Sonar scanner and svn authentication

SonarQube Server / Community Build
,
1

Hello
This is my setup

  • SonarQube ; 9.2.4.50792
  • Sonar scanner : 5.1.0.28487
    I have a .net project under svn that is being integrated in teamcity and analyzed with sonar.

My problem occurs when the sonar scanner tries to get blame informations, its not able to because of authentication issue

java.lang.IllegalStateException: Authentication error when executing blame for file …
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Authentication required for…

I saw some posts saying svn credentials could be filled in under administration/configuration section but im not able to see any SVN section when i log in SonarQube 9.2.

At the project level, i also have nothing regarding svn credentials i could fill in.

I tried to pass the sonar.svn.username and sonar.svn.password.secured as arguments to the scanner begin phase but its as if they were ignored.

Could you please help to understand whats the problem and how i can make this work ?

Thanks !!!

and happy new year all !

3

Hello @MouradK

Happy New Year 2022.
Indeed the SonarQube server side SVN credentials configuration has been dropped in SonarQube 9.1 for security purposes. See [SONAR-15380] Remove SVN properties configuration section on Administration - SonarSource
As per the above JIRA ticket, passing sonar.svn.username and sonar.svn.password.secured as arguments to the scanner is the new way to go, as documented at https://docs.sonarqube.org/latest/analysis/scm-integration/#header-2

If after double checking that you pass the correct settings, you still have the problem, please send me:

  • Debug logs of your begin, build and end steps
  • The <PROJECT_ROOT>/.sonarqube/out/sonar-project.properties file (you may redact what needs to be redacted)

Olivier

5

Hi @OlivierK

I am facing same issue here.

I’m using sonarqube and sonarsource/sonar-scanner-cli both docker images latest version.
sonarqube is * Community Edition * Version 9.3 (build 51899)
sonar-scanner-cli is 4.6.2.2472

I am running both properties as you mentioned above:
-Dsonar.sonar.svn.username and -Dsonar.svn.password.secured while running the sonar-scanner

............
INFO: SCM Publisher SCM provider for this project is: svn
INFO: SCM Publisher 302 source files to be analyzed
INFO: SCM Publisher 0/302 source files have been analyzed (done) | time=693ms
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 45.651s
INFO: Final Memory: 17M/70M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Authentication error when executing blame for file admin/modules/BLA/BLA/BLA/BLA/FILE.xml
	at org.sonar.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:91)
	at org.sonar.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:60)
	at org.sonar.scanner.scm.ScmPublisher.publish(ScmPublisher.java:84)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:354)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Authentication required for '<https://svn.BLABLA.com:443> BLA_SVN Slave'
	at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.authenticationFailed(SVNErrorManager.java:53)
	at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.authenticationFailed(SVNErrorManager.java:47)
	at org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager.getFirstAuthentication(DefaultSVNAuthenticationManager.java:201)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:687)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:352)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:340)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:914)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:706)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:114)
	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1047)
	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.hasCapability(DAVRepository.java:868)
	at org.tmatesoft.svn.core.io.SVNRepository.assertServerIsMergeInfoCapable(SVNRepository.java:790)
	at org.tmatesoft.svn.core.io.SVNRepository.getFileRevisions(SVNRepository.java:759)
	at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteAnnotate.run(SvnRemoteAnnotate.java:109)
	at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteAnnotate.run(SvnRemoteAnnotate.java:30)
	at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
	at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1239)
	at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
	at org.tmatesoft.svn.core.wc.SVNLogClient.doAnnotate(SVNLogClient.java:295)
	at org.sonar.scm.svn.SvnBlameCommand.blame(SvnBlameCommand.java:86)
	... 22 more
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

$ cat sonar-project.properties
sonar.projectKey=teste
sonar.sources=admin/BLABLABLABLABLA
sonar.exclusions=**/*.java
sonar.javascript.node.maxspace=8192

bash-5.1# cat /usr/src/.scannerwork/scanner-report/analysis.log
SonarQube plugins:

  • Python Code Quality and Security 3.9.0.9230 (python)
  • Go Code Quality and Security 1.9.0.3429 (go)
  • JaCoCo 1.1.1.1157 (jacoco)
  • Kotlin Code Quality and Security 2.9.0.1147 (kotlin)
  • IaC Code Quality and Security 1.5.0.1600 (iac)
  • JavaScript/TypeScript Code Quality and Security 8.8.0.17228 (javascript)
  • Ruby Code Quality and Security 1.9.0.3429 (ruby)
  • Scala Code Quality and Security 1.9.0.3429 (sonarscala)
  • C# Code Quality and Security 8.34.0.42011 (csharp)
  • Java Code Quality and Security 7.7.0.28547 (java)
  • HTML Code Quality and Security 3.6.0.3106 (web)
  • Flex Code Quality and Security 2.7.0.2865 (flex)
  • XML Code Quality and Security 2.5.0.3376 (xml)
  • PHP Code Quality and Security 3.22.1.8626 (php)
  • Text file Code Quality and Security 1.0.0.120 (text)
  • VB.NET Code Quality and Security 8.34.0.42011 (vbnet)
  • Configuration detection fot Code Quality and Security 1.2.0.267 (config)
    Global server settings:
  • sonar.core.id=BF41A1F2-AX8hhKyGgLCV5qqsfBFU
  • sonar.core.startTime=2022-02-22T13:00:16+0000
  • sonar.forceAuthentication=true
    Project server settings:
    Project scanner properties:
  • sonar.exclusions=**/*.java
  • sonar.host.url=http://localhost:9000
  • sonar.javascript.node.maxspace=8192
  • sonar.login=******
  • sonar.password=******
  • sonar.projectBaseDir=/usr/src
  • sonar.projectKey=teste
  • sonar.scanner.app=ScannerCLI
  • sonar.scanner.appVersion=4.6.2.2472
  • sonar.sonar.svn.username=MYUSERNAME
  • sonar.sourceEncoding=UTF-8
  • sonar.sources=admin/BLABLABLABLA
  • sonar.svn.password.secured=******
  • sonar.verbose=true
  • sonar.working.directory=/usr/src/.scannerwork

Could you help more here ?

thanks