Sonar Cloud is failing on code analysis for .Net MVC project on Azure CI/CD pipeline

Code Analysis was working fine by 22nd Feb 2023 and without making any changes either to the CICD pipeline or to Sonar Project, it is continuously failing from 2nd March 2023. Some details are as follows and the error log file is also attached.

• ALM used: Azure DevOps
• CI system used: Azure DevOps
• Languages of the repository: C#, .cshtml, CSS, HTML, TypeScript
• Error: java.lang.StackOverflowError ##[error]at com.sonar.security.E.D.A.H.B(na:745) at com.sonar.security.E.D.D.Q.B(na:527) ##[debug]Processed: ##vso[task.logissue type=error;]at com.sonar.security.E.D.A.H.B(na:745)%0D%0A at com.sonar.security.E.D.D.Q.B(na:527) at com.sonar.security.E.D.A.H.B(na:745) at com.sonar.security.E.D.D.Q.B(na:527)

SonarClud_Logs.txt (290.6 KB)

This is a critical issue for us. Is there any update on this, please?

Hello @vwelt !

We had a look at this and do not yet know why this is happening.

In order to help us help you, could you provide us with the scannerwork files generated during analysis? These are the files that, according to your logs, are in the folder D:\a\1\.sonarqube\out.

Hey @vwelt , we would like to look into your issue. In order for us to be able to investigate, the files that I mentioned in the previous post would be extremely helpful! If you have any issues retrieving those files, please let us know and we are happy to provide help and assistance.

You may also want to share the files in a private message so that you do not have to share them publicly. I will reach out to you privately on this forum.

Hey Malte ,
Thanks for looking into it.
I am struggling to find this log file as I am not sure where this location exists. I am running a build on Azure DevOps so not sure where is this D: drive. Please help me to find this.

Hey @vwelt ,

indeed, this can be tricky if you are running in an Azure pipeline. I recently shared a possible workaround with you in a private message about how you can run that scan locally rather than in an Azure pipeline to circumvent this problem. Did you try to do that? Just in case, I will copy&paste the relevant part of that private message.

If this is an Azure pipeline, I assume that this build runs on a virtual machine somewhere in your organization’s own infrastructure. You may have to contact your Release Engineering / Infrastructure Team so that they can help you access files on this virtual machine.

A simpler alternative might be to run the analysis locally rather than in a CI pipeline. I assume you can also build your project locally, and then you are almost there. You can invoke the scanner at build time on your local machine as explained here: SonarScanner for .NET

As a consequence of running the scanner locally, the scannerwork files will also be dumped into a local directory on your filesystem.

Let me know if you had troubles trying to run the scan locally. If yes, can you share where you got stuck so we can help with that?

Hi Malte , I just tried to run the project locally, there are three steps to run the sonarcloud report. The first 2 steps are completed successfully but I am getting the error while running the third step.
These are the 3 steps that I have followed to generate the report:

1. C:/sonar/SonarScanner.MSBuild.exe begin /k:“Energyhub” /d:sonar.host.url=“http://localhost:9000” /d:sonar.login=“sqp_529951e7698648aa3dbec6d6af238e3e443c3ce3”

2. “C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/MSBuild/Current/Bin/MsBuild.exe” “Energy Optimiser.sln” /t:Rebuild

3. C:/sonar/SonarScanner.MSBuild.exe end /d:sonar.login=“sqp_529951e7698648aa3dbec6d6af238e3e443c3ce3”

I am getting this error on the third step:

ERROR: Error during SonarScanner execution
java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 53.0
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1007)
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
at java.base/java.net.URLClassLoader.defineClass(URLClassLoader.java:545)
at java.base/java.net.URLClassLoader.access$100(URLClassLoader.java:83)
at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:453)
at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:447)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:446)
at org.sonarsource.scanner.api.internal.IsolatedClassloader.loadClass(IsolatedClassloader.java:82)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496)
at org.sonarsource.scanner.api.internal.batch.DefaultBatchFactory.createBatch(DefaultBatchFactory.java:32)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
at org.sonarsource.scanner.cli.Main.main(Main.java:62)
ERROR:
The SonarScanner did not complete successfully
12:50:14.767 Post-processing failed. Exit code: 1

Please take a look and help me to run this report.

Thanks!

out.zip (83.7 KB)
here is the file you asked for, can you please take a look.

Thanks!

Hi Malte, Is there any update on the above issue?

