Sonarqube-gradle-plugin fails when used with IBM JDK

gradle
scanner

(Richard McAleer) #1

Using the latest version of sonarqube-gradle-pluign it fails to connect to a sonarqube instance when using HTTPS if gradle is using the IBM JDK.

This was a known issue with the okhttp library used by sonar-scanner-gradle:

It has been fixed since version 3.7.0 of okhttp:

The latest sonarqube-gradle-plugin release (2.6.2) uses the sonar-scanner-api 2.9.0.887:
https://search.maven.org/artifact/org.sonarsource.scanner.gradle/sonarqube-gradle-plugin/2.6.2/pom

Which, looking at it’s parent pom (sonar-scanner-api-parent), uses okhttp 3.6.0:
https://search.maven.org/artifact/org.sonarsource.scanner.api/sonar-scanner-api-parent/2.9.0.887/pom

However, the latest version of the sonar-scanner-api uses okhttp 3.11.0:
https://search.maven.org/artifact/org.sonarsource.scanner.api/sonar-scanner-api-parent/2.11.0.1537/pom

So upgrading the sonarqube-gradle-plugin to the latest scanner-api would resolve the issue (even updating it to the previous scanner-api version - 2.10.0.1189 - would suffice as it uses okhttp 3.8.1).

The obvious workaround for this is to not use the IBM JDK, but not really an option in my case.


(Duarte Meneses) #3

Hi,

sonar-scanner-gradle was already updated to use the latest version of the sonar-scanner-api v2.11, but it wasn’t released yet:

It should be out soon.
If you guys need it now, you can use this artifact:
https://repox.sonarsource.com/sonarsource-public-builds/org/sonarsource/scanner/gradle/sonarqube-gradle-plugin/2.7.0.1563/sonarqube-gradle-plugin-2.7.0.1563.jar

You can even add https://repox.sonarsource.com/sonarsource-public-builds as a maven repository and get the plugin from there using this unreleased build number.