SonarQube code analysis stopped working in Azure DevOps

milena · February 22, 2020, 2:23pm

Hi,

We have SonarQube Developer Edition Version 8.0 (build 29455) and we’re calling it from a build in Azure DevOps (agent pool “Azure Pipelines”, Agent Specification “vs2017-win2016”). And we’re using SonarQube extension (https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarqube).
We use the Sonar tasks: “Prepare analysis on SonarQube” and “Run Code Analysis” to generate a sonar report of PL/SQL code. The first task is configured to “Use Standalone Scanner”.
The pipeline was being executed properly a number of times a day until thursday (feb 20th). On friday (feb 21st) the task “Run Code Analysis” started failing (unable to download the Scanner therefore unable to execute the task).
Error message: “##[error]ERROR: Error during SonarQube Scanner execution” “Caused by: java.lang.IllegalStateException: Fail to download scanner-developer-8.0-all.jar to C:\Users\VssAdministrator.sonar\cache_tmp\fileCache7476254724290140902.tmp
#”

image1003×911 122 KB
We hadn’t made any changes in the pipelines and the SonarQube installation was not upgraded lately, we even tried reverting all changes in code to see if we could reproduce the working state, but the problem remains.
We also tried using a self-hosted agent and the error is also the same “Fail to download scanner-developer-8.0-all.jar”.

In order to diagnose the issue better, we want to know where this “scanner-developer-8.0-all.jar” is being downloaded from.
We would also want to see if this jar file can be manually pre-downloaded in the agent to avoid future issues.

We need these Sonar analysis working again and I have three hypothesis:
a> The Scanner jar file is usually downloaded from an online location and it’s not where it’s supposed to be anymore or the Azure DevOps agent is having connectivity issues with that location
b> The Scanner jar file should be available in our Sonar server and we have connectivity issues
c> There is a change in the SonarQube extension itself that prevents this previously-working-configuration to work now.

Any help or reports on others having the same issue (or using the sonarqube tasks in azure DevOps and not having issues today) will be helpful.

Thank you.

milena · February 24, 2020, 8:51pm

After some research, we found in this other post that the files are being requested from our own sonarqube installation: http(s)://<sonarserver:port/path>/api/plugins/download?plugin=<pluginname>&acceptCompressions=pack200

Also, in this post we found that the file is available in sonarqube_server_home/lib/scanner

We checked at the files in the server (scanner and plugins) and everything seemed okay but these bits of information helped us review and find a new network policy that was causing the issue.

Finally, we would like to know if there is a parameter in which we can specify the internal folder in which our self-hosted agents already have the scanner+plugins available to be used by the “Run Code Analysis” task (just so they don’t get re-downloaded when they’re already available).

Thanks in advance.

vishal_linu · February 27, 2020, 4:12pm

Hi @milena ,

Even i am facing the same problem , Do you have a solution for this ?

milena · February 27, 2020, 6:56pm

Hi,
Our issue was caused because a new network restriction had been set on the ammount of bytes that could flow between our SonarQube server and our build computer.
In my previous post I posted the URL that is consumed by the build computer, and the folder where the files can be found.
You have to check and see if the files in the SonarQube server are OK, if they are then suspect of any new network configuration.