how is SonarQube deployed: sonar-scanner installed in local environment
what are you trying to achieve: scanning with pre-installed scanner
what have you tried so far to achieve this: use customScanner
When using customScanner (utilizing a pre-installed sonar-scanner), the local scanner detection does not work. Instead of finding the local installation, sonar-scanner-npm finds the script with similar name in folder node_modules/.bin/. As a result, the scan is run twice, and the nested run always downloads the scanner instead of using the local installation.
Sure. Unfortunately I don’t have the logs available at this time, but I try to clarify. The problem occurs when using sonarqube-scanner npm module to execute the scan (see link above).
Sonarqube-scanner has a ”custom scan” feature. When using this custom scan feature, the scan should not download scanner binary. Instead, the logic should utilize the scanner binary that is already preinstalled in the environment, and found in the path.
However, when using the custom scan feature, the logic is unable to detect the local installation correctly. It tries to search ”sonar-scanner” named binary. As a script called ”sonar-scanner” is found in folder node_modules/.bin, it calls that script and ends up calling the npm wrapper script again instead of actual scanner binary.
The nested call to the wrapper script downloads the binary instead of using the local installation. Hence, the local binary is never called, and the scanner binary is always downloaded.
Hello @lauravuo ,
It sounds like the custom scanner is having trouble locating the pre-installed sonar-scanner/bin.
Can you verify that the pre-installed sonar-scanner is properly added to your $PATH env variable?
Thanks for your reply. But this is not the case. The scanner binary is in my path and works ok. But your wrapper is unable to find it as it first searches for the folder node_modules/.bin and finds the wrapper’s scanner-script there. And ends up running the wrapper twice, as I explain above.
If I rename the script node_modules/.bin/sonar-scanner to something else, everything works as expected.
I believe that you have the sonarqube-scanner both installed globally and as a project dependency. If that’s the case just uninstall the global version and rely on the project version
npm uninstall -g sonarqube-scanner
Could you check the output of which sonar-scanner
if installed globally it will output something like
which sonar-scanner
/Users/***/.nvm/versions/node/v20.11.1/bin/sonar-scanner
And this won’t work with the customScanner
If you only have a pre-installed sonar-scanner, for example, sonar-scanner-5.0.1.3006-macosx stored in $PATH, when running the customScanner as a project dependency you will see something like:
V4
[INFO] Bootstrapper: Retrieving info from "package.json" file
[INFO] Bootstrapper: Platform: darwin arm64
[INFO] Bootstrapper: Server URL: http://localhost:9000
[INFO] Bootstrapper: Version: 4.0.1
[INFO] Bootstrapper: SonarQube server version: 10.5.0
[INFO] Bootstrapper: JRE provisioning is NOT supported
[INFO] Bootstrapper: Falling back on using sonar-scanner-cli
[INFO] Bootstrapper: Local scanner is requested, will not download sonar-scanner-cli
[INFO] Bootstrapper: Trying to find sonar-scanner
[INFO] Bootstrapper: Starting analysis
INFO: Scanner configuration file: /Users/***/Documents/sonar-scanner-5.0.1.3006-macosx/conf/sonar-scanner.properties
INFO: Project root configuration file: /Users/***/Documents/react-demo/sonar-project.properties
INFO: SonarScanner 5.0.1.3006
...
...
V3.5.0
[22:55:42] Starting analysis...
[22:55:42] Trying to find a local install of the SonarScanner: sonar-scanner
[22:55:42] Local install of Sonarscanner found.
INFO: Scanner configuration file: /Users/***/Documents/sonar-scanner-5.0.1.3006-macosx/conf/sonar-scanner.properties
INFO: Project root configuration file: /Users/***/Documents/react-demo/sonar-project.properties
22:55:43.360 INFO: SonarScanner 5.0.1.3006
...
...
