Unable to execute SonarScanner analysis - PKIX - can't find valid certification apth

  • ALM used (GitHub)

  • Scanner command used in IntelliJ : mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar

  • Languages of the repository : java

  • Sonarcloud project is private

  • Error observed :

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project campaign-module-api: Unable to execute SonarScanner analysis: Fail to get bootstrap index from server: PKIX pa
th building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
  • mvn version : 3.8.4
  • java version : 17.0.2
  • Potential workaround : i have a feeling that there may be a concurrency with jira.

Hey there.

Are you facing this issue with SonarCloud or SonarQube?

Hey Colin,

Sonar cloud

It sounds like SonarCloud isn’t trusted by the truststore of your Java installation.

If this certificate isn’t trusted by the JVM installation on your server (SSLPoke is a great tool for testing this), you’ll need to update the truststore being used by the Java installation that runs your SonarCloud server to trust this certificate.

This sounds like an issue isolated to your Java installation, otherwise we’d have many, many reports of this. I can confirm that SonarCloud’s certificate is valid.