Fail to manually install sonar-security-plugin-7.9.0.5105.jar in 7.9.3

Hi Julien,

we faced one plugin issue “sonar-security-plugin-7.9.0.5105.jar” if we use this plugin the application is not started, after removing this plugin application is up and running
these are the logs:

2020.06.04 08:45:04 DEBUG web[][o.s.p.p.PythonProfile] com.sonar.plugins.security.api.PythonRules is not found, no security rules added to Sonar way Python profile: com.sonar.plugins.security.api.PythonRules
2020.06.04 08:45:05 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
java.lang.IllegalStateException: Rule with key 'phpsecurity:S5146' not found
        at com.google.common.base.Preconditions.checkState(Preconditions.java:197)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.lambda$updateOrCreateBuilder$6(BuiltInQProfileRepositoryImpl.java:200)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
        at java.base/java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1085)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.updateOrCreateBuilder(BuiltInQProfileRepositoryImpl.java:197)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.lambda$toQualityProfileBuilders$5(BuiltInQProfileRepositoryImpl.java:176)
        at java.base/java.util.HashMap.compute(HashMap.java:1228)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.toQualityProfileBuilders(BuiltInQProfileRepositoryImpl.java:174)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.lambda$toFlatList$2(BuiltInQProfileRepositoryImpl.java:132)
        at org.sonar.core.util.stream.MoreCollectors.lambda$uniqueIndex$9(MoreCollectors.java:258)
        at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
        at java.base/java.util.HashMap$EntrySpliterator.forEachRemaining(HashMap.java:1746)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.toFlatList(BuiltInQProfileRepositoryImpl.java:130)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.initialize(BuiltInQProfileRepositoryImpl.java:84)
        at org.sonar.server.qualityprofile.BuiltInQProfileLoader.start(BuiltInQProfileLoader.java:37)
        at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
        at org.picocontainer.behaviors.Stored.start(Stored.java:110)
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
                                                                                                   at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.toFlatList(BuiltInQProfileRepositoryImpl.java:130)
        at org.sonar.server.qualityprofile.BuiltInQProfileRepositoryImpl.initialize(BuiltInQProfileRepositoryImpl.java:84)
        at org.sonar.server.qualityprofile.BuiltInQProfileLoader.start(BuiltInQProfileLoader.java:37)
        at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
        at org.picocontainer.behaviors.Stored.start(Stored.java:110)
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:47)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:83)
        at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:80)
        at org.sonar.server.platform.Platform.executeStartupTasks(Platform.java:196)
        at org.sonar.server.platform.Platform.access$400(Platform.java:46)
        at org.sonar.server.platform.Platform$1.lambda$doRun$1(Platform.java:121)
        at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371)
        at org.sonar.server.platform.Platform$1.doRun(Platform.java:121)
        at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355)
        at java.base/java.lang.Thread.run(Thread.java:834)

please check once,

Thanks,
santhosh.k

Hi santhosh,

There’s no need to manually install sonar-security-plugin and there’s a need not to install one with a version number that doesn’t match the server. This comes bundled in the commercial editions, so just expand the zip & start 'er up!

 
HTH,
Ann