Sonar Scanner in Bitbucket Pipelines Errors using Cache

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
  • Enterprise Edition v2025.3.1 (109879)
• how is SonarQube deployed: zip, Docker, Helm
  • Helm
• what are you trying to achieve
  • Scan via CLI in Bitbucket Pipelines in order to leverage cache
• what have you tried so far to achieve this
  • See YAML below

I’m using the official docker image sonarsource/sonar-scanner-cli:12 in my Bitbucket pipeline rather than the pipe so I can take advantage of caching. Here’s the relevant parts of my pipeline file:

definitions:
  caches:
    sonar: /opt/sonar-scanner/.sonar/cache
...
pipelines:
...
    - step:
        name: Scan with SonarQube CLI
        image:
          name: sonarsource/sonar-scanner-cli:12
        caches:
          - sonar
        script:
          - sonar-scanner --version
          - |
            sonar-scanner \
              -Dsonar.token=${SONAR_TOKEN} \
              -Dsonar.host.url=${SONAR_HOST_URL}
        artifacts:
          - .scannerwork/report-task.txt

On first run, before the cache is created, the scanner works fine:

10:34:22.292 INFO  Sensor Serverless configuration file sensor [security] (done) | time=2ms
10:34:22.292 INFO  Sensor AWS SAM template file sensor [security]
10:34:22.295 INFO  Sensor AWS SAM template file sensor [security] (done) | time=2ms
10:34:22.295 INFO  Sensor AWS SAM Inline template file sensor [security]
10:34:22.297 INFO  Sensor AWS SAM Inline template file sensor [security] (done) | time=2ms
10:34:22.298 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise]
10:34:22.307 INFO  Available processors: 8
10:34:22.307 INFO  Using 8 threads for analysis.
10:34:22.339 INFO  The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
  * The filename starts with "test"
  * The filename contains "test." or "tests."
  * Any directory in the file path is named: "doc", "docs", "test" or "tests"
  * Any directory in the file path has a name ending in "test" or "tests"
10:34:22.845 INFO  Start fetching files for the text and secrets analysis
10:34:22.852 INFO  Using Git CLI to retrieve untracked files
10:34:22.853 WARN  Retrieving only language associated files, make sure to run the analysis inside a git repository to make use of inclusions specified via "sonar.text.inclusions"
10:34:22.871 INFO  Starting the text and secrets analysis
10:34:22.873 INFO  6 source files to be analyzed for the text and secrets analysis
10:34:22.991 INFO  6/6 source files have been analyzed for the text and secrets analysis
10:34:22.995 INFO  Start fetching files for the binary file analysis
10:34:22.995 INFO  There are no files to be analyzed for the binary file analysis
10:34:23.001 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=700ms
10:34:23.001 INFO  Sensor JavaSecuritySensor [security]
10:34:23.003 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
10:34:23.003 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.004 INFO  Load type hierarchy: Starting
10:34:23.004 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
10:34:23.004 INFO  Read 0 type definitions
10:34:23.013 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.013 INFO  Load UCFGs: Starting
10:34:23.013 INFO  Load UCFGs: Time spent was 00:00:00.000
10:34:23.013 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.001
10:34:23.013 INFO  No UCFGs have been included for analysis.
10:34:23.013 INFO  java security sensor: Time spent was 00:00:00.007
10:34:23.014 INFO  java security sensor: Begin: 2026-01-15T10:34:22.999944898Z, End: 2026-01-15T10:34:23.007077471Z, Duration: 00:00:00.007
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.003660197Z, End: 2026-01-15T10:34:23.005277819Z, Duration: 00:00:00.001
    Load type hierarchy: Begin: 2026-01-15T10:34:23.003726570Z, End: 2026-01-15T10:34:23.004664789Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.005124588Z, End: 2026-01-15T10:34:23.005178125Z, Duration: 00:00:00.000
