SonarScanner for Bamboo: Java certificate error

leweri · October 21, 2020, 5:40pm

SonarScanner 4.3.0.2102
The Bamboo SonarScanner plugin is configured to use Java 1.8.0.151
A containerized SonarQube 8.4.2 Developer Edition behind https
JDK 1.8.0.151

I have configured the SonarScanner plugin to fail the build if quality gates fail.

Our Bamboo pipeline successfully scans a Python code base and the resulting data is available in SonarQube.

The Bamboo build log contains the following output:

|build|21-Oct-2020 09:58:03|INFO: ANALYSIS SUCCESSFUL, you can browse https://<ip>/dashboard?id=<project>|
|---|---|---|
|build|21-Oct-2020 09:58:03|INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report|
|build|21-Oct-2020 09:58:03|INFO: More about the report processing at https://<ip>/api/ce/task?id=********************|
|build|21-Oct-2020 09:58:03|INFO: Analysis total time: 18.580 s|
|build|21-Oct-2020 09:58:03|INFO: ------------------------------------------------------------------------|
|build|21-Oct-2020 09:58:03|INFO: EXECUTION SUCCESS|
|build|21-Oct-2020 09:58:03|INFO: ------------------------------------------------------------------------|
|build|21-Oct-2020 09:58:03|INFO: Total time: 20.413s|
|build|21-Oct-2020 09:58:03|INFO: Final Memory: 98M/334M|
|build|21-Oct-2020 09:58:03|INFO: ------------------------------------------------------------------------|
|simple|21-Oct-2020 09:58:03|SONAR4BAMBOO: was not able to find a SonarQube result URL|
|error|21-Oct-2020 09:58:03|SONAR4BAMBOO: SonarQube quality gate detection failed. Reason: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target|

Based on Using Quality Gates SonarQube Plugin in jenkins, I used openssl to create a .crt for the containerized instance of SonarQube, which I then imported into cacerts, on the machine running the remote Bamboo Agent, with

../../bin/keytool -import -alias sonarqube -file oursonarqubecert.crt -keystore ./cacerts

The error is still occurring.

Could someone help to point out what steps I missed?