SQ DE 7.3 not decorating TFS PRs


(Roberto Silva) #1


I have installed a trial version of SonarQube DE 7.3 and followed the setup instructions here https://docs.sonarqube.org/display/SONAR/Pull+Request+Analysis and here https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS. Also went through local instructions at http://localhost:9000/documentation/analysis/pull-request

All seems to work correctly apart from the PR decoration. There are no comments in the PR.
I am triggering a build through branch policies (build validation):

It runs through fine and creates a branch analysis on sonarqube

But the issues found in the analysis are not visible on my PR

Is there anything else I need to do to? Could it be a problem with my user access token? (I’m not a tfs admin) or could it be that I’m using a branch build validation build to trigger the analysis?


(Roberto Silva) #2

Just adding some extra info, our TFS is 2018.2
Using the extension version 4.4.1 and tasks version is 4.*

I have tested a token from a system admin and the result is the same.

The ce logs show: Failed to access VSTS, the repository or the Pull Request: API resource location 225f7195-f9c7-4d14-ab28-a83f7ff77e1f is not registered on https://tfs:444/tfs/Common/. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Unsure if that is related to comments not showing

(Colin Mueller) #3


If you check the Pull Request Analysis documentation, you’ll see that SonarQube and VSTS is not a currently supported configuration.


(Roberto Silva) #4

Hi Collin,

Thanks for your reply. I’m using TFS, not VSTS and that page says it is available.


(Colin Mueller) #5

Ah, apologies. I saw your note about ce.log which mentioned VSTS and got my wires crossed.

NIco’s post here provides some insight: Run Code Analysis Task on TFS 2018 fails every time with certificate error

I wonder if your SonarQube server does not have the necessary certificates in its java trust stores to access your (https) TFS instance?


(Roberto Silva) #6

I’m running the server locally and haven’t added any certificates so that’s likely. How would I go about adding it?


(Roberto Silva) #7

Here’s what I’ve tried so far:

Add certificate (with public key) via Java Control Panel > Security > Manage Certificates…
Add certificate to JRE default cacerts keystore.
Add certificate to .keystore on default user folder C:\Users<username>.keystore

None of these made a difference, still getting the same error.
Do I need to tell sonarqube to look at a specific store?
Does the certificate need to include public/private keys?

Any help would be appreciated.


(Roberto Silva) #8

Issue was solved by downloading the correct certificate from the tfs website, using chrome dev tools, and adding it to the default cacerts keystore