I am trying to use SonarQube’s Maven plugin in Jenkins connecting to SonarQube 8.7 Enterprise. I am getting the following error:
mvn sonar:sonar \
-Dmaven.repo.local=${env.WORKSPACE}/.m2/repository \
-Dsonar.projectKey=${project}
...
User cache: /var/lib/jenkins-slave/.sonar/cache
ERROR SonarQube server https://sonarserver.domain can not be reached
INFO ------------------------------------------------------------------------
INFO BUILD FAILURE
INFO ------------------------------------------------------------------------
INFO Total time: 7.333 s
INFO Finished at: 2021-04-06T16:05:38-04:00
INFO ------------------------------------------------------------------------
ERROR Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar (default-cli) on project java_project: Unable to execute SonarScanner analysis: Fail to get bootstrap index from server: Received fatal alert: protocol_version -> [Help 1]
ERROR
ERROR To see the full stack trace of the errors, re-run Maven with the -e switch.
ERROR Re-run Maven using the -X switch to enable full debug logging.
ERROR
ERROR For more information about the errors and possible solutions, please read the following articles:
ERROR [Help 1]ehttp://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
I’m not sure where to start with error “protocol_version”? As far as I can tell it’s downloading the latest maven plugin version. Do I need to set something on the SonarQube server?
EDIT: I have since updated the server to 8.8 Enterprise and I still receive the same error.
This isn’t a problem with the Maven plugin, it’s simply unable to fully connect to the remote sonarqube server. I assume that your service url is NOT “https://sonarserver.domain”? That sounds like an unlikely url. You have some sort of connectivity issue between your build server and the sonarqube server.
It appears to be an issue with the JVM running the scanner and your SonarQube server completing the SSL handshake. There can be a number of reasons for this, but it typically boils down to an incorrect TLS version being used. The correct versions would be set by the reverse proxy sitting in front of your SonarQube server (and serving it over HTTPS).
Take, for example, an NGINX configuration of:
ssl_protocols TLSv1.2 TLSv1.3;
You can do some deeper debugging by adding the environment variable MAVEN_OPTS set to -Djavax.net.debug=all
Some example output (from what is, truth be told, very verbose output)
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
....
*** ClientHello, TLSv1
Out of curiosity, what version/flavor of Java are you using to execute maven / the analysis?
Ah that was it! It seems Maven does not support TLSv1.3, only v1.2. Wish it would say something more verbose like “tls_protocol_version”, but that’s Maven’s problem.
I am using the bundled JVM that comes with the Linux install of sonar-scanner:
Downloads/sonar-scanner-4.6.0.2311-linux/jre/bin/java -version
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.3+7)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.3+7, mixed mode)
If you are running mvn sonar:sonar the version of Java being used should be the one that starts Maven (it will also be in your analysis logs) rather than what’s bundled in the SonarQube Scanner CLI, and the issue is really with the JVM (rather than maven or the scanner) but it seems that anyways you resolved your issue
I set JAVA_HOME to the home directory of the sonar-scanner JVM for running Maven. When we run things with different versions of Java, it ensures the mvn sonar-scanner plugin has a compatible version. For anyone else wondering how to do this in Jenkins:
def scannerHome = tool 'SonarScanner 4' # You can name your scanner whatever in Jenkins
sh """
JAVA_HOME=${scannerHome}/jre
mvn sonar:sonar \
...
"""
