Gradle Plugin attempts to download from Bintray (broken as of 2021-11-09)

plugins {
   id "org.sonarqube" version "3.3"
}

repositories {
    mavenLocal()
    maven {
        credentials {
            username getProperty('NEXUS_USERNAME')
            password getProperty('NEXUS_PASSWORD')
        }
        url "${getProperty('NEXUS_URL')}/content/groups/public"
    }
    mavenCentral()
}

This will fail with

> Could not resolve org.sonarsource.scanner.api:sonar-scanner-api:2.16.1.361.
     Required by:
         project : > org.sonarqube:org.sonarqube.gradle.plugin:3.3 > org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.3
      > Could not resolve org.sonarsource.scanner.api:sonar-scanner-api:2.16.1.361.
         > Could not get resource 'https://plugins.gradle.org/m2/org/sonarsource/scanner/api/sonar-scanner-api/2.16.1.361/sonar-scanner-api-2.16.1.361.pom'.
            > Could not GET 'https://jcenter.bintray.com/org/sonarsource/scanner/api/sonar-scanner-api/2.16.1.361/sonar-scanner-api-2.16.1.361.pom'.
               > PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

I am also getting the same issue.

This was resolved on Bintray’s side, they restored the certificate.

However, Sonarqube should move their plugin away from BinTray.

I’m not 100% sure, but to me this look just “standard” Gradle behavior. It is looking for plugin dependencies on the plugin portal first:
https://plugins.gradle.org/m2/org/sonarsource/scanner/api/sonar-scanner-api/2.16.1.361/sonar-scanner-api-2.16.1.361.pom
then there is still probably a fallback to jcenter.
On my side the first URL returns correctly, so this is what should be investigated on your side @dmitriid :

Could not get resource 'https://plugins.gradle.org/m2/org/sonarsource/scanner/api/sonar-scanner-api/2.16.1.361/sonar-scanner-api-2.16.1.361.pom'.

On our side we are following Gradle best practices to deploy our plugin, so I don’t think there is anything we should do.