Sonarcloud fails to analyze Github Pull Request when Github IP Restrictions are in place

SonarQube Cloud
1

Overview

Sonarcloud fails with a 500 error when analyzing a pull request against a repository in a Github organization with IP restrictions. Github has a “allow-ip-addresses-of-github-apps” feature to allow apps to bypass IP restrictions but it does not appear that sonarcloud utilizes this. Also there does not appear to be a published list of static IP addresses which could be whitelisted manually.

I am encountering this issue when using the dotnet sonarscanner utility, but it also affects our projects that are directly analyzed from github (no CI system).

Is there any way to get sonarcloud.io to work with a github organization that has IP restrictions enabled?

Diagnostics

  • ALM used: GitHub
  • CI system used: Jenkins
  • Scanner command used when applicable (private details masked):
dotnet sonarscanner begin /k:<KEY> /o:<ORG> '/d:sonar.cs.opencover.reportsPaths=/var/lib/jenkins/workspace/<PROJECT_NAME>\**\coverage.opencover.xml' '/d:sonar.cs.vstest.reportsPaths=/var/lib/jenkins/workspace/<PROJECT_NAME>\**\results.trx' /d:sonar.javascript.lcov.reportPaths=/var/lib/jenkins/workspace/<PROJECT_NAME>/App/coverage/lcov.info /d:sonar.testExecutionReportPaths=/var/lib/jenkins/workspace/<PROJECT_NAME>/App/TestResults/jest-sonar-report.xml /d:sonar.pullrequest.key=78 /d:sonar.pullrequest.base=master /d:sonar.pullrequest.branch=<BRANCH_NAME> /d:sonar.pullrequest.provider=GitHub /d:sonar.pullrequest.github.repository=<GH_REPO>

  • Languages of the repository

    • c#/.NET core
    • Javascript/Typescript

  • Error observed:

Jenkins log file:

Calling the SonarScanner CLI...
INFO: Scanner configuration file: /.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/netcoreapp3.0/any/sonar-scanner-4.6.1.2450/conf/sonar-scanner.properties
INFO: Project root configuration file: /var/lib/jenkins/workspace/<PROJECT_NAME>/.sonarqube/out/sonar-project.properties
INFO: SonarScanner 4.6.1.2450
INFO: Java 11.0.11 Debian (64-bit)
INFO: Linux 5.4.0-1040-azure amd64
INFO: User cache: /home/jenkins/.sonar/cache
INFO: Scanner configuration file: /.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/netcoreapp3.0/any/sonar-scanner-4.6.1.2450/conf/sonar-scanner.properties
INFO: Project root configuration file: /var/lib/jenkins/workspace/<PROJECT_NAME>/.sonarqube/out/sonar-project.properties
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "US-ASCII" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=1220ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /home/jenkins/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=255ms
INFO: Load/download plugins (done) | time=26846ms
INFO: Loaded core extensions: developer-scanner
INFO: JavaScript/TypeScript frontend is enabled
INFO: Found an active CI vendor: 'Jenkins'
INFO: Load project settings for component key: '<PROJECT_KEY>'
INFO: Load project settings for component key: '<PROJECT_KEY>' (done) | time=239ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=33ms
INFO: Project key: <PROJECT_KEY>
INFO: Base dir: /var/lib/jenkins/workspace/<PROJECT_NAME>
INFO: Working dir: /var/lib/jenkins/workspace/<PROJECT_NAME>/.sonarqube/out/.sonar
INFO: Load project branches
INFO: Load project branches (done) | time=237ms
INFO: Check ALM binding of project ''<PROJECT_KEY>'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project '<PROJECT_KEY>' (done) | time=231ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=241ms
INFO: Load branch configuration
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 33.416s
INFO: Final Memory: 7M/37M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: Something went wrong while trying to get the pullrequest with key '78'
ERROR: Caused by: Error 500 on https://sonarcloud.io/api/alm_integration/show_pullrequest?project=<PROJECT_KEY>&pullrequestKey=78 : {"errors":[{"msg":"An unexpected error occurred. Please try again later."}]}
ERROR: 
The SonarScanner did not complete successfully
15:52:22.329  Post-processing failed. Exit code: 1

  • Steps to reproduce

    • Enable IP restrictions in your Github organization.
    • Create a pull request in one of your GH repos.
    • Call the sonarscanner to scan the pull request.

  • Potential workaround

None

2

Hi @kthompso,

Welcome to the community forum, and thanks for posting your feedback.

By design, IP addresses used by :sonarcloud: 's enpoints are recycled and rotate over time. Hence allowing static IPs is not a solution that you could use from GitHub or elsewhere.

Regards,
@AlxO

4

Thank you for the reply @AlxO . Do you know if there are any plans to get sonarcloud to work with GH IP restrictions in the future?

5

Hi @kthompso , not to my knowledge.
I will however make sure your need is captured.

1 Like
7

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

9

Hey @kthompso

SonarCloud does now provide fixed public IP addresses.

Read more here: