SonarQube Connection Issues With Azure Devops Integration

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

Hi All

We are getting the below error messages while integrating Sonarqube with Azure Devops and the exact error message is
##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“ETIMEDOUT”,“errno”:“ETIMEDOUT”,“syscall”:“connect”,“address”:"****",“port”:9000}

Please can you suggest what needs to be done here as we are using the latest community edition on EC2 instance hosted on aws with proper set of ingress rules allowed for AZD ip ranges.

Hi,

Have you tried to ping with a simple bash/cmdline your AzDO server from the SQ server ? Is that working ?

Thanks.

Hi Michael
Yes i tried pinging the ip address for azure devops url after doing nslookup on the server and the result were positive for the ping with 0 packets of data loss.

Are you using Azure DevOps Server (OnPrem) or Services (Cloud) ?

We are using the cloud version .

Ok, so that’s normal.

SonarQube can work only with other OnPrem CI tools (Azure DevOps Server).

If you want to use Azure DevOps Services (cloud), you have to use SonarCloud instead.

So is there no alternate way to use sonar with Azure devops Service with the aws hosted sonarqube community edition.

Since you can’t authorize Azure DevOps Service to communicate (=open port) with an OnPrem server, no.

And on Sonar side, we officially split the 2 worlds : On-Prem with SonarQube and cloud with SonarCloud.

Mickaël

Thanks Let me have a word with my team internally .
Will this work with older community versions ?

Is this possible that through a workaround we can make it work with azure devops hosted in cloud with sonarqube hosted in aws ec2 ?

@mickaelcaro is there any document which i can refer to where i can go through the strategy suggested by you of sonar cloud with azd cloud .

Our corporate website says it pretty well https://www.sonarsource.com/

@mickaelcaro i found a workaround to get that issue sorted out and start the connectivity between cloud and on premise instances.

How did you work around it then?

@Rob_Bos i opened the data center ip ranges for azure on 9000 port and it worked

If the problem is the analysis, you can run sonarqube analysis on a self hosted azure devops agent. Since you are hosting it, it will be able to contact your sonarqube instance.

See here for more details : https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops

You can authorize Azure DevOps Service to work with on-prem assets (ex. build agents directly which ping/pull from inside, or through a VPN pipe connection to something self-hosted).

All our systems are FedRAMP High and SonarCloud requires source code on your SaaS infrastructure.

  1. Is SonarCloud hosted in a FedRAMP High infrastructure (ex. GovCloud, or Azure Government, or your own certified)?

  2. If not, how is data at rest protected?

  3. Does SonarCloud do anything with code other than its analysis (ex. gather/resell data or analytics similar to google and facebook, etc.)?

  4. Does Sonar have any intention of enabling a SonarQube instance for the Azure DevOps Service?

If not, we cannot use your product.

Hello Trey,

Thank you for your interest in SonarCloud.

To answer some of your questions:

  1. No, although some of the AWS services are certified, such as Secrets Manager.
  2. No, it does not. We make this clear in the T&Cs.
  3. Yes.

If you would like to discuss Q2 further please can you use the contact page: https://sonarcloud.io/contact

Kind regards,
Mark Clements

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.