Sonarscanner for npm not working when env HTTP_PROXY/HTTPS_PROXY is defined

We have an installation of SonarQube Developer Editionv9.9.6 (build 92038).
And is using latest version of sonar-scanner for npm 4.2.5 and sonar-scanner CLI 6.2.1.4610.

When starting sonar-scanner and it’s doing the initial call to the version API, it fails with these messages

[INFO]  Bootstrapper: Platform: linux x64
[DEBUG] Bootstrapper: Detecting proxy: No proxy detected
[DEBUG] Bootstrapper: Using truststore at truststore2.p12
[DEBUG] Bootstrapper: 108 CA certificates found in truststore
[INFO]  Bootstrapper: Server URL: https://hostname.domain.no
[INFO]  Bootstrapper: Version: 4.2.5
[DEBUG] Bootstrapper: Check if Server supports JRE provisioning
[DEBUG] Bootstrapper: Detecting SonarQube server version
[DEBUG] Bootstrapper: Fetching API V2 /analysis/version
[DEBUG] Bootstrapper: Unable to fetch API V2 /analysis/version: AxiosError: Request failed with status code 400. Falling back on /api/server/version
[DEBUG] Bootstrapper: Not using axios instance for https://hostname.domain.no/api/server/version
[ERROR] Bootstrapper: Failed to fetch server version: AxiosError: Request failed with status code 400
[ERROR] Bootstrapper: Verify that https://hostname.domain.no is a valid SonarQube server
[ERROR] Bootstrapper: An error occurred: AxiosError: Request failed with status code 400

We have tracked it down to be because of the proxy-settings.
We have these environment-variables set:

HTTP_PROXY = http://proxy.domain.no:8080
HTTPS_PROXY = http://proxy.domain.no:8080
NO_PROXY = domain.no

If we remove them, it works. We suspect that the NO_PROXY is not respected.

2 Likes

Hello @atletokle ,

Welcome to the community,

We noticed that your SQ hostname is hostname.domain.no, but your NO_PROXY is domain.no.
The NO_PROXY environment variable should either contain an exact match of the hostname to exclude or use a wildcard/start with a dot, e.g. .domain.no. Can you please modify your environment variables accordingly?

Thank you.

Using .domain.no fixed the problem.

I noticed that npm/sonarscanner works fine with both .domain.no and *.domain.no but don’t work with domain.no

curl, that we also use in the Jenkins-job works with .domain.no and domain.no but don’t work with *.domain.no

So the .domain.no was the one that was working for both.

Is NO_PROXY officially supported by the application? I can’t find it in the documentation.

Hello @Philippe_Formulain ,

NO_PROXY isn’t officially supported by all our scanners, meaning we do not have a specific sonar property for this (eg we have sonar.scanner.proxy(Host|Port) but we do not have a sonar.scanner.noProxy property).

However, for the bootstrappers that do support HTTP[S]_PROXY like the NPM Scanner, we should also respect NO_PROXY,.which is the case here. I think this is the expected behavior, but arguably it doesn’t hurt to mention it in our README. I’ve created SCANNPM-61 to be more explicit about it.

Hope this helps!