SonarScanner exits with 0, while still logging an error in the output

Bram_P · September 19, 2024, 11:20am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
- SonarQube CE 10.4.1
- Jenkins 2.454
- SonarQube Scanner for Jenkins 2.17.2
how is SonarQube deployed: zip, Docker, Helm
- Docker
what are you trying to achieve
- Scan the code in a pull-request using SonarQube
what have you tried so far to achieve this
- not relevant

Description of the issue:

We have a repo with a base-branch of “main”
We use the above setup with Jenkins shared libraries to trigger a SonarQube scan on branch pull and pull request instantiation
With each pull request, we feed SonarQube (through the scanner plugin) with the base-branch through the sonar.pullrequest.base param
When we configure the base-branch to “master” while the base-branch should be main, SonarQube cannot perform a compare and list the new code smells
- SonarQube Scanner correctly logs an error in the output, as seen below
- However, SonarQube Scanner still exits with exit-code 0 (everything’s fine) and the Jenkins pipeline continues as normal

ERROR Error during SonarScanner CLI execution
ERROR No branch exists in Sonarqube with the name master
ERROR
ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging

Expected behavior:

We expect the scanner to exit with a non-0 exit code, so Jenkins will consider the scan to have failed with a error.

Workaround:
We could capture and scan the output for these specific errors, but this seems like a ducktape patch instead of a more consistent behaviour of exiting with a non-0 exit code. For example, see OWASP Dependency Check’s error code:

0: No vulnerabilities were found.
1: An error occurred while running the check (e.g., a file couldn't be read, or the configuration is incorrect).
11: Analysis exception occurred (likely due to a setup or execution problem).
12: Dependencies were identified with vulnerabilities (no threshold exceeded).
13: Unable to continue due to fatal initialization error.
14: One or more invalid configuration files encountered.
15: Dependencies were identified with vulnerabilities that exceed the specified vulnerability threshold (your case).

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

eric.giffon · September 25, 2024, 2:29pm

Hello @Bram_P,

The scanner shouldn’t return the exit code 0 in case of failure. How did you confirm that the scanner returns the exit code 0?
Also, which version of the scanner are you using?

Bram_P · September 30, 2024, 5:38pm

I’ve re-ran the scenario with some additional checks and logging:

This is the (important bits of the) CLI command in Jenkins:

SonarQube CLI Command: 
    source .sonarqubeVenv/bin/activate && 
    /data/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/NPLCM-sonar-scanner-cli-latest/sonar-scanner/bin/sonar-scanner 
    -Dsonar.pullrequest.base='master' 
    -Dsonar.pullrequest.key='3'

Output in the Jenkins logs:

19:28:56.008 INFO  EXECUTION FAILURE
19:28:56.009 INFO  Total time: 3.472s
19:28:56.009 ERROR Error during SonarScanner CLI execution
19:28:56.009 ERROR No branch exists in Sonarqube with the name master
19:28:56.009 ERROR
19:28:56.009 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.
[Pipeline] readFile
[Pipeline] echo
**SonarQube scan exited with statusCode 0**

Which is logged when executing:

int statusCode
String scanOutput
try {
    statusCode = sh(script: cliCommand, returnStatus: true)
} catch (Exception exception) {
    println("Exception: ${exception.message}")
}
scanOutput = readFile('output.txt')
if (statusCode != 0) {
    println("SonarQube scan failed with statusCode ${statusCode}")
    error('SonarQube scan failed with a non-zero exit code')
} else {
    println("SonarQube scan exited with statusCode ${statusCode}")
}

As you can see, the execution does not throw an Exception of any kind. But it also doesn’t exit with a non-zero exit-code. Therefore we are not able to see and act on the execution failure, other than to scan the output for errors.

eric.giffon · October 1, 2024, 8:19am

Can you please provide the scanner version? It should be logged at the start.

Bram_P · October 2, 2024, 8:45am

SonarScanner CLI 6.1.0.4477
Communicating with SonarQube Server 10.4.1.88267

Thank you in advance

Julien_HENRY · October 2, 2024, 10:29am

Hi,

Could it be an issue with Jenkins sh command? I found a similar problem on StackOverflow.