Unable to Connect Azure Pipeline to SonarQube 9.9 LTA on Private Windows Machine

Which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension):

  • SonarQube Server: 9.9 LTA
  • SonarScanner CLI: 6.2.1.4610
  • Java: 17.0.13 Eclipse Adoptium (64-bit)
  • Windows Server: 2022 10.0 amd64
  • SonarScanner for Azure DevOps
  • How is SonarQube deployed: zip, Docker, Helm:
    • Deployed via zip on a private Windows machine
    • Configured to work with HTTPS via a reverse proxy
  • What are you trying to achieve:
    • I am trying to connect my Azure pipeline to the SonarQube instance.
  • What have you tried so far to achieve this:
    • Verified that the SonarQube instance is operational and accessible from my device.
    • Suspected an issue with the SSL certificate from Azure’s side (it does not seem to recognize it).
    • Tried to configure the pipeline to ignore SSL certificate validation, but the issue persists.

Any insights or suggestions on how to resolve this issue would be greatly appreciated.
Thank you!

  • Encountered the following errors during the “SonarQubeAnalyze” step in the pipeline:
> 
> 14:23:10.736 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT] having [521] entries
> 14:23:17.081 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT-LOCALMACHINE] having [521] entries
> 14:23:17.363 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT-CURRENTUSER] having [521] entries
> 14:23:17.363 DEBUG Successfully loaded KeyStore of the type [Windows-MY] having [0] entries
> 14:23:17.363 DEBUG Successfully loaded KeyStore of the type [Windows-MY-CURRENTUSER] having [0] entries
> 14:23:17.441 DEBUG Successfully loaded KeyStore of the type [Windows-MY-LOCALMACHINE] having [4] entries
> 14:23:17.441 DEBUG Loaded [1567] system trusted certificates
> 14:23:18.912 DEBUG --> GET https://sonarqube.xx.biz/api/v2/analysis/version
> 14:23:19.855 DEBUG <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
> 14:23:19.855 DEBUG --> GET https://sonarqube.xx.biz/api/server/version
> 14:23:19.902 DEBUG <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
> 14:23:19.902 INFO  EXECUTION FAILURE
> 14:23:19.902 INFO  Total time: 11.542s
> ##[error]14:23:19.902 ERROR Error during SonarScanner CLI execution
> java.lang.IllegalStateException: Failed to get server version
> 	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.getServerVersion(ScannerEngineBootstrapper.java:194)
> 	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:117)
> 	at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
> 	at org.sonarsource.scanner.cli.Main.main(Main.java:63)
> 	Suppressed: java.lang.IllegalStateException: Call to URL [https://sonarqube.xx.biz/api/v2/analysis/version] failed
> 
> 
> 14:23:19.917 ERROR 
> 14:23:19.917 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.
> ##[warning]Can't find loc string for key: LIB_ProcessExitCode
> ##[warning]Error while executing SonarQube:Analyze task: LIB_ProcessExitCode D:\a\_work\_tasks\SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055\6.3.4\sonar-scanner\bin\sonar-scanner.bat 1
> ##[error]LIB_ProcessExitCode D:\a\_work\_tasks\SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055\6.3.4\sonar-scanner\bin\sonar-scanner.bat 1

Hey there.

Is the build agent itself “private” (self-hosted) or a hosted agent provided by Microsoft/Azure?

The build agent itself is “private”

Thanks!

So back to this point:

It sounds like your SonarQube server is using a self-signed certificate that isn’t trusted by the JVM running the scanner.

You can solve this by either:

  • Using a certificate that is not self-signed (trusted by common root CA authorities).
  • If that’s not possible, trusting the certificate on the build agent as documented here.

It’s not possible to configure the scanner to ignore SSL certificate validation.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.