Can not add the same measure twice on blue-deployment.yml

SonarQube Server / Community Build
1

I have a CI/CD for a java project where I call sonarqube and analysis goes through successfuly until this morning. I added a yaml file in the project, very simple yaml, for the creation of pod in K8S, as soon as I ran the cicd pipeline I got

ERROR: Error during SonarScanner execution
java.lang.UnsupportedOperationException: Can not add the same measure twice on blue-deployment.yml: DefaultMeasure[component=blue-deployment.yml,metric=Metric[uuid=<null>,key=ncloc_data,description=<null>,type=DATA,direction=0,domain=<null>,name=ncloc_data,qualitative=false,userManaged=false,enabled=true,worstValue=<null>,bestValue=<null>,optimizedBestValue=false,hidden=false,deleteHistoricalData=false,decimalScale=<null>],value=1=1;2=1;3=1;4=1;5=1;6=1;7=1;8=1;9=1;10=1;11=1;12=1;13=1;14=1;15=1;16=1;17=1;18=1;19=1;20=1;21=1;22=1,fromCore=false,storage=org.sonar.scanner.sensor.DefaultSensorStorage@300b839c,saved=false]
	at org.sonar.scanner.sensor.DefaultSensorStorage.saveMeasure(DefaultSensorStorage.java:175)
	at org.sonar.scanner.sensor.DefaultSensorStorage.store(DefaultSensorStorage.java:135)
	at org.sonar.api.batch.sensor.measure.internal.DefaultMeasure.doSave(DefaultMeasure.java:96)
	at org.sonar.api.batch.sensor.internal.DefaultStorable.save(DefaultStorable.java:45)

Must-share information (formatted with Markdown):

  • versions SonarQube : 9.8
  • how is SonarQube deployed: on a fedora 37 VM

The call to sonarQube happens inside a jenkins pipeline as follows

stage('SonarQube Analysis') {
            steps {
                sh 'sonar-scanner \
                -Dsonar.host.url=http://192.168.100.11:9000 \
                -Dsonar.login=sqa_8f0.................6f88888ba \
                -Dsonar.projectKey=game-of-lifeonGitHub \
                -Dsonar.sources=. \
                -Dsonar.java.binaries=.'
            }
        }
2

Hi,

This error typically comes from an overlap in the definition of sonar.sources and sonar.tests. Can you check Project Settings → Background Tasks → [row cog menu] → Show Scanner Context and see if sonar.tests is defined (perhaps in a sonar-project.properties file)? A definition of sonar.sources=. is pretty broad and would automatically overlap anything defined for sonar.tests.

 
Ann

3

Hi Ann, I did visit the project settings, no sonar.tests item (I have disabled K8S plugin in the system to be able to run the analysis)

Scanner Context: game-of-lifeonGitHub [Project Analysis]
Plugins:
  - Dependency-Check 3.0.1 (dependencycheck)
  - jDepend 1.1.1 (jdepend)
  - detekt 2.5.0 (detekt)
  - Sonar WebDriver Plugin 1.0.5 (webdriver)
  - YAML Analyzer 1.7.0 (yaml)
Bundled analyzers:
  - Python Code Quality and Security 3.21.0.10628 (python)
  - Go Code Quality and Security 1.11.0.3905 (go)
  - JaCoCo 1.1.1.1157 (jacoco)
  - Kotlin Code Quality and Security 2.12.0.1956 (kotlin)
  - IaC Code Quality and Security 1.9.2.2279 (iac)
  - JavaScript/TypeScript/CSS Code Quality and Security 9.12.0.20319 (javascript)
  - Ruby Code Quality and Security 1.11.0.3905 (ruby)
  - Scala Code Quality and Security 1.11.0.3905 (sonarscala)
  - C# Code Quality and Security 8.50.0.58025 (csharp)
  - Java Code Quality and Security 7.15.0.30507 (java)
  - HTML Code Quality and Security 3.7.1.3306 (web)
  - Flex Code Quality and Security 2.8.0.3166 (flex)
  - XML Code Quality and Security 2.6.1.3686 (xml)
  - PHP Code Quality and Security 3.25.0.9077 (php)
  - Text file Code Quality and Security 1.2.0.510 (text)
  - VB.NET Code Quality and Security 8.50.0.58025 (vbnet)
  - Configuration detection fot Code Quality and Security 1.2.0.267 (config)
Global server settings:
  - email.from=blahblah@blahblah.net
  - email.fromName=blahblah@blahblah.net
  - sonar.core.id=9D6E76F7-AYVj4CA9Pg8SM2k-76FS
  - sonar.core.startTime=2023-04-20T09:14:06+0200
  - sonar.forceAuthentication=false
  - sonar.kubernetes.activate=false
  - sonar.lf.enableGravatar=true
  - sonar.plugins.risk.consent=ACCEPTED
  - sonar.projectCreation.mainBranchName=master
Project server settings:
Project scanner properties:
  - sonar.host.url=http://192.168.100.100:9000
  - sonar.java.binaries=.
  - sonar.login=******
  - sonar.projectBaseDir=/home/jenkins/workspace/blue-green-deployment
  - sonar.projectKey=game-of-lifeonGitHub
  - sonar.scanner.app=ScannerCLI
  - sonar.scanner.appVersion=4.8.0.2856
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.working.directory=/home/jenkins/workspace/blue-green-deployment/.scannerwork
4

Hi,

Thanks for including the full context!

Can you uninstall the YAML plugin & try again? I’m guessing that’s where the conflict is coming from.

 
Ann

5

Thanks Ann, I uninstalled the yaml, renabled K8S and analysis went through but in spite of the fact that I have 3 yaml K8S files I dont see any activity of analysis on those files? Where can we see what happened during analysis, what I mean what SQ analyzed?
Thanks again for your help

6

Hi,

Ah! Right. You’re on SonarQube 9.8. Upgrade to 9.9 (since you have to hit each intervening LTS version between your start point and your target version) and then to 10.0 and try again, please.

 
Ann

7

Hi @eliassal,

To follow up on your question during the webinar, if you are still running an old version of SonarQube, I invite you to upgrade to the most recent version and try again.

Chris

8

Thanks Christophe for the follow-up. I have already upgraded to 2025 1 week ago but did not have time to test. My question was is there still an overlap between yaml plugin and k8s?