SonarScanner on Docker container Ubuntu 20

Hi,

I’m trying to scan a .Net project with sonarscanner-cli Docker image tag 4.6
I’m using this command:

docker run \
    --rm \
    --user="$(id -u):$(id -g)" \
    -v /tmp/sqcache:/opt/sonar-scanner/.sonar/cache \
    -e SONAR_HOST_URL="https://subdomain.publicurl.com" \
    -e SONAR_LOGIN="token" \
    -v "/home/projects/project1:/usr/src" \
    sonarsource/sonar-scanner-cli:4.6

But the output is this one:

09:35:32.070 INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
09:35:32.072 INFO: Project root configuration file: NONE
09:35:32.106 INFO: SonarScanner 4.6.2.2472
09:35:32.106 INFO: Java 11.0.11 Alpine (64-bit)
09:35:32.106 INFO: Linux 5.4.0-89-generic amd64
09:35:32.258 DEBUG: keyStore is :
09:35:32.258 DEBUG: keyStore type is : pkcs12
09:35:32.258 DEBUG: keyStore provider is :
09:35:32.259 DEBUG: init keystore
09:35:32.259 DEBUG: init keymanager of type SunX509
09:35:32.373 DEBUG: Create: /opt/sonar-scanner/.sonar/cache
09:35:32.373 INFO: User cache: /opt/sonar-scanner/.sonar/cache
09:35:32.374 DEBUG: Create: /opt/sonar-scanner/.sonar/cache/_tmp
09:35:32.376 DEBUG: Extract sonar-scanner-api-batch in temp...
09:35:32.378 DEBUG: Get bootstrap index...
09:35:32.379 DEBUG: Download: https://subdomain.publicurl.com/batch/index
09:35:32.624 ERROR: SonarQube server [https://subdomain.publicurl.com] can not be reached
09:35:32.624 INFO: ------------------------------------------------------------------------
09:35:32.625 INFO: EXECUTION FAILURE
09:35:32.625 INFO: ------------------------------------------------------------------------
09:35:32.625 INFO: Total time: 0.563s
09:35:32.642 INFO: Final Memory: 3M/20M
09:35:32.642 INFO: ------------------------------------------------------------------------
09:35:32.642 ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
        at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
        ... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
...
...
...

Any ideas why?

What I did:

echo -n | openssl s_client -connect subdomain.publicurl.com:443  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./cert.cert
keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias subdomain.publicurl.com -file cert.cert

And then executing Docker container as:

docker run \
    --rm \
    --user="$(id -u):$(id -g)" \
    -v /tmp/sqcache:/opt/sonar-scanner/.sonar/cache \
    -e SONAR_HOST_URL="https://subdomain.publicurl.com" \
    -e SONAR_LOGIN="token" \
    -v "/home/projects/project1:/usr/src" \
    -v `pwd`/cacerts:/etc/ssl/certs/java/cacerts \
    sonarsource/sonar-scanner-cli:4.6

But now the error says:

the trustAnchors parameter must be non-empty

Any idea?

Nobody no ideas :frowning: ?

I’m trying on .NET … If I’m running it not via the Docker but inside the server something like:

dotnet sonarscanner begin /k:"project" /d:sonar.host.url="https://subdomain.url.com"  /d:sonar.login="xyz"
dotnet build
dotnet end /...

I have no output and it is not working.
What should I do to have output to check what it is failing or why nothing happen on sonar scanner?

Actually … I’m trying not to run everything after:
dotnet sonarscanner and I have no output
e.g:

dotnet sonarscanner mmm
dotnet sonarscanner xyz

no output … why and how can I investigate?
My server it is ubuntu and I can’t run dotnet as a normal user need to run it as root

Fixed that problem … I’m again to the first issue

@astingengo could you confirm that you are now using the dotnet sonarscanner to analyse the code?

Also, if you are using dotnet sonarscanner then the end command should be dotnet sonarscanner end, not dotnet end.

