Azure DevOps SonarQube Task 7 : PKIX path building failed

SonarQube Server / Community Build
, ,
1

Hello ,
we are using SonarQube Enterprise Edition : 2025.1
Since Azure DevOps SonQube Task 6 was deprecated, we are trying to migrate to SonarQubeTask 7 after that we started encountered PKIX path building failed issues as shared below.
we have a Sonarqube server exposed in https which is perfectly working fine with SonarQube task version 6 , After migrated to Sonaruqbe Task 7 getting error as below

##[error]ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
	at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
	... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
2025-02-27T07:57:29.2436520Z ERROR: Error during SonarScanner execution
2025-02-27T07:57:29.2437270Z org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
2025-02-27T07:57:29.2438255Z 	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
2025-02-27T07:57:29.4082396Z 	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
2025-02-27T07:57:29.4083488Z 	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
2025-02-27T07:57:29.4084907Z 	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
2025-02-27T07:57:29.4086888Z 	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
2025-02-27T07:57:29.4087607Z 	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
2025-02-27T07:57:29.4088233Z 	at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
2025-02-27T07:57:29.4088866Z 	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
2025-02-27T07:57:29.4089476Z Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
2025-02-27T07:57:29.4090169Z 	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
2025-02-27T07:57:29.4090964Z 	at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
2025-02-27T07:57:29.4091706Z 	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
2025-02-27T07:57:29.4092426Z 	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
2025-02-27T07:57:29.4093214Z 	... 7 more
2025-02-27T07:57:29.4093954Z Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2025-02-27T07:57:29.4094847Z 	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
2025-02-27T07:57:29.4095485Z 	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2025-02-27T07:57:29.4096085Z 	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2025-02-27T07:57:29.4096715Z 	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
2025-02-27T07:57:29.4097432Z 	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
2025-02-27T07:57:29.4098217Z 	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
2025-02-27T07:57:29.4098974Z 	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
2025-02-27T07:57:29.4099680Z 	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
2025-02-27T07:57:29.4100330Z 	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2025-02-27T07:57:29.4101426Z 	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
2025-02-27T07:57:29.4102087Z 	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
2025-02-27T07:57:29.4102787Z 	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
2025-02-27T07:57:29.4103432Z 	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
2025-02-27T07:57:29.4104090Z 	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
2025-02-27T07:57:29.4104783Z 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2025-02-27T07:57:29.4105458Z 	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
2025-02-27T07:57:29.4107427Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
2025-02-27T07:57:29.4108672Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
2025-02-27T07:57:29.4109471Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
2025-02-27T07:57:29.4110163Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
2025-02-27T07:57:29.4110913Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
2025-02-27T07:57:29.4111664Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
2025-02-27T07:57:29.4112402Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
2025-02-27T07:57:29.4113180Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
2025-02-27T07:57:29.4114041Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
2025-02-27T07:57:29.4116662Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
2025-02-27T07:57:29.4117795Z 	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
2025-02-27T07:57:29.4127894Z ##[error]at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
	at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
	at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
	at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
	... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at java.base/sun.security.validator.Validator.validate(Unknown Source)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	... 45 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
	at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
	... 50 more

this document doesn’t clarify the point much. Managing client side TLS certificates | SonarQube Server Documentation

2

Hi there, @ramgrandhisila

There is a known incompatibility between previous versions of the Scanner for .NET and SQ Server 10.6+ when using custom certificates.

Can you try to point your task to the latest version of the scanner (10.0.0 as of now):

- task: SonarQubePrepare@7
  inputs:
    SonarQube: '<YourSonarqubeServerEndpoint>'
    scannerMode: 'dotnet'
    dotnetScannerVersion: ' 10.0.0.110776'
    projectKey: '<YourProjectKey>'

If your pipeline was working before, this should correct the problem. We are working on publishing an updated version of the Azure DevOps extension that will target this version by default.

Please let us know if this solve your problem. If it does not, we’ll look into it more deeply.

Denis

3

Thanks for @denis.troller your response,
I will add the version and verify. Can you tell us when do can expect the updated version of Azure Devops extension.

4

Unfortunately I do not have visibility on that subject yet, @ramgrandhisila.
As soon as it is update there will be an announcement post in this forum.

Denis

5

I tried adding the version getting the below error.
Starting: Prepare Code Analysis

Task : Prepare Analysis Configuration
Description : Prepare SonarQube Server analysis configuration
Version : 7.1.1
Author : sonarsource
Help : More Information

[INFO] SonarQube Server: Server version: 2025.1.0.102418
[INFO] SonarQube Server: Default branch of this repository is ‘refs/heads/Main’
[INFO] SonarQube Server: Downloading scanner from https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/10.0.0.110776/sonar-scanner-10.0.0.110776-net-framework.zip
Downloading: https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/10.0.0.110776/sonar-scanner-10.0.0.110776-net-framework.zip
##[error]read ECONNRESET
##[error][ERROR] SonarQube Server: Error while executing task Prepare: read ECONNRESET
##[error]read ECONNRESET
Finishing: Prepare Code Analysis