Problems with "plugin_risk_consent"

msymons · June 7, 2021, 10:33pm

On upgrading from SonarQube 8.6 EE to 8.9 LTS, I followed the upgrade instructions in documentation and manually deployed the one 3rd party plugin that we use.

Installation went great but then, after the database was migrated and project data updated, SonarQube unsucessfully tried to load a page that, are a long timeout, was:

/admin/plugin_risk_consent

Two problems:

The reason for the failure to load the page was that the redirection was to HTTP and not HTTPS. A defect? When I corrected the protocol the page loaded fine.
The page states “A plugin has been detected.” and forces me to accept the risk before proceeding.

I do not think that this is useful. If you want me to accept the risk then tell me what the plugin is. Also, tell me what to do if I do not want to accept the risk. Perhaps offer to remove the plugin for me?

Sylvain_Combe · June 9, 2021, 3:12pm

Hi @msymons
thanks for your report.
Indeed there are two points:

this wrong redirect may have highlighted some problem with your Server base URL configuration (Administration → General Settings → General). Can you confirm that your SonarQube instance is aware of its https URL there?
And I understand you second point, but I believe that it is fair from SonarSource to expect SonarQube administrators to know:
- where plugins can be listed (i.e in the marketplace) and how they can be uninstalled
- where to find SonarQube documentation if not the case
  Woudln’t you agree?