Sonar execution is failing in sonar-scanner-cli:latest image

krishna · May 24, 2024, 7:12am

Hello,

Could you please help us to resolve the issue.

Log:

06:56:42.690 DEBUG:   * Vulnerability Rules for PHP 9.9.2.22117 (securityphpfrontend)
06:56:42.759 INFO: Loaded core extensions: developer-scanner
06:56:42.771 DEBUG: Installed core extension: developer-scanner
06:56:42.819 INFO: ------------------------------------------------------------------------
06:56:42.820 INFO: EXECUTION FAILURE
06:56:42.820 INFO: ------------------------------------------------------------------------
06:56:42.820 INFO: Total time: 2.275s
06:56:42.894 INFO: Final Memory: 27M/136M
06:56:42.894 INFO: ------------------------------------------------------------------------
06:56:42.894 ERROR: Error during SonarScanner execution
java.lang.NoClassDefFoundError: com/google/common/collect/ImmutableList
	at org.sonar.plugins.ndepend.NDependPlugin.define(NDependPlugin.java:69)
	at org.sonar.scanner.bootstrap.ExtensionInstaller.install(ExtensionInstaller.java:57)
	at org.sonar.scanner.scan.SpringProjectScanContainer.addScannerExtensions(SpringProjectScanContainer.java:327)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doBeforeStart(SpringProjectScanContainer.java:156)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:186)

Colin · May 27, 2024, 6:46am

Hey there.

This looks like an issue with GitHub - SonarQubeCommunity/sonar-ndepend, a community-supported plugin that hasn’t been updated in… 8 years (and has no maintainer)?

I would suggest, as a first step, removing this plugin from your server and see if analysis is successful.

Liam_Cryan · May 30, 2024, 6:56pm

Hello,

I am running into this same issue. I am also using the latest image in this below GitLab CI/CD file. It seems this was introduced approx. May 23, 2024: https://hub.docker.com/r/sonarsource/sonar-scanner-cli/tags,

I didn’t have this issue using the latest image prior to this date.

Thanks

sonarqube-check:
  image: 
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: 
    - sonar-scanner
  allow_failure: true
  only:
    - merge_requests
    - main

Malgorzata · May 31, 2024, 9:45am

Hi , there is an issue during project analysis in SonarQube related to Cobertura 2.0 plugin, does anyone faced similar issue ?

Plugin version : Cobertura 2.0 (cobertura)
Sonarqube version 10.2.1
SonarScanner 5.0.1.3006

ERROR: Error during SonarScanner execution
java.lang.NoClassDefFoundError: com/google/common/collect/ImmutableList
at org.sonar.plugins.cobertura.CoberturaPlugin.getExtensions(CoberturaPlugin.java:35)
at org.sonar.plugins.cobertura.CoberturaPlugin.define(CoberturaPlugin.java:50)
at org.sonar.scanner.bootstrap.ExtensionInstaller.install(ExtensionInstaller.java:57)
at org.sonar.scanner.scan.SpringProjectScanContainer.addScannerExtensions(SpringProjectScanContainer.java:323)
at org.sonar.scanner.scan.SpringProjectScanContainer.doBeforeStart(SpringProjectScanContainer.java:154)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:186)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:139)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:71)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:65)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.ClassNotFoundException: com.google.common.collect.ImmutableList
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)

Malgorzata · May 31, 2024, 1:27pm

The same situation like here Sonar execution is failing in sonar-scanner-cli:latest image , use previous sonar-scanner-cli image

Colin · June 3, 2024, 11:15am

Hey all.

There must be something about these very old community-supported plugins that isn’t playing nice with the latest version of the SonarScanner CLI Docker image.

There’s probably not much that can be done. These plugins (Cobertura and NDepend) haven’t been updated for 6 and 8 years respectively. I doubt we would make adjustments to the image specifically to support these very old, unmaintained plugins.

At the same time, in case this is indicative of some larger issue, I’m going to flag this for attention.

Liam_Cryan · June 3, 2024, 3:53pm

Thanks Colin! Does this mean there is a plugin that exists on the sonar instance I am using as you indicated earlier?

If so, it sounds like our solutions at the moment are to downgrade the image, or get these plugins removed?

Colin · June 4, 2024, 9:35am

I’d have to see the full stack trace to tell you which one specifically, but assuming your stack trace is indeed the same; a plugin is probably involved.

Could you share the full stack trace of the issue, as @krishna and @Malgorzata did?

Julien_HENRY · June 6, 2024, 5:45am

Hi folks,

Would you mind clearing the cache folder (.sonar/cache), as we changed the user running the analysis to a non-root user, and I suspect this error might be caused by a permission issue.
The cache will be recreated during the next analysis.

Also be sure that the user 1000 has permission to write on this folder.

Liam_Cryan · June 13, 2024, 7:54pm

Hi Julien,

Thanks a lot for the fix! Using GitLab pipelines, I was able to get successful runs after clearing the runner cache.