10:34:23.014 INFO  java security sensor peak memory: 189 MB
10:34:23.014 INFO  Sensor JavaSecuritySensor [security] (done) | time=11ms
10:34:23.014 INFO  Sensor CSharpSecuritySensor [security]
10:34:23.014 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
10:34:23.014 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.015 INFO  Load type hierarchy: Starting
10:34:23.015 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/ucfg2/cs
10:34:23.015 INFO  Read 0 type definitions
10:34:23.015 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.015 INFO  Load UCFGs: Starting
10:34:23.015 INFO  Load UCFGs: Time spent was 00:00:00.000
10:34:23.016 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
10:34:23.016 INFO  No UCFGs have been included for analysis.
10:34:23.016 INFO  csharp security sensor: Time spent was 00:00:00.001
10:34:23.016 INFO  csharp security sensor: Begin: 2026-01-15T10:34:23.008195791Z, End: 2026-01-15T10:34:23.009430205Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.008602290Z, End: 2026-01-15T10:34:23.009111999Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2026-01-15T10:34:23.008623759Z, End: 2026-01-15T10:34:23.008789213Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.008968448Z, End: 2026-01-15T10:34:23.009004615Z, Duration: 00:00:00.000
10:34:23.016 INFO  csharp security sensor peak memory: 189 MB
10:34:23.016 INFO  Sensor CSharpSecuritySensor [security] (done) | time=1ms
10:34:23.017 INFO  Sensor PhpSecuritySensor [security]
10:34:23.017 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
10:34:23.017 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.017 INFO  Load type hierarchy: Starting
10:34:23.017 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
10:34:23.017 INFO  Read 0 type definitions
10:34:23.018 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.018 INFO  Load UCFGs: Starting
10:34:23.018 INFO  Load UCFGs: Time spent was 00:00:00.000
10:34:23.018 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
10:34:23.018 INFO  No UCFGs have been included for analysis.
10:34:23.018 INFO  php security sensor: Time spent was 00:00:00.000
10:34:23.019 INFO  php security sensor: Begin: 2026-01-15T10:34:23.010031510Z, End: 2026-01-15T10:34:23.010882967Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.010257381Z, End: 2026-01-15T10:34:23.010573476Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2026-01-15T10:34:23.010275500Z, End: 2026-01-15T10:34:23.010371982Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.010463852Z, End: 2026-01-15T10:34:23.010498272Z, Duration: 00:00:00.000
10:34:23.019 INFO  php security sensor peak memory: 191 MB
10:34:23.019 INFO  Sensor PhpSecuritySensor [security] (done) | time=2ms
10:34:23.019 INFO  Sensor PythonSecuritySensor [security]
10:34:23.020 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
10:34:23.020 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.020 INFO  Load type hierarchy: Starting
10:34:23.020 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/python
10:34:23.020 INFO  Read 0 type definitions
10:34:23.020 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.020 INFO  Load UCFGs: Starting
10:34:23.021 INFO  Load UCFGs: Time spent was 00:00:00.000
10:34:23.021 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
10:34:23.021 INFO  No UCFGs have been included for analysis.
10:34:23.021 INFO  python security sensor: Time spent was 00:00:00.000
10:34:23.021 INFO  python security sensor: Begin: 2026-01-15T10:34:23.011537486Z, End: 2026-01-15T10:34:23.012341592Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.011748688Z, End: 2026-01-15T10:34:23.012095874Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2026-01-15T10:34:23.011771716Z, End: 2026-01-15T10:34:23.011871498Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.012008963Z, End: 2026-01-15T10:34:23.012031489Z, Duration: 00:00:00.000
