Setting to scan c# projects

jackal1 · April 15, 2025, 9:03pm

I’m trying to scan some C# projects after having everything in our CI builds setup for c++ projects which I have working successfully and uploading the scans to the sonar website.

The example in the Sonarqube project setup for a .NET framework project is something like this:

SonarScanner.MSBuild.exe begin
MsBuild <settings for building a .sln>
SonarScanner.MSBuild.exe end

The begin command seems to want me to add /d:sonar.scanner.truststorePassword even though the example didn’t say anything about that. Is that some byproduct of our configuration? The end command seems to want that password also. Seems odd to have to set some password like this. Is there a way to set it somewhere once and be done with it?

But most importantly is that the end command is failing:

INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.11 Eclipse Adoptium (64-bit)
INFO: Windows 11 10.0 amd64
INFO: SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="C:/Users/<username>/.sonar/ssl/truststore.p12" -D<sensitive data removed>
INFO: User cache: C:\Users\<username>\.sonar\cache
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
ERROR: SonarQube server [https://<our.sonar.url>] can not be reached
INFO: Total time: 0.774s
INFO: Final Memory: 2M/40M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution

Unable to execute SonarScanner analysis

Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I would have thought since the scanner was working for the c++ projects that I had everything setup correctly. What am I missing?

Thanks.

Jack

denis.troller · April 16, 2025, 2:44pm

Hi there, @jackal1, and welcome to the community!

Would yo mind sharing your (redacted) pipeline as well as the version of the Scanner your are using, so we can figure out what is going on?

Denis

jackal1 · April 16, 2025, 4:48pm

Thanks Denis!

Hopefully this is what you’re looking for:

PS C:\> sonar-scanner -v
07:53:30.075 INFO  Scanner configuration file: C:\BuildTools\SonarQube\sonar-scanner-cli-7.0.2.4839-windows-x64\bin\..\conf\sonar-scanner.properties
07:53:30.083 INFO  Project root configuration file: NONE
07:53:30.123 INFO  SonarScanner CLI 7.0.2.4839
07:53:30.127 INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
07:53:30.128 INFO  Windows 11 10.0 amd64

PS C:\<build-dir-path> SonarScanner.MSBuild.exe end /d:sonar.token="XXXX" /d:sonar.scanner.truststorePassword="sonar"
SonarScanner for MSBuild 10.1.1
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
09:42:48.01  Starting with Scanner for .NET v8 the way the `sonar.projectBaseDir` property is automatically detected has changed and this has an impact on the files that are analyzed and other properties that are resolved relative to it like `sonar.exclusions` and `sonar.test.exclusions`. If you would like to customize the behavior, please set the `sonar.projectBaseDir` property to point to a directory that contains all the source code you want to analyze. The path may be relative (to the directory from which the analysis was started) or absolute.
09:42:48.082  WARNING: File 'C:\build-dir-path>\<projectname>.snk' does not exist.
Calling the TFS Processor executable...
The TFS Processor has finished
Calling the SonarScanner CLI...
INFO: Scanner configuration file: C:\BuildTools\SonarQube\sonar-scanner-10.1.1.111189-net-framework\sonar-scanner-5.0.1.3006\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: C:\build-dir-path>\.sonarqube\out\sonar-project.properties
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.11 Eclipse Adoptium (64-bit)
INFO: Windows 11 10.0 amd64
INFO: SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="C:/Users/svc-PazLabPackageMgr/.sonar/ssl/truststore.p12" -D<sensitive data removed>
INFO: User cache: C:\Users\<username>\.sonar\cache
INFO: ------------------------------------------------------------------------
ERROR: SonarQube server [https://<sonarqube-url> can not be reached
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.946s
INFO: Final Memory: 2M/40M
ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
INFO: ------------------------------------------------------------------------
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
        at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
        at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
        ... 7 more
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
        at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
        at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
        at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
        at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
        ... 10 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
        at java.base/sun.security.validator.PKIXValidator.<init>(Unknown Source)
        at java.base/sun.security.validator.Validator.getInstance(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
        at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        ... 35 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
        at java.base/java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
        at java.base/java.security.cert.PKIXParameters.<init>(Unknown Source)
        at java.base/java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)
        ... 51 more
ERROR:
The SonarScanner did not complete successfully
09:42:50.197  Post-processing failed. Exit code: 1

denis.troller · April 17, 2025, 9:52am

Note: Please be careful when posting such things, you just disclosed a secret token. You should revoke this token and generate a new one.

I assume you are connecting to a SonarQube Server instance and do indeed need to use a truststore for you custom certificates? You did not show the begin step, so I cannot be sure…

Denis

jackal1 · April 17, 2025, 1:19pm

Ok. Thanks for removing that for me. I’ve just revoked and created a new token.

Here’s that begin stmt:

PS X:\> SonarScanner.MSBuild.exe begin /k:"<key>" /d:sonar.host.url="<sonar-url> /d:sonar.token="<token>" /v:"18.00.00" /d:sonar.scanner.truststorePassword="<pwd>"
SonarScanner for MSBuild 10.1.1
Using the .NET Framework version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
06:16:42.033  Updating build integration targets...
06:16:42.713  Using SonarQube v10.7.0.96327.
06:16:42.87  Fetching analysis configuration settings...
06:16:43.4  Provisioning analyzer assemblies for cs...
06:16:43.402  Installing required Roslyn analyzers...
06:16:43.404  Processing plugin: securitycsharpfrontend version 10.7.0.32997
06:16:43.417  Processing plugin: csharp version 9.32.0.97167
06:16:43.604  Provisioning analyzer assemblies for vbnet...
06:16:43.604  Installing required Roslyn analyzers...
06:16:43.605  Processing plugin: vbnet version 9.32.0.97167
06:16:43.631  Incremental PR analysis: Base branch parameter was not provided.
06:16:43.632  Cache data is empty. A full analysis will be performed.
06:16:43.692  WARNING: Multi-Language analysis is enabled. If this was not intended and you have issues such as hitting your LOC limit or analyzing unwanted files, please set "/d:sonar.scanner.scanAll=false" in the begin step.
06:16:43.704  Pre-processing succeeded.

Topic		Replies	Views
Not able to scan C# project SonarQube Server / Community Build dotnet , sonar-scanner	7	418	January 4, 2024
Not able to scan C# projects on SonarQube SonarQube Server / Community Build csharp , sonarqube , scanner , dotnet	3	771	June 23, 2022
SonarScanner for MSBuild Integration Failed on C# project SonarQube Server / Community Build csharp , sonarqube , scanner	1	3066	August 27, 2021
Facing issue on Scanning C# code for Classic .net project through SonarQube SonarQube Server / Community Build csharp , dotnet	7	1491	April 1, 2020
Not able to scan C# file using sonar scanner msbuild SonarQube Server / Community Build msbuild , scanner , sonarqube-cloud	4	890	December 13, 2021

Setting to scan c# projects

Related topics