Sensor Cache error

SonarCloud
1

Hello !

We are using Azure DevOps and Sonar Cloud for analyse of our C++ code.

Since 10th january errors appear in our Sonar Analysis logs : (2 first lines below)

ERROR: Failed to prepare download of the sensor cache
[error]java.lang.IllegalStateException: Fail to request https://ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com/current/v1/sensor_cache/prepare_read?organization=n

It doesn’t fail the analysis but we would like that those errors don’t appear.

I had also a question on the Sensor Cache option; I saw that this option was enabled on our projetcts but I can’t find any documentation on how it works, what is the use etc

If this is a new option, I see that Default value should be false but we didn’t set it to true by ourself so I think that default is true.

SensorCacheOption

Thank you for your help !

Best regards

5

Hi,

Yes, the server cache for incremental analysis (technical name “Sensor cache”) is a new feature, that has been enabled for all projects.
Its goal is to speed up the pull request scans, so I suggest we dig together to understand why you are getting this error, and to fix it, so you can actually benefit from the performance improvements it brings.

I would then need

  • which CI do you use
  • The command you use to run the scan
  • The DEBUG logs produced by a scan (you can refer to the documentation of your scanner to know how to enable the DEBUG logs)

I suppose your project is private, I’ll send you a private message to get your organization and project keys, so I can dig into our internal logs.

On the side, I’m creating an internal ticket to fix the misleading default value of the property.

Best regards,
Claire

7

Hi @AlexJulita , thanks for providing the details so quickly!

The failure is caused by this error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

For performance reasons, this feature is targeting directly some AWS APIs, as visible in the URL in the logs:

https://ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com/current/...

If this first call succeeds, a second one is issued to an AWS S3 endpoint to download a cache file, looking like this:

https://sc-cleancode-sensorcache-eu-central-1-prod.s3.eu-central-1.amazonaws.com/...

(And at the end of the analysis, the same procedure will be repeated to upload a cache file).

To benefit from that feature, I think you need to include into your CI runner certificate store the root certificate used by Amazon. Here is a link to their CA certificates:
https://www.amazontrust.com/repository/

Is it something feasible?

Claire

8

Thank you for taking the time to analyse our case !

We use Azure Devops for CI and our pipelines run SonarCloud analysis in a generic way with tasks as prepare:

  • task: SonarCloudPrepare@1
    displayName: Prepare analysis on SonarCloud
    inputs:
    SonarCloud: XXX
    organization: XXX
    projectKey: ${{ parameters.projectKey }}
    projectName: ${{ parameters.projectName }}
    scannerMode: MSBuild
    extraProperties: |
    sonar.host.url=https://sonarcloud.io
    sonar.verbose=true
    sonar.css.node= “C:\Program Files\nodejs”
    sonar.cfamily.build-wrapper-output=${{ parameters.BuildWrapperOutput }}
    sonar.cfamily.cache.enabled=true
    sonar.cfamily.cache.path=${{ parameters.sonarCache }}
    sonar.log.level = TRACE

And then the run analysis and publish quality gate result :

  • task: SonarCloudAnalyze@1
    displayName: Run Code Analysis
  • task: SonarCloudPublish@1
    displayName: Publish Quality Gate Result
9

Hi,

Following up on this issue, did you had a chance to give a try at my suggestion above?

10

Hello Claire !
Sorry for not updating the topics, I’ve tried to update the certificate on those machines thinking it would solve the issue but apparently it is not enought so i’ve opened a ticket on IT side so they can white list this…
I’ll keep you in touch !

On an other hand we are looking to stop using deprecated features as “sonar.cfamily.cache”

Best Regards

11

Thanks a lot for the update, I hope the white list will solve the issue!

Have a nice week-end,
Claire