Bitbucket Pipelines - Is Node.js available during analysis? ERROR

SonarCloud
,
1

Setup:

  • Bitbucket Git Repository
  • Bitbucket Pipelines
  • Microsoft .NET Core 2.2 solution/project

I have a very simple web application (using the default Microsoft MVC template). I have hard-coded a password in the Program.cs file in an attempt to trigger a security vulnerability or code smell in SonarCloud.

I am using this topic page to get my bitbucket-pipelines.yml file setup: Bitbucket Pipe + SonarCloud + C#/.net core

I am getting the same error when the SonarScanner task runs.
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=509ms
ERROR: Error when running: 'node -v'. Is Node.js available during analysis? No CSS files will be analyzed.
org.sonarsource.nodejs.NodeCommandException: Error when running: 'node -v'. Is Node.js available during analysis?
INFO: Sensor ESLint-based SonarJS [javascript]
INFO: Sensor ESLint-based SonarJS [javascript] (done) | time=928ms
ERROR: Error when running: 'node -v'. Is Node.js available during analysis?
org.sonarsource.nodejs.NodeCommandException: Error when running: 'node -v'. Is Node.js available during analysis?

Below is the script portion.

apt-get update
apt-get install --yes --force-yes nodejs
apt-get install --yes --force-yes openjdk-8-jre
export PATH="$PATH:/root/.dotnet/tools"
dotnet tool install --global dotnet-sonarscanner
dotnet sonarscanner begin /k:"Trey-Gourley_sonarcloudtest" /d:"sonar.login=${SONAR_TOKEN}" /o:"trey-gourley-asc" /v:"${BITBUCKET_COMMIT}" /d:"sonar.host.url=https://sonarcloud.io"
dotnet build SonarCloudTest.sln
dotnet sonarscanner end /d:"sonar.login=$SONAR_TOKEN"

I added an install for node, but that didn’t seem to help.

3

Hi,

Is your node installation available globally ?

What happen if you add a node -v command line in your bitbucket yaml file ? Do you get the same error ?

Thanks.

4

Actually, no that doesn’t work. Fails on the “node -v” command.

After a quick search, I found that I needed to register the correct dependency. https://stackoverflow.com/a/44822491/2874556

curl -sL https://deb.nodesource.com/setup_8.x | bash -

Now everything runs as expected. BUT… it finds no errors. Which is not what I am wanting to find because I intentionally added a hard coded password string in my .NET apps Program.cs class. It actually appears that no files have scanned (though the logs appears to show that it scanned successfully.)

