Sonarscanner fails with: Could not find a default branch to fall back on

SonarCloud
1

Hi, We’re experiencing problems with the Sonarscanner CLI for our Javascrypt / Typescript projects.

  • ALM used:
    GitHub

  • CI system used:
    CircleCI

  • Scanner command used when applicable:
    $SCANNER_DIRECTORY/sonar-scanner-$VERSION-$OS/bin/sonar-scanner -X

  • Languages of the repository:
    Typescript

  • Error observed:

10:43:19.685 INFO: Scanner configuration file: /tmp/cache/scanner/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
10:43:19.686 INFO: Project root configuration file: /home/circleci/project/sonar-project.properties
10:43:19.705 INFO: SonarScanner 4.7.0.2747
10:43:19.705 INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
10:43:19.705 INFO: Linux 5.15.0-1021-aws amd64
10:43:19.807 DEBUG: keyStore is :
10:43:19.807 DEBUG: keyStore type is : pkcs12
10:43:19.807 DEBUG: keyStore provider is :
10:43:19.807 DEBUG: init keystore
10:43:19.807 DEBUG: init keymanager of type SunX509
10:43:19.887 DEBUG: Create: /tmp/cache/scanner/.sonar/cache
10:43:19.887 INFO: User cache: /tmp/cache/scanner/.sonar/cache
10:43:19.887 DEBUG: Create: /tmp/cache/scanner/.sonar/cache/_tmp
10:43:19.889 DEBUG: Extract sonar-scanner-api-batch in temp...
10:43:19.891 DEBUG: Get bootstrap index...
10:43:19.891 DEBUG: Download: https://sonarcloud.io/batch/index
10:43:20.549 DEBUG: Get bootstrap completed
10:43:20.552 DEBUG: Create isolated classloader...
10:43:20.557 DEBUG: Start temp cleaning...
10:43:20.559 DEBUG: Temp cleaning done
10:43:20.559 INFO: Scanner configuration file: /tmp/cache/scanner/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
10:43:20.560 INFO: Project root configuration file: /home/circleci/project/sonar-project.properties
10:43:20.560 DEBUG: Execution getVersion
10:43:20.581 INFO: Analyzing on SonarQube server 8.0.0.36537
10:43:20.582 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
10:43:20.582 DEBUG: Work directory: /home/circleci/project/.scannerwork
10:43:20.583 DEBUG: Execution execute
10:43:20.752 DEBUG: SonarCloud 9.13.0.360
10:43:20.925 INFO: Load global settings
10:43:21.478 DEBUG: GET 200 https://sonarcloud.io/api/settings/values.protobuf | time=552ms
10:43:21.486 INFO: Load global settings (done) | time=561ms
10:43:21.490 INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
10:43:21.500 INFO: User cache: /tmp/cache/scanner/.sonar/cache
10:43:21.504 INFO: Load/download plugins
10:43:21.505 INFO: Load plugins index
10:43:22.021 DEBUG: GET 200 https://sonarcloud.io/api/plugins/installed | time=516ms
10:43:22.054 INFO: Load plugins index (done) | time=549ms
10:43:22.212 INFO: Load/download plugins (done) | time=708ms
10:43:22.341 DEBUG: Plugins:
10:43:22.341 DEBUG:   * IaC Code Quality and Security 1.9.2.2279 (iac)
10:43:22.342 DEBUG:   * PL/SQL Code Quality and Security 3.8.0.4948 (plsql)
10:43:22.342 DEBUG:   * Scala Code Quality and Security 1.11.0.3905 (sonarscala)
10:43:22.342 DEBUG:   * C# Code Quality and Security 8.51.0.59060 (csharp)
10:43:22.342 DEBUG:   * Vulnerability Analysis 9.9.0-M1.18978 (security)
10:43:22.342 DEBUG:   * Java Code Quality and Security 7.15.0.30507 (java)
10:43:22.342 DEBUG:   * HTML Code Quality and Security 3.7.1.3306 (web)
10:43:22.343 DEBUG:   * Flex Code Quality and Security 2.8.0.3166 (flex)
10:43:22.343 DEBUG:   * XML Code Quality and Security 2.6.1.3686 (xml)
10:43:22.343 DEBUG:   * Text file Code Quality and Security 1.2.0.510 (text)
10:43:22.343 DEBUG:   * VB.NET Code Quality and Security 8.51.0.59060 (vbnet)
10:43:22.343 DEBUG:   * Swift Code Quality and Security 4.8.0.5759 (swift)
10:43:22.343 DEBUG:   * CFamily Code Quality and Security 6.41.0.60884 (cpp)
10:43:22.344 DEBUG:   * Python Code Quality and Security 3.23.0.10732 (python)
10:43:22.344 DEBUG:   * Dataflow Bug Detection Rules for Python 1.10.0.3046 (dbdpythonfrontend)
10:43:22.344 DEBUG:   * Dataflow Bug Detection 1.10.0.3046 (dbd)
10:43:22.344 DEBUG:   * Go Code Quality and Security 1.11.0.3905 (go)
10:43:22.344 DEBUG:   * JaCoCo 1.2.0.1505 (jacoco)
10:43:22.344 DEBUG:   * Kotlin Code Quality and Security 2.12.0.1956 (kotlin)
10:43:22.344 DEBUG:   * Dataflow Bug Detection Rules for Java 1.10.0.3046 (dbdjavafrontend)
10:43:22.344 DEBUG:   * T-SQL Code Quality and Security 1.7.0.5449 (tsql)
10:43:22.344 DEBUG:   * Apex Code Quality and Security 1.11.0.3905 (sonarapex)
10:43:22.345 DEBUG:   * JavaScript/TypeScript/CSS Code Quality and Security 9.12.1.20358 (javascript)
10:43:22.345 DEBUG:   * Ruby Code Quality and Security 1.11.0.3905 (ruby)
