar-scanner
# Or use npx
npx sonar-scanner --version
Invalid Project Key
Error: "my project" is not a valid project key
Project keys must:
- Start with a letter
- Contain only letters, numbers,
-,_,.,: - No spaces
# Valid
my-project
my_project_123
# Invalid
my project
My Project!
Duplicate Analysis
Symptoms
- Same issues reported multiple times
- Issue count keeps growing
- Analysis seems to run on old code
Solutions
Clean Analysis
# In your AI assistant
Delete the current project and set up fresh
This uses sonar_delete_project and sonar_auto_setup.
Check for Multiple Configs
# Look for duplicate config files
find . -name "sonar-project.properties" -o -name "bobthefixer.env"
# Remove duplicates, keep only root-level config
Multi-Module Projects
Symptoms
- Only some modules scanned
- Module not found errors
- Inconsistent results
Solutions
Configure Modules
# In your AI assistant
Generate config for our monorepo with frontend and backend modules
Example multi-module config:
sonar.projectKey=my-monorepo
sonar.modules=frontend,backend
frontend.sonar.projectBaseDir=packages/frontend
frontend.sonar.sources=src
backend.sonar.projectBaseDir=packages/backend
backend.sonar.sources=src
Scan Individual Modules
For large monorepos, scan modules separately:
# In your AI assistant
Scan only the frontend package
Debugging Scans
Enable Verbose Output
# In your AI assistant
Scan the project with debug logging enabled
View Scanner Logs
# Recent scan log
cat .scannerwork/scanner-report/analysis-log.txt
# Or in SonarQube UI
# Project → Activity → Most recent analysis → Show details
Common Log Messages
| Message | Meaning | Action |
|---|---|---|
| "X files indexed" | Files found | Check if count is reasonable |
| "0 files indexed" | No files found | Check source paths |
| "Language not installed" | Missing plugin | Install in SonarQube |
| "Out of memory" | Heap exhausted | Increase scanner memory |
Next Steps
After resolving scanning issues:
- Run a fresh scan to verify
- Check Quality Gates pass
- Start fixing issues
If problems persist, see Connection Issues to verify SonarQube connectivity.