Hello,
Version information:
Version Info: SonarQube - Data Center Edition - Version 9.6.1 (build 59531)
Bitbucket pipe: sonarsource/sonarqube-scan:1.1.0
Issue:
We’re running SonarQube and authenticating via SSO. We’re trying to scan a project as part of a Bitbucket pipeline, from a repo on bitbucket.org.
The SonarScan execution fails because it can’t parse the bootstrap index:
Caused by: java.lang.IllegalStateException: Fail to parse entry in bootstrap index: <!DOCTYPE html>
This is because the request to https://{SONAR_HOST}/batch/index returns the SSO login page, not the text with the .jar information. This is confirmed via the browser - if I browse to the /batch/index URL, I’ll first get the SSO login page, then once I authenticate I can see the expected text in the browser.
I also confirmed that through a series of cURL requests, it’s possible to follow the SAML authentication flow and subsequently send the request to the /batch/index endpoint, and receive the expected response. However, this requires the authentication cookies to be present on the request.
Question:
Given I have authenticated on the machine which is running the scanner, is there a way to provide the sonar-scanner-cli with the authentication information (cookies) which it can then use when making the request to /batch/index, and subsequent requests (I’m guessing it then needs to download the .jar, upload results, etc.).
Or, is there something else I can do to make requests to the SonarQube endpoint (maybe a proxy server which adds the auth cookies or something)?