Error message jgit io operation (10.6.0)

SonarQube Server / Community Build
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 10.6.0
    SonarScanner CLI 6.0.0.4432
  • how is SonarQube deployed: zip, Docker, Helm
    Docker
  • what are you trying to achieve
    Having a scan without errors
  • what have you tried so far to achieve this
    Nothing

Hi, with SonarQube 10.6.0, we get the following error message:

12:39:01.645 INFO  Using JGit to retrieve untracked files
12:39:04.960 ERROR Cannot save config file 'FileBasedConfig[/home/scanner-cli/.config/jgit/config]'
java.io.IOException: Creating directories for /home/scanner-cli/.config/jgit failed
    at org.eclipse.jgit.util.FileUtils.mkdirs(FileUtils.java:421)
    at org.eclipse.jgit.internal.storage.file.LockFile.lock(LockFile.java:144)
    at org.eclipse.jgit.storage.file.FileBasedConfig.save(FileBasedConfig.java:201)
    at org.eclipse.jgit.util.FS$FileStoreAttributes.saveToConfig(FS.java:776)
    at org.eclipse.jgit.util.FS$FileStoreAttributes.lambda$5(FS.java:458)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)

Due to some other problems there is no home dir inside the docker container for the scanner. Until now this never was a problem.

Can we safely ignore this message? If not - how can we configure a custom directory to save the config file for jgit?

1 Like
4

Hello @pst,

thanks for reporting the error!

Looking at the logs you posted, I have two questions that would help us improve the analyzer.

  • Are the logs you posted complete? I would have expected a message starting with WARN Unable to retrieve git status as the second line here.
  • Is the analysis of the TextAndSecretsSensor still able to finish successfully? In theory this error shouldn’t prevent a successful secrets analysis.

Now to the solution of your problem:
Looking at the failing error message, I see that the library jGit we’re using is not able to create the directories it needs to store its configuration.
Unfortunately, jGit doesn’t provide a good way to customize the config directory on our side.

Still, there are a couple of things you can do in order to resolve the issue.
The location of the jGit Configuration is based on the environment variable XDG_CONFIG_HOME, which will default to $HOME/.config.
If you set it to a different location that exists on your system, jGit should be able to save its configuration and the error is resolved.

Another solution is to install git on the system you’re scanning with. This way, our analyzer would not fall back on using jGit.

For some additional context:

The feature that is failing on your side is trying to analyze additional files, based on the sonar.text.inclusions value, which defaults to **/*.sh,**/*.bash,**/*.zsh,**/*.ksh,**/*.ps1,**/*.properties," + "**/*.conf,**/*.pem,**/*.config,.env,.aws/config.
We analyze only files that are tracked by git in order to ignore generated files.
As a first step, we’re trying to use the git cli if we find it on the system you’re scanning with.
If it is not found, we fall back on using the jGit library.

I would be happy to hear if this solution resolves your error message.

Best,
Jonas

3 Likes
6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.