Sonar cli scan failing with HashMismatchException

Must-share information (formatted with Markdown):

  • Using Developer Edition v2025.1.1 (104738) - MQR Mode and Sonarqube CLI version 7.1.0.4889
  • how is SonarQube deployed: using Helm
  • what are you trying to achieve: We are trying to scan a Nodejs project which uses npm package manager
  • what have you tried so far to achieve this: Tried with different versions of Sonar-cli. Tried restarting the sonar server also. The Scan is working when we did it for gradle/maven project.
$ /usr/local/bin/sonar-scanner/bin/sonar-scanner \ # collapsed multi-line command
12:40:21.748 INFO  Scanner configuration file: /usr/local/bin/sonar-scanner/conf/sonar-scanner.properties
12:40:21.753 INFO  Project root configuration file: NONE
12:40:21.765 INFO  SonarScanner CLI 7.1.0.4889
12:40:21.767 INFO  Java 17.0.13 Eclipse Adoptium (64-bit)
12:40:21.767 INFO  Linux 5.10.214-202.855.amzn2.x86_64 amd64
12:40:21.807 INFO  User cache: /builds/nodeproject/.sonar/cache
12:40:22.580 INFO  Communicating with SonarQube Server 2025.1.1.104738
12:40:22.581 INFO  JRE provisioning: os[linux], arch[x86_64]
12:40:24.459 WARN  Failed to get the scanner-engine, retrying...
12:40:24.523 INFO  EXECUTION FAILURE
12:40:24.524 INFO  Total time: 2.778s
12:40:24.524 ERROR Error during SonarScanner CLI execution
org.sonarsource.scanner.lib.internal.cache.HashMismatchException: INVALID HASH: File /builds/nodeproject/.sonar/cache/_tmp/fileCache7879708035362941570.tmp was expected to have hash 18e7603825ce6741327a1566f61ab7bd26d0ec578a1ac6eded7b25cf7ffc64cb but was downloaded with hash 379cbcd450bc1f45c569ef015544db9e48ab795d9e53aa2cf1ae68c820bdef0d
	at org.sonarsource.scanner.lib.internal.cache.FileCache.getOrDownload(FileCache.java:91)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.getScannerEngine(ScannerEngineLauncherFactory.java:67)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.getScannerEngine(ScannerEngineLauncherFactory.java:73)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:56)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.buildNewFacade(ScannerEngineBootstrapper.java:197)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrapServer(ScannerEngineBootstrapper.java:177)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:151)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:76)
	at org.sonarsource.scanner.cli.Main.main(Main.java:64)
12:40:24.525 ERROR 

Hi,

Welcome to the community!

Off-hand, I’d say there’s something “helpful” on your network munging the download. Can you talk to your network folks?

 
Ann

As this is working for gradle and maven scan through the respective plugin. But failing only for the CLI scans, I do not think it is due the file manipulations. And we are not doing that in our network.

Hi,

As this is working for Gradle and Maven scans through the respective plugins… it demonstrates that there’s nothing wrong with the artifact being downloaded.

 
Ann

Please help in resolving the sonar-cli issue. We need to Scan a JS project.

Hi,

While you wait to hear back from your network folks, you might want to try the SonarScanner for NPM.

 
HTH,
Ann