Log:
SonarScanner for MSBuild 4.7.1
Using the .NET Core version of the Scanner for MSBuild
Post-processing started.
Calling the SonarQube Scanner…
INFO: Scanner configuration file: /root/.dotnet/tools/.store/dotnet-sonarscanner/4.7.1/dotnet-sonarscanner/4.7.1/tools/netcoreapp2.1/any/sonar-scanner-4.1.0.1829/conf/sonar-scanner.properties
INFO: Project root configuration file: /opt/atlassian/pipelines/agent/build/.sonarqube/out/sonar-project.properties
INFO: SonarQube Scanner 4.1.0.1829
INFO: Java 1.8.0_222 Oracle Corporation (64-bit)
INFO: Linux 4.19.50-coreos-r1 amd64
INFO: Bitbucket Cloud Pipelines detected
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 8.0.0
INFO: Default locale: “en_US”, source code encoding: “US-ASCII” (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=572ms
INFO: Server id: 74E9293D-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=127ms
INFO: Load/download plugins (done) | time=19343ms
INFO: Loaded core extensions: developer-scanner
INFO: Detected project key ‘Trey-Gourley_sonarcloudtest’ from ‘Bitbucket Cloud Pipelines’
INFO: Detected organization key ‘trey-gourley-asc’ from ‘Bitbucket Cloud Pipelines’
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=27ms
INFO: Project key: Trey-Gourley_sonarcloudtest
INFO: Base dir: /opt/atlassian/pipelines/agent/build/SonarCloudTestWeb
INFO: Working dir: /opt/atlassian/pipelines/agent/build/.sonarqube/out/.sonar
INFO: Load project settings for component key: ‘Trey-Gourley_sonarcloudtest’
INFO: Load project settings for component key: ‘Trey-Gourley_sonarcloudtest’ (done) | time=148ms
INFO: Load project branches
INFO: Load project branches (done) | time=119ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=101ms
INFO: Load branch configuration
INFO: Detected analysis for branch ‘release/1.0.0’
INFO: Detected Bitbucket Pipelines
INFO: Auto-configuring branch release/1.0.0
INFO: Load branch configuration (done) | time=3ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=132ms
INFO: Detected Bitbucket Pipelines
INFO: Load active rules
INFO: Load active rules (done) | time=2980ms
INFO: Organization key: trey-gourley-asc
INFO: Branch name: release/1.0.0, type: short living
INFO: SCM collecting changed files in the branch
INFO: SCM collecting changed files in the branch (done) | time=87ms
INFO: Indexing files…
INFO: Project configuration:
INFO: Indexing files of module ‘SonarCloudTestWeb’
INFO: Base dir: /opt/atlassian/pipelines/agent/build/SonarCloudTestWeb
INFO: Source paths: Controllers/HomeController.cs, Models/ErrorViewModel.cs, Prog…
INFO: Indexing files of module ‘Trey-Gourley_sonarcloudtest’
INFO: Base dir: /opt/atlassian/pipelines/agent/build/SonarCloudTestWeb
INFO: 17 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for cs: Sonar way
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for web: Sonar way
INFO: ------------- Run sensors on module SonarCloudTestWeb
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=101ms
INFO: Sensor SonarCSS Metrics [cssfamily]
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=32ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=1024ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=4ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=80ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor SonarJS [javascript]
INFO: 1 source files to be analyzed
INFO: Sensor SonarJS [javascript] (done) | time=66ms
INFO: 1/1 source files have been analyzed
INFO: Sensor ESLint-based SonarJS [javascript]
INFO: 1 source files to be analyzed
INFO: Sensor ESLint-based SonarJS [javascript] (done) | time=1649ms
INFO: 1/1 source files have been analyzed
INFO: ------------- Run sensors on module Trey-Gourley_sonarcloudtest
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=0ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
INFO: Sensor C# [csharp]
INFO: Importing results from 5 proto files in ‘/opt/atlassian/pipelines/agent/build/.sonarqube/out/0/output-cs’
INFO: Importing 2 Roslyn reports
INFO: Sensor C# [csharp] (done) | time=230ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/.sonar/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/.sonar/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/.sonar/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.sonarqube/out/.sonar/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=10ms
INFO: 6 files had no CPD blocks
INFO: Calculating CPD for 7 files
INFO: CPD calculation finished
INFO: SCM writing changed lines
INFO: SCM writing changed lines (done) | time=3ms
INFO: Analysis report generated in 54ms, dir size=142 KB
INFO: Analysis report compressed in 20ms, zip size=33 KB
INFO: Analysis report uploaded in 199ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=Trey-Gourley_sonarcloudtest&branch=release%2F1.0.0&resolved=false
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AW1fl9psHPf2AgXxynXN
INFO: Analysis total time: 10.329 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 33.459s
INFO: Final Memory: 30M/98M
INFO: ------------------------------------------------------------------------
The SonarQube Scanner has finished
19:27:30.768 Post-processing succeeded.

5

So I was able to get the scan to work. For some reason it didn’t work right if I scanned a git branch and not the master. I use gitflow and scanned a release branch “release/1.0.0”. That showed it had scanned but didn’t scan any file. But as soon as that branch was merged into master, it scanned all the files and I did get a report that it scanned CSS, HTML, JS, and C# files.