SonarQube : 9.4 (Enterprise), Scanner: 126.96.36.19947, Bitbucket Server: v6.10.0
We have integrated Sonar with our Bitbucket Server instance and executed scan from Jenkins multibranch pipeline (like mentioned in the guide).
Though scan just works fine its unable to decorate Pull Request in Bitbucket server, there is below analysis warning for project,
Pull request decoration did not happen. Failed to access Bitbucket Server, the repository or the pull request
At the same time I see below in the Sonar container logs
2022.05.05 14:02:21 INFO ce[AYCUh1Zs21sFk0FIvlSr][o.s.a.c.b.BitbucketServerRestClient] Unable to contact Bitbucket server: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:352) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:290) ........... 2022.05.05 14:02:21 WARN ce[AYCUh1Zs21sFk0FIvlSr][c.s.G.D.B.E] Pull request decoration did not happen. Failed to access Bitbucket Server, the repository or the pull request: Unable to contact Bitbucket server
We had certificate issue while configuring the Bitbucket server earlier, so we have started the docker container with env variable with
jks file details. After that we managed to connect successfully and import projects from it,
SONARQUBE_WEB_JVM_OPTS: -Djavax.net.ssl.trustStore=/tmp/sonarqube.jks -Djavax.net.ssl.trustStorePassword=pass
So the question is how is it managed to connect for import operation with SSL but not to decorate ? Does it mean it does not use these JVM option while running decorating PR ? Is there a some other
JVM property which I am missing ?
Just to check connectivity from inside the container I have run
SSLPoke with the JKS file and its just works fine.
bash-5.1# $JAVA_HOME/bin/java -Djavax.net.ssl.trustStore=/tmp/sonarqube.jks -Djavax.net.ssl.trustStorePassword=pass SSLPoke bitbucket 443 Successfully connected
Any suggestions would be helpful.