I am encountering the following issue while running SonarQube analysis through GitLab CI. SonarQube is running on an AWS EKS cluster. Do you have any suggestions on how to fix this problem?
[ERROR] SonarQube server [https://dev.xxx.com/pipeline/sonarqube] can not be reached
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar (default-cli) on project cdp-proxy: Unable to execute SonarScanner analysis: Fail to get bootstrap index from server: Status returned by url [https://dev.xxx.xxx-xxx.com/pipeline/sonarqube/batch/index] is not valid: [403]
It looks like you have a 403 error being returned by… something.
The first thing I would suggest would be checking the logs/access.log of your SonarQube instance to see if it’s really SonarQube returning that 403.
If so, it’s probably an issue related to how you’re passing authentication to the scanner. If you’re using GitLab CI, you should make sure that the SONAR_TOKEN environment variable has been set to a correct token (try generating a new one if you aren’t sure).
If not, you’ll have to look at the other layers of your stack (specifically whatever is serving your SonarQube server over HTTPS, likely something in the AWS EKS stack).
Thank you @Colin - I have spent time troubleshooting this error as you suggested. The actual problem appears to be a connection timeout, resulting in the SonarQube host being unreachable.
I have investigated and reviewed the firewall rules (i.e., security groups and NACLs) for inbound and outbound traffic at the AWS network level. All rules appear to be correctly configured, but the GitLab Runner is still unable to establish connectivity with the SonarQube host, resulting in a “SonarQube server cannot be reached” error.
I have also reviewed the SonarQube token and GitLab personal access token, and everything seems to be correctly configured.
