Dotnet SonarScanner for MSBuild begin error in Jenkins (agent dockerfile)

I try running sonarscanner for msbuild (SonarScanner for MSBuild 5.8.0.52797 - .NET 5.0) in Jenkins using agent dockerfile, but I got error in dotnet begin step.

Error:

+ dotnet /var/jenkins_home/tools/hudson.plugins.sonar.MsBuildSQRunnerInstallation/sonarScanner-MSbuild/SonarScanner.MSBuild.dll begin /k:ess-review-backend /n:ESS-Review/Backend /d:sonar.exclusions=**/*.html, **/*.cshtml, **/*.css, **/*.js, **/*.ts
SonarScanner for MSBuild 5.8
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
03:40:13.362  Updating build integration targets...
03:40:13.364  03:40:13.364  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/4.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/4.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.368  03:40:13.368  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/10.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/10.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/11.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/11.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/12.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/12.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/14.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/14.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/.local/share/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/.local/share/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.369  03:40:13.369  WARNING: Error occurred when installing the loader targets to '/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore/SonarQube.Integration.ImportBefore.targets'. 'Access to the path '/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore' is denied.'
03:40:13.417  Fetching analysis configuration settings...
03:40:13.54  Provisioning analyzer assemblies for cs...
03:40:13.541  Installing required Roslyn analyzers...
03:40:13.804  Provisioning analyzer assemblies for vbnet...
03:40:13.804  Installing required Roslyn analyzers...
03:40:13.827  Pre-processing succeeded.

Jenkinsfile:

stage ('build-dotnet') {
    environment {
      scannerHome = tool 'sonarScanner-MSbuild'
    }
    steps {
      withSonarQubeEnv(installationName: 'sq'){
        sh '''
          dotnet --info
          dotnet ${scannerHome}/SonarScanner.MSBuild.dll begin /k:"ess-review-backend" /n:"ESS-Review/Backend" /d:sonar.exclusions="**/*.html, **/*.cshtml, **/*.css, **/*.js, **/*.ts"
          dotnet publish WebService/WebService.csproj -c Release -r linux-x64 -o publish-x64
          dotnet pack -c Release WebService/WebService.csproj
          dotnet ${scannerHome}/SonarScanner.MSBuild.dll end
        '''
      }
   }
}

I’ve found the solution like this:

agent {
  dockerfile { 
    dir 'cicd' 
    args '-u root:sudo' //the solution
  }
}

But I don’t think it is the right solution. Any other solution?

Regards,
Denis

Based on your solution you may consider limiting the scope of the root:sudo. You might try:

  • run only the dotnet ${scannerHome}/SonarScanner.MSBuild.dll begin step in sudo mode
  • change the permission of the files that the begin step ties to change to be writeable by the user

The begin step needs to change those targets files to plug our analyzers into the build process.