Hey @Ashish_Rajput ,

I had a quick look at the scannerwork folder you provided but, unfortunately, it does not look right: Looking at it, it does not appear that the analysis that generated this folder triggered the StackOverflowError that you saw. I would assume that:

1. The local analysis was not setup completely correctly.
2. Thus, no full analysis was performed and the StackOverflow error was not thrown.
3. Thus, the folder you provided is essentially (as good as) empty.

What we would need to further investigate this issue is the folder generated by an analysis that did throw this StackOverflow error.

The way I can tell this is because the original log posted by @vwelt contains this line:

Reading UCFGs from: D:\a\1.sonarqube\out\ucfg_cs2

It is this folder ucfg_cs2 and its contents that is the most important one. But the zip file you provided does not contain this folder.

On another note, given that you just posted this file on Friday and then asked on Monday if there are news, I assume that this issue is quite pressing for you. In this case, to help you as well and quickly as possible, I would recommend you contact our support team via the commercial support channel.

To quote from this page:

community support

is a collaborative forum where SonarSourcers and community users post every day. It contains detailed articles and technical discussions that cover the most common usages. This is a great resource for your team to gain knowledge about our products and more generally about code quality and security.

commercial support

is a private communication channel between you and our Services team. It can be used to solve advanced issues and get the guidance you need for implementation of our products in complex corporate environments. The privacy of this channel also eases the resolution of problems that require sharing sensitive information.

Essentially, this forum is a great way for us developers to communicate with our users, share some knowledge, collect feedback, and even (when we can) look into issues that users are having to help them out.

However, if you require expedited support for an issue and need help with things such as setting up a full analysis and/or obtain information from temporary storage in your Azure pipeline, then you are better off with our commercial support. Our support team will be happy to actively assist you with those matters.

In the meantime, if this issue is pressing for you, I believe that the following quick&dirty workaround may help to overcome the StackOverflow issue that you are having. In the quality profile that you use for this project, deactivate all of the following rules:

S2076
S2078
S2083
S2091
S2631
S3649
S5131
S5135
S5144
S5145
S5146
S5167
S5334
S5883
S6096
S6287
S6350

This is obviously not ideal as you are missing out on a bunch of rules, but should hopefully help as an interim solution for now.

Hi Malte, I have deactivated the above rules, but still sonarcloud is not working for me.

Hey @Ashish_Rajput ,

I have two questions.

First, about the local analysis you performed to help diagnose the problem. A few posts ago you mentioned:

3. C:/sonar/SonarScanner.MSBuild.exe end /d:sonar.login=“sqp_529951e7698648aa3dbec6d6af238e3e443c3ce3”

I am getting this error on the third step:

ERROR: Error during SonarScanner execution
java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 53.0

My question: Did you solve this problem?

My original assumption was that you solved it, because less than an hour later, you posted the ZIP file we asked for. This is why I did not react to this and instead looked into your ZIP file right away. It now occurs to me that maybe you posted the ZIP file even though you were encountering the above problem in the third step.

To clarify: I can say that the StackOverflow problem you are experiencing occurs in the aforementioned third step in your CI pipeline. Hence, it is this third step that fills up the directory we asked you to zip & provide to us with the information we need to help you. If this third step is not working, that directory will be essentially empty and contain no information that could help us diagnose the problem. Therefore, in order to fix the problem, we would need to do this:

1. Make sure the third step is working (I can help with that)
2. Verify that you are seeing the StackOverflow error (should be the case)
3. Then zip the directory and share it with us.

Can you tell me where you stand with respect to the third step?

My second question would be about the workaround I provided, where I asked you to deactivate certain rules. It is surprising to me that you are still seeing the same error even though you deactivated these rules. Could you please share with me the analysis logs after you deactivated the rules?

Hi Malte, can you please set up a teams or zoom call to fix this issue?

Hey @Ashish_Rajput ,

I’m sorry, that is not a possibility. This is a Community forum, not a ServiceDesk. Please refer to my last post for the next steps if you want to continue troubleshooting this.

If you have access to our commercial support, please feel free to open a service ticket and our support engineers will be happy to work on this issue with you.

Hi Malte,

I am trying to get access to your commercial support and after entering my email, it is not providing me access.

image1057×637 28.1 KB

can you please check this issue?

Hi @Ashish_Rajput ,

to get access to commercial support, you can contact our Sales Team on this page.