10:43:22.345 DEBUG:   * Vulnerability Rules for C# 9.9.0-M1.18978 (securitycsharpfrontend)
10:43:22.345 DEBUG:   * Vulnerability Rules for Java 9.9.0-M1.18978 (securityjavafrontend)
10:43:22.345 DEBUG:   * License for SonarLint 8.0.0.36537 (license)
10:43:22.345 DEBUG:   * Vulnerability Rules for JS 9.9.0-M1.18978 (securityjsfrontend)
10:43:22.345 DEBUG:   * COBOL Code Quality 5.2.0.5949 (cobol)
10:43:22.345 DEBUG:   * Vulnerability Rules for Python 9.9.0-M1.18978 (securitypythonfrontend)
10:43:22.345 DEBUG:   * PHP Code Quality and Security 3.26.0.9313 (php)
10:43:22.345 DEBUG:   * ABAP Code Quality and Security 3.11.0.4030 (abap)
10:43:22.346 DEBUG:   * Configuration detection fot Code Quality and Security 1.2.0.267 (config)
10:43:22.346 DEBUG:   * Vulnerability Rules for PHP 9.9.0-M1.18978 (securityphpfrontend)
10:43:22.857 DEBUG: GET 200 https://sonarcloud.io/api/server/version | time=511ms
10:43:22.860 DEBUG: Updated analysis started with a difference of -49 milliseconds
10:43:22.865 DEBUG: Started at Wed Jan 11 10:43:21 UTC 2023
10:43:22.900 INFO: Loaded core extensions: developer-scanner
10:43:22.917 DEBUG: Installed core extension: com.sonarsource.branch.DeveloperScannerCoreExtension@c81fd12
10:43:23.261 INFO: Found an active CI vendor: 'CircleCI'
10:43:23.271 INFO: Load project settings for component key: 'onewelcome_react-lib-components'
10:43:23.789 DEBUG: GET 404 https://sonarcloud.io/api/settings/values.protobuf?component=onewelcome_react-lib-components | time=517ms
10:43:23.793 INFO: Process project properties
10:43:23.798 DEBUG: Process project properties (done) | time=5ms
10:43:23.799 INFO: Execute project builders
10:43:23.799 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
10:43:23.799 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
10:43:23.800 INFO: Execute project builders (done) | time=1ms
10:43:23.802 INFO: Project key: onewelcome_react-lib-components
10:43:23.802 INFO: Base dir: /home/circleci/project
10:43:23.802 INFO: Working dir: /home/circleci/project/.scannerwork
10:43:23.802 DEBUG: Project global encoding: UTF-8, default locale: en_US
10:43:23.803 DEBUG: Creating module hierarchy
10:43:23.803 DEBUG:   Init module 'React component library'
10:43:23.803 DEBUG:     Base dir: /home/circleci/project
10:43:23.803 DEBUG:     Working dir: /home/circleci/project/.scannerwork
10:43:23.803 DEBUG:     Module global encoding: UTF-8, default locale: en_US
10:43:23.859 INFO: Load project branches
10:43:24.373 DEBUG: GET 404 https://sonarcloud.io/api/project_branches/list?project=onewelcome_react-lib-components | time=514ms
10:43:24.373 DEBUG: Could not process project branches - continuing without it
10:43:24.374 INFO: Load project branches (done) | time=515ms
10:43:24.376 INFO: Check ALM binding of project 'onewelcome_react-lib-components'
10:43:24.887 DEBUG: GET 401 https://sonarcloud.io/api/alm_integration/is_project_bound?project=onewelcome_react-lib-components | time=510ms
10:43:24.888 WARN: Failed to check if project 'onewelcome_react-lib-components' is bound
10:43:24.888 INFO: Detected project binding: ERROR
10:43:24.888 INFO: Check ALM binding of project 'onewelcome_react-lib-components' (done) | time=512ms
10:43:24.890 INFO: Load project pull requests
10:43:25.404 DEBUG: GET 404 https://sonarcloud.io/api/project_pull_requests/list?project=onewelcome_react-lib-components | time=514ms
10:43:25.404 DEBUG: Could not process project pull requests - continuing without it
10:43:25.405 INFO: Load project pull requests (done) | time=515ms
10:43:25.407 INFO: Load branch configuration
10:43:25.409 INFO: Auto-configuring branch update-orb-3
10:43:25.414 INFO: ------------------------------------------------------------------------
10:43:25.414 INFO: EXECUTION FAILURE
10:43:25.414 INFO: ------------------------------------------------------------------------
10:43:25.414 INFO: Total time: 5.744s
10:43:25.445 INFO: Final Memory: 19M/67M
10:43:25.445 INFO: ------------------------------------------------------------------------
10:43:25.445 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.instantiateComponentAsIsStartable(DefaultPicoContainer.java:1034)
	at org.picocontainer.DefaultPicoContainer.addAdapterIfStartable(DefaultPicoContainer.java:1026)
	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1003)
	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Unable to load component interface org.sonar.scanner.scan.branch.BranchConfiguration
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:50)
	... 34 more
Caused by: Could not find a default branch to fall back on.

