Sonarqube scanner issue

Ammad_Khalid · April 7, 2022, 12:06pm

Hi,

I am literally stuck and need help desperately.

I have deployed a sonarqube from helm chart and this deployement is successful. My soncarqube is up and running but issue I am facing is in sonarscanner. I have integrated my sonarqube with github and added the action for scanning the code.

I am using developer edit version 9.3.0.

whenever my github action starts it give this error:
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

which I know is the java keystore cert error. Thing is I have added the certificate in java keystore but still I am getting same error.

just to clear it more I am using sonarqube on eks cluster. It was working fine until I renewed my certificate for sonarqube. I have setup my certificate using secrets and ingress file. using nginx ingress.

I have deployed new cluster multiple times and getting same issue on every cluster.

please help.

Colin · April 7, 2022, 12:54pm

Hey there.

This error is telling you that the JVM being used to run the scanner doesn’t trust the certificate. This means that if a truststore is altered, it’s going to need to be scanner-side, not server-side (some users make this mistake).

Using a tool like GitHub - MichalHecko/SSLPoke: Java tool for testing validity (certificates) of trust stores can really help you make sure that the changes you’ve made to the keystone are actually having the right impact, and allowing your SonarQube server to be trusted. I’d encourage using this debugging tool.

Ammad_Khalid · April 7, 2022, 2:07pm

Thanks colin for your response but as I mentioned in my question that I have already added the certeficate in keystore. is keystore & truststore different?

I have use following to add the certificate:

keytool -import -noprompt -trustcacerts -alias github.com -file /opt/sonarqube/certs/github.cer -
keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

Topic		Replies	Views
SonarQube Enterprise Server can not be reached through sonar-scanner SonarQube Server / Community Build sonarqube , scanner	5	617	May 17, 2023
SonarScanner error: unable to find valid certification path to requested target SonarQube Server / Community Build ssl	0	4187	April 10, 2019
Issue connecting to SonarQube via Sonar Scanner running locally SonarQube Server / Community Build scanner	1	508	May 9, 2023
Error SonarQube server can not be reached and PKIX path building failed SonarQube Server / Community Build scanner	5	13127	October 16, 2023
Getting PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException SonarQube Server / Community Build sonarqube , scanner	2	19	February 20, 2025

Sonarqube scanner issue

Related topics