Migration from 9.9 LTS to 25.10 issue: Rule kubernetes:S117 not found

Hi,

Currently running a self hosted Sonarqube 9.9.0.65466, I’m trying to migrate to Community 25.10. As mentioned in the update path, I’m trying to migrate to 24.12 first.

Sonar is deployed using Docker. Database is Postgres 15.12 in prod (15.14 on local tests).

What I’ve done:

  • change the setup to use the 24.12 binaries - Confirmed by logs INFO web[o.s.s.p.LogServerVersion] SonarQube Server / 24.12.0.100206
  • went through the manual DB migration using url `…/setup`. It appears to be ok according to the logs
  • After the migration, the server restarts, but gives me an error message when trying to load quality profiles:
INFO  web[][o.s.s.q.RegisterQualityGates] Sonar way legacy Gate uuid: a29bb1c8-7ec7-469b-8edf-a30f4fdee02f 
INFO  web[][o.s.s.q.b.BuiltInQProfileRepositoryImpl] Load quality profiles
WARN  web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1dbd16a6-org.sonar.server.qualityprofile.builtin.BuiltInQProfileLoader': Initialization of bean failed; nested exception is java.lang.IllegalStateException: Rule with key 'kubernetes:S117' not found 

I think this rule did not exist in 9.9 (and we never used it). My understanding is that it’s shipped as a core rule of Sonar, so it should work.

Is there something I missed ?

Thank you

Still struggling, but I keep searching:

The Kubernetes S117 rule is loaded from the IaC core extension, which seems to be loaded:

INFO  web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 10.3.0.106239 / d03cce2708b983694c343d86111fabaf9073721c
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Clean as You Code / 2.4.0.2018 / c2f7910f6ecac6faa73001eeac4bd79a2db98cd3
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Flex Code Quality and Security / 2.14.0.5032 / 005476cddc54a18b78eca55d10338702eb31e4b0
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Go Code Quality and Security / 1.18.0.240 / 09e16bcebbc987dadc860ccfd9de9fe00f8e59f4
INFO  web[][o.s.s.p.ServerPluginManager] Deploy HTML Code Quality and Security / 3.17.0.5548 / cad4bcc0d77f656688edf0fba51bce4339674dae
INFO  web[][o.s.s.p.ServerPluginManager] Deploy IaC Code Quality and Security / 1.39.0.13718 / null
INFO  web[][o.s.s.p.ServerPluginManager] Deploy JaCoCo / 1.3.0.1538 / 74a7798c7cea687c72ed9df40c93eb7ea2a58c49
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Java Advanced Code Quality Analyzer / 8.7.0.37452 / 7f648a979f612a412e1650b44e6ba7653985360f
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Java Code Quality and Security / 8.7.0.37452 / 7f648a979f612a412e1650b44e6ba7653985360f
INFO  web[][o.s.s.p.ServerPluginManager] Deploy JavaScript/TypeScript/CSS Code Quality and Security / 10.18.0.28572 / 4ad3e466134f67e43b366ac2ab2e64de3503bb00
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Kotlin Code Quality and Security / 2.21.0.5736 / fd8ef1923e353b073d9d61b79e1c4e1dfa9958db
INFO  web[][o.s.s.p.ServerPluginManager] Deploy PHP Code Quality and Security / 3.40.0.12590 / null
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Python Code Quality and Security / 4.24.0.18631 / 1c8f65d137298c0650e6718d4aac7a0e62086831
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Ruby Code Quality and Security / 1.18.0.234 / 1f01fec0f8f7f5dc1b81463c09c41099674e04c0
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Scala Code Quality and Security / 1.18.0.266 / 74ab5c801fc5876ffde218d96e74e87f43efee85
INFO  web[][o.s.s.p.ServerPluginManager] Deploy Text Code Quality and Security / 2.19.0.4883 / null
INFO  web[][o.s.s.p.ServerPluginManager] Deploy VB.NET Code Quality and Security / 10.3.0.106239 / d03cce2708b983694c343d86111fabaf9073721c
INFO  web[][o.s.s.p.ServerPluginManager] Deploy XML Code Quality and Security / 2.12.0.5749 / 67cf0668dd25562b98d230d08013e9f08861f79a


The null value in the seems to be the implementationBuild(not sure if it’s supposed to be null)

When searching the database rules tables, I only have 7 rules created by the kubernetes plugin:

Setting capabilities is security-sensitive                  ,S5849,,kubernetes
Exposing Docker sockets is security-sensitive               ,S6429,,kubernetes
Kubernetes parsing failure                                  ,S2260,,kubernetes
Allowing process privilege escalations is security-sensitive,S6430,,kubernetes
Using host operating system namespaces is security-sensitive,S6431,,kubernetes
Mounting sensitive file system paths is security-sensitive  ,S6433,,kubernetes
Running containers in privileged mode is security-sensitive ,S6428,,kubernetes

Hi,

Welcome to the community!

I looked up this rule on Next, which is our dogfooding instance. It shows that the rule has been “Available Since Jul 05, 2024”. Now, it would have shown up earlier on Next than in the released product (again, dogfooding) but this rule certainly should be part of 24.12.

I think the best thing to do here may be to restore your DB from backup and re-do your upgrade.

 
Ann

Hello,

I found the issue. It was a custom plugin. Updated it to use the correct plugin API version as well as some code refactor fixed the issue.

Thank you

1 Like