Sonarqube Jenkins Webhook 403

apiel · April 18, 2024, 2:17pm

Hello.

We use SonarQube Developer Edition Version 9.9.2 and Jenkins (I have followed this doc Jenkins extension for SonarQube)

I added a webhook for quality gate (https://jenkins.cross/sonarqube-webhook/). But this webhook is always in error with this log:

Failed to send webhook 'jenkins' | url=https://jenkins.cross/sonarqube-webhook/ | message=Unexpected response code for CONNECT: 403

I don’t find any other logs with DEBUG mode in Sonar. No log in Jenkins.

I try to POST webhook manually with the payload and it’s OK with code HTTP 200. In this case I see log in Jenkins for my call.

So it seems that Sonar call never reach Jenkins. It’s the same issue that this post it seems: Jenkins - SonarQube Integration: Webhook retrieves 403, where can I find logs? - Stack Overflow

The rest of the process works well (the Sonar scan)

ganncamp · April 19, 2024, 2:55pm

Hi,

Welcome to the community!

403 is a permissions error. Presumably when you make the call manually, you’re doing it from a client that’s already logged in(?) to Jenkins. The docs should help.

Ann

apiel · April 22, 2024, 6:19am

With the manual call I’m not logged in and I still have a status 200.

The documentation does not speak about Webhook authentication with Sonar.

apiel · April 22, 2024, 8:01am

Same problem here but no solution: Webhook Server Unreachable

ganncamp · April 22, 2024, 11:53am

Hi,

There’s a suggestion in the thread you referenced to increase your server log level and check the logs for more details. Did you try that?

Ann

apiel · April 22, 2024, 12:38pm

Compute and Web Engine are already in Debug mode. There’s no more log than what’s in my first message (without DEBUG mode there is no log at all).
The ce.log show SUCCESS for globalWebhooks.

ganncamp · April 22, 2024, 12:45pm

Hi,

Sorry, but I’m not sure what more to tell you. Since the error is coming from Jenkins, you should probably investigate this on the Jenkins side.

Ann

apiel · April 22, 2024, 1:02pm

The error is not coming from Jenkins:

all call outside Sonar are OK.
for all call outside Sonar I see log in Jenkins, there is no log in Jenkins with the Sonar call
I’m not the first one with this issue (Webhook Server Unreachable or Jenkins - SonarQube Integration: Webhook retrieves 403, where can I find logs? - Stack Overflow), they also specify that tests with curl or other methods work and they don’t have more logs

So there is a problem with the Sonar call but we don’t have any log, we don’t know what’s the problem.

apiel · April 22, 2024, 1:09pm

I thought it might be a certificate problem but I use a Java Trustore with the Jenkins certificate and it works well with other application.

I use Docker compose to run Sonar image. I mount the keystore to

/opt/java/openjdk/lib/security/cacerts:ro

as describe in the documentation here Server installation troubleshooting | SonarQube Docs

ganncamp · April 22, 2024, 1:19pm

Hi,

Have you tried searching (outside this community) Jenkins 403?

Ann

apiel · April 22, 2024, 1:53pm

I tried something with certificate. I extracted Sonarqube image cacerts, add my jenkins certificate and add this updated cacerts to Sonar container but no change, always this “Server Unreachable” in Webhooks.

apiel · April 25, 2024, 6:51am

So no one at Sonarqube can tell us why a simple http call fails in their application?

ganncamp · April 25, 2024, 11:53am

Hi,

You’ve been quite clear that Jenkins returns a 403.

I founds lots of relevant-looking results when I searched “Jenkins 403”.

HTH,
Ann

apiel · April 25, 2024, 12:09pm

But no… Can you read this: Sonarqube Jenkins Webhook 403 - #8 by apiel

The call never reach Jenkins. It’s an issue with Sonar.

ganncamp · April 25, 2024, 2:32pm

Hi,

The 403 is not coming from SonarQube.

What’s on your network between SonarQube and Jenkins?

Ann

apiel · April 25, 2024, 2:46pm

Can you explain why the 403 is not coming from SonarQube ? I can use the webhook from Sonar container manually and I have an HTTP 200.

Sonarqube running in a Docker container. There is a NGinx in front of him. Then Sonar and Jenkins are in the same network.

ganncamp · April 25, 2024, 2:48pm

Hi,

Unexpected response. SonarQube sent, and it got a response.

Ann

apiel · April 30, 2024, 7:03am

I said several times that curl command return 200, that this webhook works fine with manual launch.

And for information if Sonar don’t accept Jenkins certificate we have a 403 and it’s a Sonar configuration issue.

Can you explain why it’s only with Sonar if it’s a Jenkins issue ? Why there is no log in Jenkins ?
There is other forum post with the same problem with no response…

And my question is: can we have log for this 403 ? We paid for Sonar Developer, is there a real support ?

ganncamp · April 30, 2024, 1:19pm

Hi,

Professional support is available.

Ann

Rebse · April 30, 2024, 2:28pm

Hi,

i suppose you’re using the Sonarqube for Jenkins plugin.
To see what’s going on in Jenkins you should create a custom Jenkins Sonarqube logger
(/manage/log/new) with configuration logger hudson.plugins.sonar and org.sonarsource.

Gilbert