Unable to Execute Sonar Scanner from Jenkins Node/Slave

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

1. SonarQube Server 7.9.1.27448
2. SonarQube Scanner 4.0.0.1744

• what are you trying to achieve
  Do a successful SonarScan for my project.
• what have you tried so far to achieve this

Installed SonarQube Scanner version 4.0.0…1744 on the Jenkins Node/Slave.
Updated the sonar-scanner.properties
Passing the SonarQube URL and

09:34:15.913 INFO: Scanner configuration file: C:\Users\muni\Desktop\SonarRunner\sonar-scanner-4.0.0.1744-windows\bin..\conf\sonar-scanner.properties
09:34:15.917 INFO: Project root configuration file: NONE
09:34:15.939 INFO: SonarQube Scanner 4.0.0.1744
09:34:15.939 INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
09:34:15.939 INFO: Windows 10 10.0 amd64
09:34:16.068 DEBUG: keyStore is :
09:34:16.068 DEBUG: keyStore type is : pkcs12
09:34:16.068 DEBUG: keyStore provider is :
09:34:16.071 DEBUG: init keystore
09:34:16.071 DEBUG: init keymanager of type SunX509
09:34:16.628 DEBUG: Create: C:\Users\muni.sonar\cache
09:34:16.630 INFO: User cache: C:\Users\muni.sonar\cache
09:34:16.630 DEBUG: Create: C:\Users\muni.sonar\cache_tmp
09:34:16.633 DEBUG: Extract sonar-scanner-api-batch in temp…
09:34:16.637 DEBUG: Get bootstrap index…
09:34:16.637 DEBUG: Download: https://sonarqube.xxx.com/batch/index
09:34:16.845 ERROR: SonarQube server [https://sonarqube.xxx.com] can not be reached
09:34:16.845 INFO: ------------------------------------------------------------------------
09:34:16.846 INFO: EXECUTION FAILURE
09:34:16.846 INFO: ------------------------------------------------------------------------
09:34:16.846 INFO: Total time: 0.955s
09:34:16.856 INFO: Final Memory: 3M/24M
09:34:16.857 INFO: ------------------------------------------------------------------------
09:34:16.857 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:181)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:122)
at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
… 7 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
… 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at java.base/sun.security.validator.Validator.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
… 44 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
… 50 more
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Declarative: Post Actions)
[Pipeline] deleteDir
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE

Hi,

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

this means the Java runtime you’re using for Sonarqube Scanner has no valid cacerts file
(path = JAVA_HOME\jre\lib\security\cacerts) with the root CAs needed for authenticating.

Gilbert

Thank you @anon67236913 or immediate response. It is using the JRE with in the Sonar Scanner, how to update or add the certificate to it. Which certificate i need to add.

Hi,

OK, you’re using the Sonarqube Scanner release with the builtin JRE.
BTW, this is a gotcha Faced the same problem once after updating the scanner with
that version unintentional.
The builtin cacerts has this path, i.e. the windows client

sonar-scanner-4.0.0.1744-windows\jre\lib\security\cacerts

For an SSL connection to https://yoursonarhost the Java client = Sonarqube Scanner needs a
truststore = cacerts (default name) that has the RootCAs of your organization.
If your machine already has a Java runtime installed, it might be possible it has already the right cacerts file, then either

use the Sonarqube Scanner without JRE or
copy the cacerts to …\jre\lib\security\cacerts of your Sonarqube Scanner.
Otherwise ask your Java admin for the cacerts file.

If you’re on your own, this might be helpful:

https://drissamri.be/blog/2017/02/22/java-keystore-keytool-essentials/

Gilbert

Thank you @anon67236913. Appreciate the detailed steps, as you rightly said, the certs are missing, received the required sets from SonarQube admin and updated the same in the jre path and its working as expected.

This is my first post in SonarSource Community and really appreciate for the warm welcome

A post was split to a new topic: Scanner certificate sisue