  • Steps to reproduce:
    Execute the Sonarscanner CLI with a valid API key

  • Potential workaround:
    NONE

1 Like
2

Hi,

One of the errors you get is a 401, which is “unauthorized”, and I suspect this is the one to pay attention to.

Can you make sure the account you used for analysis has SonarCloud permissions to the project (specifically, to Browse and Analyze)?

 
Ann

3

Ok, but how is that possible as I am 100% sure that my token is valid and I have access to the project.

4

Okay. Can you double-check that the project has this key in SonarCloud: onewelcome_react-lib-components?

 
Ann

5

Yeah, I am 100% sure that it has this key. When I perform the ALM binding API call from the command line using the same key as the CLI is using, I do get a successful response. Hence, the token is correct. It seems that something inside the CLI goes wrong.

For reference I performed this call:

curl -s -u "$SONAR_TOKEN:" https://sonarcloud.io/api/alm_integration/is_project_bound?project=onewelcome_react-lib-components

and the response was : {"is_bound":true}

8

After further digging, it turns out that the SonarCloud orb is causing the problem. The orb contains the possibility to pass a custom environment variable. This environment variable is however not picked up by the CLI, resulting in the above errors.

I have prepared a PR to address the problem: Fix resolving the custom environment variable to pass the sonar token by steinwelberg · Pull Request #18 · SonarSource/sonarcloud-circleci-orb · GitHub

1 Like