10:34:23.021 INFO  python security sensor peak memory: 191 MB
10:34:23.022 INFO  Sensor PythonSecuritySensor [security] (done) | time=1ms
10:34:23.022 INFO  Sensor JsSecuritySensor [security]
10:34:23.022 INFO  Enabled taint analysis rules: S2076, S2083, S2631, S3649, S5131, S5144, S5146, S5147, S5334, S5696, S5883, S6096, S6105, S6287, S6350
10:34:23.022 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.022 INFO  Load type hierarchy: Starting
10:34:23.022 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
10:34:23.023 INFO  Read 0 type definitions
10:34:23.023 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.023 INFO  Load UCFGs: Starting
10:34:23.023 INFO  Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/js
10:34:23.077 INFO  Load UCFGs: Time spent was 00:00:00.062
10:34:23.077 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.063
10:34:23.077 INFO  Analyzing 1 UCFGs to detect vulnerabilities.
10:34:23.078 INFO  Check cache: Starting
10:34:23.078 INFO  Load cache: Starting
10:34:23.078 INFO  Load cache: Time spent was 00:00:00.000
10:34:23.078 INFO  Check cache: Time spent was 00:00:00.000
10:34:23.078 INFO  Create runtime call graph: Starting
10:34:23.078 INFO  Variable Type Analysis #1: Starting
10:34:23.078 INFO  Create runtime type propagation graph: Starting
10:34:23.081 INFO  Create runtime type propagation graph: Time spent was 00:00:00.002
10:34:23.081 INFO  Run SCC (Tarjan) on 11 nodes: Starting
10:34:23.082 INFO  Run SCC (Tarjan) on 11 nodes: Time spent was 00:00:00.000
10:34:23.082 INFO  Tarjan found 11 strongly connected components
10:34:23.082 INFO  Propagate runtime types to strongly connected components: Starting
10:34:23.083 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.001
10:34:23.083 INFO  Variable Type Analysis #1: Time spent was 00:00:00.005
10:34:23.083 INFO  Variable Type Analysis #2: Starting
10:34:23.083 INFO  Create runtime type propagation graph: Starting
10:34:23.084 INFO  Create runtime type propagation graph: Time spent was 00:00:00.000
10:34:23.084 INFO  Run SCC (Tarjan) on 11 nodes: Starting
10:34:23.084 INFO  Run SCC (Tarjan) on 11 nodes: Time spent was 00:00:00.000
10:34:23.084 INFO  Tarjan found 11 strongly connected components
10:34:23.085 INFO  Propagate runtime types to strongly connected components: Starting
10:34:23.085 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.000
10:34:23.085 INFO  Variable Type Analysis #2: Time spent was 00:00:00.001
10:34:23.086 INFO  Create runtime call graph: Time spent was 00:00:00.008
10:34:23.086 INFO  Load config: Starting
10:34:23.206 INFO  Load config: Time spent was 00:00:00.119
10:34:23.206 INFO  Compute entry points: Starting
10:34:23.217 INFO  Compute entry points: Time spent was 00:00:00.011
10:34:23.218 INFO  All rules entry points : 2
10:34:23.218 INFO  Slice call graph: Starting
10:34:23.218 INFO  Slice call graph: Time spent was 00:00:00.000
10:34:23.218 INFO  Live variable analysis: Starting
10:34:23.222 INFO  Live variable analysis: Time spent was 00:00:00.004
10:34:23.222 INFO  Taint analysis for js: Starting
10:34:23.955 INFO  0 / 1 UCFGs simulated, memory usage: 77 MB
10:34:23.979 INFO  2 / 1 UCFGs simulated, memory usage: 79 MB
10:34:23.979 INFO  Taint analysis for js: Time spent was 00:00:00.756
10:34:23.979 INFO  Report issues: Starting
10:34:23.982 INFO  Report issues: Time spent was 00:00:00.003
10:34:23.983 INFO  Store cache: Starting
10:34:23.984 INFO  Store cache: Time spent was 00:00:00.000
10:34:23.984 INFO  js security sensor: Time spent was 00:00:00.971
10:34:23.986 INFO  js security sensor: Begin: 2026-01-15T10:34:23.012952248Z, End: 2026-01-15T10:34:23.984754828Z, Duration: 00:00:00.971
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.013513232Z, End: 2026-01-15T10:34:23.076820881Z, Duration: 00:00:00.063