@duncanp oh. Yes using dotnet sonarscanner end but still no data to the SonarQube because of the error unable to find valid certification path to requested target and I can’t find a way to skip ssl validation

I was able to pass that with https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message help.
But still the begin it is failing

06:28:31.192 INFO: Load plugins index (done) | time=216ms
06:28:31.331 INFO: Load/download plugins (done) | time=355ms
06:28:31.414 DEBUG: Plugins:
06:28:31.414 DEBUG:   * CSS Code Quality and Security 1.4.2.2002 (cssfamily)
06:28:31.414 DEBUG:   * PL/SQL Code Quality and Security 3.6.1.3873 (plsql)
06:28:31.415 DEBUG:   * Scala Code Quality and Security 1.8.3.2219 (sonarscala)
06:28:31.415 DEBUG:   * C# Code Quality and Security 8.25.0.33663 (csharp)
06:28:31.415 DEBUG:   * Vulnerability Analysis 9.0.0.12669 (security)
06:28:31.415 DEBUG:   * Java Code Quality and Security 7.1.0.26670 (java)
06:28:31.415 DEBUG:   * HTML Code Quality and Security 3.4.0.2754 (web)
06:28:31.416 DEBUG:   * Flex Code Quality and Security 2.6.2.2641 (flex)
06:28:31.416 DEBUG:   * XML Code Quality and Security 2.2.0.2973 (xml)
06:28:31.416 DEBUG:   * VB.NET Code Quality and Security 8.25.0.33663 (vbnet)
06:28:31.416 DEBUG:   * Swift Code Quality and Security 4.3.1.4892 (swift)
06:28:31.416 DEBUG:   * CFamily Code Quality and Security 6.23.0.34138 (cpp)
06:28:31.417 DEBUG:   * Python Code Quality and Security 3.5.0.8244 (python)
06:28:31.417 DEBUG:   * Go Code Quality and Security 1.8.3.2219 (go)
06:28:31.417 DEBUG:   * JaCoCo 1.1.1.1157 (jacoco)
06:28:31.417 DEBUG:   * Kotlin Code Quality and Security 2.0.1.110 (kotlin)
06:28:31.417 DEBUG:   * T-SQL Code Quality and Security 1.5.1.4340 (tsql)
06:28:31.418 DEBUG:   * JavaScript/TypeScript Code Quality and Security 8.1.0.15788 (javascript)
06:28:31.418 DEBUG:   * Ruby Code Quality and Security 1.8.3.2219 (ruby)
06:28:31.418 DEBUG:   * Vulnerability Rules for C# 9.0.0.12669 (securitycsharpfrontend)
06:28:31.418 DEBUG:   * Vulnerability Rules for Java 9.0.0.12669 (securityjavafrontend)
06:28:31.418 DEBUG:   * License for SonarLint 9.0.1.46107 (license)
06:28:31.419 DEBUG:   * Vulnerability Rules for JS 9.0.0.12669 (securityjsfrontend)
06:28:31.419 DEBUG:   * Vulnerability Rules for Python 9.0.0.12669 (securitypythonfrontend)
06:28:31.419 DEBUG:   * PHP Code Quality and Security 3.17.0.7439 (php)
06:28:31.419 DEBUG:   * ABAP Code Quality and Security 3.9.1.3127 (abap)
06:28:31.420 DEBUG:   * Vulnerability Rules for PHP 9.0.0.12669 (securityphpfrontend)
06:28:31.441 INFO: Loaded core extensions: developer-scanner
06:28:31.445 INFO: ------------------------------------------------------------------------
06:28:31.446 INFO: EXECUTION FAILURE
06:28:31.446 INFO: ------------------------------------------------------------------------
06:28:31.446 INFO: Total time: 2.850s
06:28:31.466 INFO: Final Memory: 5M/20M
06:28:31.466 INFO: ------------------------------------------------------------------------
06:28:31.466 ERROR: Error during SonarScanner execution
Tasks support was removed in SonarQube 7.6.

Is it there any reason why it is doing that?

Is the log from the begin step or the end step? It looks like the end step to me.

This thread suggests that the problem might be with your command line arguments, so you might want to check those.

Both are giving the same output.
I’m not using anymore via dotnet sonnarscanner as this will give no output
I’m using https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip

Regarding cla I saw those posts and I’m not sure this is the case.
I’m using the command as

sonar-scanner begin -Dsonar.projectKey="project" \
  -Dsonar.host.url="https://sub.domain.com/" \
  -Dsonar.login="key"

for me looks good …

You have to use the SonarScanner for .Net if you want to analyse .Net code.
The scanner cli will not analyse .Net code.

I switched to .Net but I’m having the same problem with

INFO: EXECUTION FAILURE

:frowning:

Problem solved. Finally.
I installed dotnet not via sdk but via the script.
After that I installed sonarscanner via dotnet cli and now everything seems to work.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.