Gradle Scanner 6.x breaks JVM HTTP Proxy config and Windows OS Truststore support

Hello,

we are runing SonarQube Server Developer Edition v2025.1.2 (108896).

Since upgrading die Gradle Scanner Plugin to > 6 (6.1.0.5360, 6.2.0.5505) several things are broken that previously worked with v5 ( 5.1.0.4882).

We are setting the JVM truststore and proxy settings via <userhome>/gradle.properties

systemProp.javax.net.ssl.trustStore=C:/Windows/win.ini
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT

systemProp.http.proxyHost=<proxy>
systemProp.http.proxyPort=8080
systemProp.https.proxyHost=<proxy>
systemProp.https.proxyPort=8080

When the truststore is initialized it failes with the following error:

Execution failed for task ':sonar'.
> nl.altindag.ssl.exception.GenericKeyStoreException: Unable to read truststore from 'C:\Windows\win.ini'

* Try:
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.

* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':sonar'.
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.lambda$executeIfValid$1(ExecuteActionsTaskExecuter.java:130)
        at org.gradle.internal.Try$Failure.ifSuccessfulOrElse(Try.java:293)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:128)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:116)
        at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
        ...
Caused by: org.sonarqube.gradle.AnalysisException: nl.altindag.ssl.exception.GenericKeyStoreException: Unable to read truststore from 'C:\Windows\win.ini'
        at org.sonarqube.gradle.SonarTask.run(SonarTask.java:148)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        ...
Caused by: nl.altindag.ssl.exception.GenericKeyStoreException: Unable to read truststore from 'C:\Windows\win.ini'
        at org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory.configureSsl(OkHttpClientFactory.java:146)
        at org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory.create(OkHttpClientFactory.java:80)
        at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.init(ScannerHttpClient.java:52)
        at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:147)
        at org.sonarqube.gradle.SonarTask.run(SonarTask.java:134)
        ... 120 more
Caused by: java.security.KeyStoreException: Uninitialized keystore
        at org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory.configureSsl(OkHttpClientFactory.java:144)
        ... 124 more

This can be worked around using a regular JKS-Truststore, nevertheless it represent a regression from previous functionality.

However, when the truststore issue is worked around, the next problem hits - the proxy settings are ignored, leading to connection failure:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.scanner.bootstrap.GlobalServerSettings]: Factory method 'provide' threw exception with message: Fail to request url: <our sonar server>/api/settings/values.protobuf
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:199)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiateWithFactoryMethod(SimpleInstantiationStrategy.java:88)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:168)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
        ... 75 common frames omitted
Caused by: java.lang.IllegalStateException: Fail to request url: <our sonar server>/api/settings/values.protobuf
        at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:217)
        at org.sonarqube.ws.client.HttpConnector.executeRequest(HttpConnector.java:132)
        at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:118)
        at org.sonar.scanner.http.DefaultScannerWsClient.call(DefaultScannerWsClient.java:87)
        at org.sonar.scanner.repository.settings.AbstractSettingsLoader.load(AbstractSettingsLoader.java:60)
        at org.sonar.scanner.repository.settings.DefaultGlobalSettingsLoader.loadGlobalSettings(DefaultGlobalSettingsLoader.java:35)
        at org.sonar.scanner.bootstrap.GlobalServerSettingsProvider.provide(GlobalServerSettingsProvider.java:35)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:171)
        ... 78 common frames omitted
Caused by: java.net.UnknownHostException: Der angegebene Host ist unbekannt (<our sonar server>)
        at java.base/java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
        at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(Unknown Source)
        at java.base/java.net.InetAddress.getAddressesFromNameService(Unknown Source)
        at java.base/java.net.InetAddress$NameServiceAddresses.get(Unknown Source)
        at java.base/java.net.InetAddress.getAllByName0(Unknown Source)
        at java.base/java.net.InetAddress.getAllByName(Unknown Source)
        at java.base/java.net.InetAddress.getAllByName(Unknown Source)
        at okhttp3.Dns$Companion$DnsSystem.lookup(Dns.kt:49)
        at okhttp3.internal.connection.RouteSelector.resetNextInetSocketAddress(RouteSelector.kt:169)
        at okhttp3.internal.connection.RouteSelector.nextProxy(RouteSelector.kt:131)
        at okhttp3.internal.connection.RouteSelector.next(RouteSelector.kt:73)
        ...
        at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
        at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:215)
        ... 89 common frames omitted


> Task :sonar FAILED

What can be done to configure the OS truststore and proxy settings with Gradle Scanner >6 ?

Hi @lkoe,

The Gradle plugin for running SonarQube analysis does not support some system properties anymore. Now, the proxy configuration should be done using “sonar. …” dedicated properties. For example:

Proxy

• http.proxyHost → sonar.scanner.proxyHost
• http.proxyPort → sonar.scanner.proxyPort
• http.proxyUser → sonar.scanner.proxyUser
• http.proxyPassword → sonar.scanner.proxyPassword

See Analysis Parameters / Proxy

Truststore

• sonar.scanner.truststorePath
• sonar.scanner.truststorePassword
• sonar.scanner.keystorePath
• sonar.scanner.keystorePassword

See Analysis Parameters / TLS

Hi Alban, thank you so much for this answer! It took me ages to figure this out. Could you please include such changes in the GitHub release notes? Or is there some other changelog, I couldn’t find any?

Hi Winfried,

I’ve reviewed our release notes and agree that, from a scanner user’s perspective, they aren’t very useful or actionable. They currently only list technical tasks from Jira without mentioning user impacts and the breaking changes.

I’ll discuss this with the other maintainers to ensure we generate release notes that are more helpful for our users in the future.

Thanks for your feedback.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.