    Load type hierarchy: Begin: 2026-01-15T10:34:23.013535604Z, End: 2026-01-15T10:34:23.014363017Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.014468425Z, End: 2026-01-15T10:34:23.076629228Z, Duration: 00:00:00.062
  Check cache: Begin: 2026-01-15T10:34:23.076944354Z, End: 2026-01-15T10:34:23.077261968Z, Duration: 00:00:00.000
    Load cache: Begin: 2026-01-15T10:34:23.076963864Z, End: 2026-01-15T10:34:23.077006691Z, Duration: 00:00:00.000
  Create runtime call graph: Begin: 2026-01-15T10:34:23.077381321Z, End: 2026-01-15T10:34:23.085986656Z, Duration: 00:00:00.008
    Variable Type Analysis #1: Begin: 2026-01-15T10:34:23.077811166Z, End: 2026-01-15T10:34:23.083262897Z, Duration: 00:00:00.005
      Create runtime type propagation graph: Begin: 2026-01-15T10:34:23.078491010Z, End: 2026-01-15T10:34:23.080939907Z, Duration: 00:00:00.002
      Run SCC (Tarjan) on 11 nodes: Begin: 2026-01-15T10:34:23.081274294Z, End: 2026-01-15T10:34:23.081874369Z, Duration: 00:00:00.000
      Propagate runtime types to strongly connected components: Begin: 2026-01-15T10:34:23.082042721Z, End: 2026-01-15T10:34:23.083132582Z, Duration: 00:00:00.001
    Variable Type Analysis #2: Begin: 2026-01-15T10:34:23.083514167Z, End: 2026-01-15T10:34:23.084713200Z, Duration: 00:00:00.001
      Create runtime type propagation graph: Begin: 2026-01-15T10:34:23.083571651Z, End: 2026-01-15T10:34:23.084263440Z, Duration: 00:00:00.000
      Run SCC (Tarjan) on 11 nodes: Begin: 2026-01-15T10:34:23.084412006Z, End: 2026-01-15T10:34:23.084479619Z, Duration: 00:00:00.000
      Propagate runtime types to strongly connected components: Begin: 2026-01-15T10:34:23.084570046Z, End: 2026-01-15T10:34:23.084647711Z, Duration: 00:00:00.000
  Load config: Begin: 2026-01-15T10:34:23.086132420Z, End: 2026-01-15T10:34:23.205899194Z, Duration: 00:00:00.119
  Compute entry points: Begin: 2026-01-15T10:34:23.206151200Z, End: 2026-01-15T10:34:23.217376623Z, Duration: 00:00:00.011
  Slice call graph: Begin: 2026-01-15T10:34:23.217652025Z, End: 2026-01-15T10:34:23.217669767Z, Duration: 00:00:00.000
  Live variable analysis: Begin: 2026-01-15T10:34:23.217741497Z, End: 2026-01-15T10:34:23.221844386Z, Duration: 00:00:00.004
  Taint analysis for js: Begin: 2026-01-15T10:34:23.222176553Z, End: 2026-01-15T10:34:23.978812398Z, Duration: 00:00:00.756
  Report issues: Begin: 2026-01-15T10:34:23.978977988Z, End: 2026-01-15T10:34:23.982035393Z, Duration: 00:00:00.003
  Store cache: Begin: 2026-01-15T10:34:23.983103972Z, End: 2026-01-15T10:34:23.983893181Z, Duration: 00:00:00.000
10:34:23.986 INFO  js security sensor peak memory: 250 MB
10:34:23.986 INFO  Sensor JsSecuritySensor [security] (done) | time=974ms
10:34:23.986 INFO  Sensor KotlinSecuritySensor [security]
10:34:23.986 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
10:34:23.986 INFO  Load type hierarchy and UCFGs: Starting
10:34:23.986 INFO  Load type hierarchy: Starting
10:34:23.987 INFO  Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/kotlin
10:34:23.987 INFO  Read 0 type definitions
10:34:23.987 INFO  Load type hierarchy: Time spent was 00:00:00.000
10:34:23.987 INFO  Load UCFGs: Starting
10:34:23.987 INFO  Load UCFGs: Time spent was 00:00:00.000
10:34:23.987 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
10:34:23.987 INFO  No UCFGs have been included for analysis.
10:34:23.987 INFO  kotlin security sensor: Time spent was 00:00:00.000
10:34:23.988 INFO  kotlin security sensor: Begin: 2026-01-15T10:34:23.986122440Z, End: 2026-01-15T10:34:23.987109305Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2026-01-15T10:34:23.986562436Z, End: 2026-01-15T10:34:23.986879954Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2026-01-15T10:34:23.986580959Z, End: 2026-01-15T10:34:23.986722499Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2026-01-15T10:34:23.986779929Z, End: 2026-01-15T10:34:23.986810372Z, Duration: 00:00:00.000
