Sensor Cache error

Hello !

We are using Azure DevOps and Sonar Cloud for analyse of our C++ code.

Since 10th january errors appear in our Sonar Analysis logs : (2 first lines below)

ERROR: Failed to prepare download of the sensor cache
[error]java.lang.IllegalStateException: Fail to request

It doesn’t fail the analysis but we would like that those errors don’t appear.

I had also a question on the Sensor Cache option; I saw that this option was enabled on our projetcts but I can’t find any documentation on how it works, what is the use etc

If this is a new option, I see that Default value should be false but we didn’t set it to true by ourself so I think that default is true.


Thank you for your help !

Best regards


Yes, the server cache for incremental analysis (technical name “Sensor cache”) is a new feature, that has been enabled for all projects.
Its goal is to speed up the pull request scans, so I suggest we dig together to understand why you are getting this error, and to fix it, so you can actually benefit from the performance improvements it brings.

I would then need

  • which CI do you use
  • The command you use to run the scan
  • The DEBUG logs produced by a scan (you can refer to the documentation of your scanner to know how to enable the DEBUG logs)

I suppose your project is private, I’ll send you a private message to get your organization and project keys, so I can dig into our internal logs.

On the side, I’m creating an internal ticket to fix the misleading default value of the property.

Best regards,

Hi @AlexJulita , thanks for providing the details so quickly!

The failure is caused by this error:

Caused by: PKIX path building failed: unable to find valid certification path to requested target

For performance reasons, this feature is targeting directly some AWS APIs, as visible in the URL in the logs:

If this first call succeeds, a second one is issued to an AWS S3 endpoint to download a cache file, looking like this:

(And at the end of the analysis, the same procedure will be repeated to upload a cache file).

To benefit from that feature, I think you need to include into your CI runner certificate store the root certificate used by Amazon. Here is a link to their CA certificates:

Is it something feasible?


Thank you for taking the time to analyse our case !

We use Azure Devops for CI and our pipelines run SonarCloud analysis in a generic way with tasks as prepare:

  • task: SonarCloudPrepare@1
    displayName: Prepare analysis on SonarCloud
    SonarCloud: XXX
    organization: XXX
    projectKey: ${{ parameters.projectKey }}
    projectName: ${{ parameters.projectName }}
    scannerMode: MSBuild
    extraProperties: |
    sonar.css.node= “C:\Program Files\nodejs”${{ parameters.BuildWrapperOutput }}
    sonar.cfamily.cache.path=${{ parameters.sonarCache }}
    sonar.log.level = TRACE

And then the run analysis and publish quality gate result :

  • task: SonarCloudAnalyze@1
    displayName: Run Code Analysis
  • task: SonarCloudPublish@1
    displayName: Publish Quality Gate Result


Following up on this issue, did you had a chance to give a try at my suggestion above?

Hello Claire !
Sorry for not updating the topics, I’ve tried to update the certificate on those machines thinking it would solve the issue but apparently it is not enought so i’ve opened a ticket on IT side so they can white list this…
I’ll keep you in touch !

On an other hand we are looking to stop using deprecated features as “sonar.cfamily.cache”

Best Regards

Thanks a lot for the update, I hope the white list will solve the issue!

Have a nice week-end,