Run SonarCloud Analysis through corporate proxy

Hi all,

I’m evaluating SonarCloud and try to run an analysis through a corporate proxy which fails:

I tried to use the Java default proxy settings using the CLI params:

 -Dhttp.proxyHost=proxy.corporate.it -Dhttp.proxyPort=8080 "-Dhttp.nonProxyHosts=localhost|*.corporate.it"

but without success.

From the stack trace I read, the sonar scanner uses OkHttp, for which the proxy settings have to be passed on client creation (see this StackOverflow response) and from the Source in GitHub, I see no proxy is used for creation of the http client.

So question is,

  • am I doing this right? I found no documentation regarding proxy
  • or is this a bug / missing feature

Full Stack trace

[ERROR] SonarQube server [https://sonarcloud.io] can not be reached
...
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.2:sonar (default-cli) on project example-project: Unable to execute SonarQube: Fail to download libraries from server: Connection reset -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.2:sonar (default-cli) on project example-project: Unable to execute SonarQube
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
	at org.codehaus.classworlds.Launcher.main(Launcher.java:47)
Caused by: org.apache.maven.plugin.MojoExecutionException: Unable to execute SonarQube
	at org.sonarsource.scanner.maven.bootstrap.ExceptionHandling.handle(ExceptionHandling.java:36)
	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:81)
	at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:112)
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
	... 21 more
Caused by: org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:60)
	... 24 more
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
	at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:93)
	at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
	... 31 more
Caused by: java.net.SocketException: Connection reset
	at java.net.SocketInputStream.read(SocketInputStream.java:210)
	at java.net.SocketInputStream.read(SocketInputStream.java:141)
	at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
	at sun.security.ssl.InputRecord.read(InputRecord.java:503)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Connection.connectTls(Connection.java:239)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Connection.connectSocket(Connection.java:201)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Connection.connect(Connection.java:172)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Connection.connectAndSetOwner(Connection.java:358)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:117)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Call.getResponse(Call.java:276)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:234)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Call.getResponseWithInterceptorChain(Call.java:196)
	at org.sonarsource.scanner.api.internal.shaded.okhttp.Call.execute(Call.java:79)
	at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:114)
	at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
	at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:78)
	... 34 more

Hi Gerald,

There is no need for us to pass proxy configuration to Okhttp since it will out of the box support properties http.proxyHost and http.proxyPort.

Since SonarCloud is hosted under https, maybe could you try to pass https.proxyHost and https.proxyPort properties.

1 Like

Ah yes, the https. properties did the trick, thanks!

And of course the corporate proxy intercepted the https connection and I got some certificate validation errors. But I could solve this by adding the proxy CA certificate to the java/jre cacerts file (just for information for anyone else stumbling over this)

Hi Gerald and Julien,

Could you please tell me where to add the proxy settings for sonarscanner, I mean in sonar-scanner.properties file or any other?

Because I am getting below error message for sonar-scanner to fetch the settings from sonarqube. My sonar-scanner is running on windows VM and sonarqube is running on docker container on another machine.

Failed to request and parse ‘https://test.sonarqube.com/api/server/version’: An error occurred while sending the request. A security error occurred

Thanks.

Hi Ravindra,

Those properties have to be set at the JVM level, it’s not directly related to the sonar scanner.

They are managed and understood by the network layer of the JVM:
https://docs.oracle.com/javase/8/docs/api/java/net/doc-files/net-properties.html#Proxies

So depending on your context (container, OS, …), you could set them for instance in an env variable, pass them as inline configuration, …

For instance you could use SONAR_SCANNER_OPTS : Error in Run Code Analysis with coporate proxy

Best.

Hi Olivier,

Thanks for your reply.

I tried passing my proxy configurations to SONAR_SCANNER_OPTS env variable on my sonar scanner instance, however I am still getting the same error message as mentioned above(Failed to request and parse). Below is the full error log snippet.

SonarScanner for MSBuild 4.6
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories…
15:46:27.847 Updating build integration targets…
15:46:27.925 Fetching analysis configuration settings…
15:46:28.068 Failed to request and parse ‘https://test.sonarqube.com/api/server/version’: An error occurred while sending the request. A security error occurred

Unhandled Exception: System.Net.WebException: An error occurred while sending the request. A security error occurred —> System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.Http.WinHttpException: A security error occurred

One more update is that my sonarqube container is running behind the Nginx reverse proxy.

Sonarqube version - 7.9 LTS version
Sonarscanner version - 3.0.3.778

Could you please suggest?

Hi Ravindra,

In fact it’s a SonarQ context and this thread is in the SonarCloud forum.

My colleague from SonarQ will take care of your issue.

But I would try to remove layers to understand if the network connectivity is ok.

So I would try to run SonarQ outside of the container and to activate the --debug option.

Best.

Hi Olivier,

Thanks for your reply.

I am sorry for raising my query in wrong context, I didn’t realize that.I will raise it now in SonarQ context to get it resolved.

Also I will try to see your suggestion about enabling the debug option and running sonarQ on host to check the network connectivity.

Thank you.