10:34:23.988 INFO  kotlin security sensor peak memory: 250 MB
10:34:23.988 INFO  Sensor KotlinSecuritySensor [security] (done) | time=1ms
10:34:23.988 INFO  Sensor GoSecuritySensor [security]
10:34:23.988 INFO  No taint analysis rules have been enabled, will not execute taint analysis.
10:34:23.988 INFO  go security sensor: Time spent was 00:00:00.000
10:34:23.988 INFO  go security sensor: Begin: 2026-01-15T10:34:23.987505366Z, End: 2026-01-15T10:34:23.987691275Z, Duration: 00:00:00.000
10:34:23.988 INFO  go security sensor peak memory: 250 MB
10:34:23.988 INFO  Sensor GoSecuritySensor [security] (done) | time=0ms
10:34:23.990 INFO  ------------- Run sensors on project
10:34:24.118 INFO  Sensor JsArchitectureSensor [architecture]
10:34:24.144 INFO  * Protobuf reading starting | memory total=208 | free=113 | used=94 (MB)
10:34:24.145 INFO  * Reading SonarArchitecture IR data from directory "/opt/atlassian/pipelines/agent/build/.scannerwork/architecture/js"
10:34:24.312 INFO  * Files successfully loaded: "1" out of "1"
10:34:24.312 INFO  * Protobuf reading complete | memory total=208 | free=122 | used=85 (MB)
10:34:24.318 INFO  * Build file hiGraphs complete | memory total=208 | free=122 | used=85 (MB)
10:34:24.319 INFO  * Slicing complete | memory total=208 | free=122 | used=85 (MB)
10:34:24.321 INFO  * Cycle detection complete | memory total=208 | free=122 | used=85 (MB)
10:34:24.325 INFO  * Build file hiGraphs complete | memory total=208 | free=121 | used=86 (MB)
10:34:24.327 INFO  * Build container hiGraphs complete | memory total=208 | free=121 | used=86 (MB)
10:34:24.327 INFO  * Export complete | memory total=208 | free=121 | used=86 (MB)
10:34:24.327 INFO  Sensor JsArchitectureSensor [architecture] (done) | time=209ms
10:34:24.327 INFO  Sensor Zero Coverage Sensor
10:34:24.332 INFO  Sensor Zero Coverage Sensor (done) | time=5ms
10:34:24.332 INFO  ------------- Gather SCA dependencies on project
10:34:24.338 INFO  Dependency analysis skipped
10:34:24.339 INFO  SCM Publisher SCM provider for this project is: git
10:34:24.340 INFO  SCM Publisher 1 source file to be analyzed
10:34:24.342 WARN  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
10:34:24.344 INFO  SCM Publisher 0/1 source files have been analyzed (done) | time=4ms
10:34:24.344 WARN  Missing blame information for the following files:
10:34:24.344 WARN    * config.js
10:34:24.344 WARN  This may lead to missing/broken features in SonarQube
10:34:24.346 INFO  CPD Executor Calculating CPD for 1 file
10:34:24.351 INFO  CPD Executor CPD calculation finished (done) | time=5ms
10:34:24.355 INFO  SCM revision ID 'a95a0e397eff17c107b03661fcbffb818a4af900'
10:34:24.434 INFO  Load New Code definition
10:34:24.458 INFO  Load New Code definition (done) | time=25ms
10:34:24.459 INFO  SCM writing changed lines
10:34:24.566 WARN  Could not find ref 'main' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin
10:34:24.566 INFO  SCM writing changed lines (done) | time=106ms
10:34:24.571 INFO  Analysis report generated in 215ms, dir size=333.4 kB
10:34:24.582 INFO  Analysis report compressed in 10ms, zip size=48.7 kB
10:34:24.649 INFO  Analysis report uploaded in 67ms
10:34:24.650 INFO  ANALYSIS SUCCESSFUL, you can find the results at: https://sonarqube.invesco.com/dashboard?id=IVZDSO_5516-shared-pipelines-common_075328e5-93de-455b-9aa9-b39f90fdebb8&branch=feat%2Fsonar-scanner
10:34:24.650 INFO  Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
10:34:24.650 INFO  More about the report processing at https://sonarqube.invesco.com/api/ce/task?id=c15105c6-f777-4132-af59-7d207fd63dd2
10:34:24.659 INFO  Time spent writing ucfgs 7ms
10:34:24.714 INFO  Analysis total time: 1:00.630 s
10:34:24.715 INFO  SonarScanner Engine completed successfully
10:34:25.051 INFO  EXECUTION SUCCESS
10:34:25.052 INFO  Total time: 2:06.155s

