Sonar-scanner hangs and does not complete the scan due to can't determine github host

Hi y’all,

Currently, using SonarQube 10.3 and sonar-scanner docker image 5.0.1. SonarQube is deployed to AWS via helm charts. We are currently using CircleCI with sonar-scanner running branch and PR analysis as well as against default branches.

We are getting intermittent reports internally for different projects that sonar-scanner hangs with the following in the logs:

20:28:57.809 DEBUG: Blame file (native) src/xxxxxxxxx
20:28:57.810 DEBUG: Blame file (native) test/xxxxxxxxx
The authenticity of host 'github.com (140.82.114.4)' can't be established.
XXXXXX key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXX.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 20:29:00.638 DEBUG: delta [ns] since modification FileSnapshot failed to detect
count, failures, racy limit [ns], delta min [ns], delta max [ns], delta avg [ns], delta stddev [ns]
11461, 448, 20865, 2554486.0, 6437154.0, 4506363.444196421, 1131670.4035155028
20:29:00.638 DEBUG: FileStoreAttributes[fsTimestampResolution=8 µs, minimalRacyInterval=6,437 µs]
20:29:07.620 INFO: 19/20 source files have been analyzed
20:29:17.620 INFO: 19/20 source files have been analyzed
20:29:27.621 INFO: 19/20 source files have been analyzed
20:29:37.621 INFO: 19/20 source files have been analyzed
20:29:47.621 INFO: 19/20 source files have been analyzed
20:29:57.621 INFO: 19/20 source files have been analyzed
1 Like

Also having the same problem when running Sonar scanner in CircleCI with the image sonarsource/sonar-scanner-cli:5.
We don’t seem to be able to identify where the problem comes from. In our case the error message is:

The authenticity of host 'github.com (140.82.112.3)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.

but we have verified that the correct ssh key entry IS in .ssh/known_hosts.
Any help would be appreciated!

We found an explanation for the problem. The sonar-scanner image has $HOME set to /tmp, but if you run it with the root user you get an interesting side-effect:

  • the checkout command from CircleCI is saving the known_hosts file with the signatures for GitHub under /tmp/.ssh
  • but ssh is looking for the file under /root/.ssh
    Apparently this was never a problem because the sonar scanner process was not trying to connect the remote, but since yesterday, sonar scanner is trying to connect to the git remote and ssh fails in finding the known_hosts file.
    We fixed it temporarily by copying the content of /tmp/.ssh to /root/.ssh right after the checkout command.
    It would be good to understand why this started being a problem yesterday.
1 Like
    steps:
      - checkout
      - run:
          name: Copy .ssh files to root home folder
          command: |
            [ -d /tmp/.ssh ] && cp -r /tmp/.ssh /root/

This fixed the problem for us.

1 Like

Thanks for the workaround! It worked for us.

It would be nice to know why this problem randomly started to occurred. For us, it was only happening only on some projects but not all. It was also intermittently as it would fail one day and pass the next.

Hey there!
Thank you for reporting this.
We are looking into it but it will take some time on our side.
In the meantime please keep using the workaround.