SonarCloud with AWS CodeBuild

Claire_Villard · August 12, 2021, 10:50am

As I mentionned earlier, the “SonarQube 8.9.1” on the logs is just a mistake in the log message. Your build is using the SonarScanner for Maven, poiting to SonarCloud since you configured the URL.

I can’t explain why your build can’t resolve the SonarCloud token from the AWS Parameter store, but I suspect it is not an issue related to SonarCloud or SonarScanner.

I notice one of your previous answers has been marked as Solution, is it a mistake?

For the last error, could you give me the logs in debug mode (-X) with the full stacktrace?

Viktorf · August 12, 2021, 11:06am

Indeed the answer marked as a Solution was a mistake.
Sure, once the build finishes, I’ll post the logs in debug mode.
Thank you!

Viktorf · August 12, 2021, 11:34am

This is the log file, sorry for the formatting, thank you.
https://raw.githubusercontent.com/arthurflame/spring-petclinic/main/maven_debug.log

Claire_Villard · August 12, 2021, 1:09pm

Thanks for the detailed logs.
I reproduce that same error 100% of the times when I try to scan the repo locally with an empty token, like -Dsonar.login= instead of -Dsonar.login=somecooltoken.
When the token is invalid or the user don’t have the permission, the error is different.

We may have some room to improvement here, to given an appropriate message instead of that exception. I’ll report taht internally for improvement, but of course it won’t solve your issue.

You probably still have some issue on your build configuration.
The recommended way to configure the access token, is now to use an environment variable named SONAR_TOKEN, instead of the sonar.login property than can print tokens clearly in the logs. It is automatically picked by the scanner, the -Dsonar.login=xxx part of the command should be completely removed. Could you try that?

Viktorf · August 12, 2021, 1:13pm

Thank you for your answer, I will definitely try this out.
I’ll let you know once the build finishes, thank you once again.

Viktorf · August 12, 2021, 1:35pm

Wow, putting the token value as environmental variable actually worked!
But what if I still want to use AWS’s services, such as Parameter Store or Secrets Manager and store the token values there?
Thank you!

Viktorf · August 12, 2021, 1:40pm

Also, I have several more applications using SonarCloud, but those are written in Golang and Python, and everything works fine with them.

Claire_Villard · August 12, 2021, 1:41pm

I’m so happy it worked!

About the storage of the token, for sure it should go on some secure storage. I guess the environment variable can be filled with some value from Parameter Store or Secret Manager, but it’s far beyond my knowledge of AWS services.

We don’t have any specific documentation for that, I found that AWS documentation about Environment variables on CodeBuild, it suggests some other documentations at the bottom of the page about secure ways to store secrets.

Claire

Viktorf · August 12, 2021, 1:44pm

Will definitely figure this out, thank you so much for your time, this error was consuming half of my soul, now I feel relieved thanks to you!
Once again, thank you very much!

system · August 19, 2021, 1:45pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Analysis on python code in AWS CodeBuild SonarQube Cloud sonarqube-cloud	9	2508	August 9, 2023
Sonarqube java code analysis in AWS Codebuild SonarQube Server / Community Build sonarqube , scanner	1	2295	December 6, 2019
Sonar Scanner Execution Failed in AWS Codebuild SonarQube Server / Community Build	3	3138	May 26, 2020
How to setup SonarScanner for .NET Framework in AWS Code Build? SonarQube Cloud dotnet	1	504	March 15, 2023
How to setup sonarqube inside aws codebuild SonarQube Cloud	4	6560	May 27, 2020

SonarCloud with AWS CodeBuild

Related topics