The subsequent run errors with the following:

13:43:28.625 INFO  Communicating with SonarQube Server 2025.3.1.109879
13:43:28.626 INFO  JRE provisioning: os[linux], arch[x86_64]
13:43:28.683 INFO  EXECUTION FAILURE
13:43:28.684 INFO  Total time: 1.635s
13:43:28.684 ERROR Error during SonarScanner CLI execution
java.lang.IllegalStateException: Failed to run the Java command
	at org.sonarsource.scanner.lib.internal.facade.forked.JavaRunner.execute(JavaRunner.java:83)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.jreSanityCheck(ScannerEngineLauncherFactory.java:68)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:62)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.buildNewFacade(ScannerEngineBootstrapper.java:196)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrapServer(ScannerEngineBootstrapper.java:176)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:151)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:76)
	at org.sonarsource.scanner.cli.Main.main(Main.java:64)
Caused by: java.io.IOException: Cannot run program "/opt/sonar-scanner/.sonar/cache/4086cc7cb2d9e7810141f255063caad10a8a018db5e6b47fa5394c506ab65bff/OpenJDK17U-jre_x64_linux_hotspot_17.0.13_11.tar.gz_extracted/jdk-17.0.13+11-jre/bin/java": error=2, No such file or directory
	at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1170)
	at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1089)
	at org.sonarsource.scanner.lib.internal.facade.forked.JavaRunner.execute(JavaRunner.java:62)
	... 7 common frames omitted
Caused by: java.io.IOException: error=2, No such file or directory
	at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
	at java.base/java.lang.ProcessImpl.<init>(ProcessImpl.java:295)
	at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:225)
	at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1126)
	... 9 common frames omitted
13:43:28.686 ERROR 
13:43:28.686 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.

We’d really like to take advantage of caching in Bitbucket if at all possible.

• Edited for brevity.

Hi,

Welcome to the community!

I’m sorry to disappoint you, but this doesn’t work like you think it does.

C, and C++ analysis can use a local cache, but other than that, the cache is stored server-side. And either way, you don’t have to use the Docker flavor of the scanner to benefit from it.

Most importantly though is that - other than C and C++ - the cache only kicks in for PR analysis. It’s updated at every branch analysis to be ready and available when you analyze PRs that relate to the branch.

 
HTH,
Ann

Thanks for the reply. I’m not sure I understand, though.

The sonar scanner documentation refers to a cache that can be used in our CI system (Bitbucket Pipelines): SonarScanner CLI | SonarQube Server 2025.3 | Sonar Documentation

This is the cache I’m referring to. Configuring Bitbucket to cache sonar’s cache directory causes the scanner to fail.

Hi,

Oh! That cache.

It looks like it’s trying to use a cached JRE, and I’m not sure that was intended. I’m going to flag this for more expert eyes.

 
Ann

We hit the same java.lang.IllegalStateException: Failed to run the Java command issue on Bitbucket Pipelines. After some debugging, the root cause for us was cache permissions: the Bitbucket cache builder or extractor could not read files with 600/700, so the extracted Bitbucket cache contained only empty directory stubs (e.g., OpenJDK21U*_extracted existed but no jdk-*/bin/java). On the next run Sonar tried to execute the missing java binary.

Fix: after sonar-scanner we run:

chmod -R a+rX "$SONAR_USER_HOME/cache"

This makes the Sonar cache readable so Bitbucket actually can handle the extracted JRE and plugins.

We also moved SONAR_USER_HOME to $BITBUCKET_CLONE_DIR/.sonar, but I don’t think that was a factor.

Here are some directory listings with their permissions collected after the first (no cache) Sonar run:

== /opt/atlassian/pipelines/agent/build/.sonar/cache/1d980d201ac7142a804352bade2082cc ==
drwxrwxrwx  3 scanner-cli scanner-cli      4096 Feb  5 20:50 .
drwxrwxrwx 14 scanner-cli scanner-cli      4096 Feb  5 20:50 ..
-rw-------  1 scanner-cli scanner-cli 119071422 Feb  5 20:50 sonar-javascript-plugin.jar
drwxr-xr-x  2 scanner-cli scanner-cli      4096 Feb  5 20:50 sonar-javascript-plugin.jar_unzip

== /opt/atlassian/pipelines/agent/build/.sonar/cache/aeab55d064a1a27a3744b0880b9b414077b4ed2b1790817eea3df60aec946431 ==
drwxrwxrwx  3 scanner-cli scanner-cli     4096 Feb  5 20:49 .
drwxrwxrwx 14 scanner-cli scanner-cli     4096 Feb  5 20:50 ..
-rw-rw-rw-  1 scanner-cli scanner-cli 51952734 Feb  5 20:49 OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz
drwx------  4 scanner-cli scanner-cli     4096 Feb  5 20:50 OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz_extracted

== /opt/atlassian/pipelines/agent/build/.sonar/cache/aeab55d064a1a27a3744b0880b9b414077b4ed2b1790817eea3df60aec946431/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz_extracted ==
drwx------ 4 scanner-cli scanner-cli 4096 Feb  5 20:50 .
drwxrwxrwx 3 scanner-cli scanner-cli 4096 Feb  5 20:49 ..
drwxrwxrwx 6 scanner-cli scanner-cli 4096 Feb  5 20:49 jdk-21.0.9+10-jre

== /opt/atlassian/pipelines/agent/build/.sonar/cache/aeab55d064a1a27a3744b0880b9b414077b4ed2b1790817eea3df60aec946431/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz_extracted/jdk-21.0.9+10-jre/bin ==
-rwxr-xr-x 1 scanner-cli scanner-cli 12920 Feb  5 20:49 java

Thank you @christoph! Updating permissions on the cached files worked like a charm. In case others wind up here, these are the relevant bits in my pipeline now:

definitions:
  caches:
    sonar: /opt/sonar-scanner/.sonar/cache
...
pipelines:
...
    - step:
        name: Scan with SonarQube CLI
        image:
          name: sonarsource/sonar-scanner-cli:12
        caches:
          - sonar
        script:
          - sonar-scanner --version
          - |
            sonar-scanner \
              -Dsonar.token=${SONAR_TOKEN} \
              -Dsonar.host.url=${SONAR_HOST_URL}
          - chmod -R a+rX "$SONAR_USER_HOME/cache" # Fix cache permissions
        artifacts:
          - .scannerwork/report-task.txt

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.