Hi,
Since the recent upgrade of the SonarScanner from 6.2.1.4610 to 7.0.0.4796 we noticed some failing scan on Windows 10 and Java 21 (temurin).
- Running on SonarQube Server Enterprise 9.9.8
- We are not using custom truststore (we have valid SSl certificate)
c:\jenkins\tools\hudson.model.JDK\temurin-jdk-21\jdk-21+35\lib\security\cacertsexists on the JDK- The cacert doesn’t have any password (confirmed by
keytool -list -keystore C:\jenkins\tools\hudson.model.JDK\temurin-jdk-21\jdk-21+35\lib\security\cacerts)
`
Stacktrace is
[05:37:37.791+01:00] - 05:37:37.481 INFO Project root configuration file: NONE
[05:37:37.791+01:00] - 05:37:37.559 INFO SonarScanner CLI 7.0.0.4796
[05:37:37.791+01:00] - 05:37:37.564 INFO Java 21 Eclipse Adoptium (64-bit)
[05:37:37.791+01:00] - 05:37:37.601 INFO Windows 10 10.0 amd64
[05:37:37.791+01:00] - 05:37:37.705 INFO User cache: C:\Users\jenkins\.sonar\cache
[05:37:47.293+01:00] - 05:37:46.040 INFO EXECUTION FAILURE
[05:37:47.293+01:00] - 05:37:46.045 INFO Total time: 8.805s
[05:37:47.293+01:00] - 05:37:46.045 ERROR Error during SonarScanner CLI execution
[05:37:47.293+01:00] - nl.altindag.ssl.exception.GenericKeyStoreException: Unable to read truststore from 'c:\jenkins\tools\hudson.model.JDK\temurin-jdk-21\jdk-21+35\lib\security\cacerts'
[05:37:47.293+01:00] - at org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory.configureSsl(OkHttpClientFactory.java:141)
[05:37:47.293+01:00] - at org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory.create(OkHttpClientFactory.java:76)
[05:37:47.293+01:00] - at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.init(ScannerHttpClient.java:52)
[05:37:47.293+01:00] - at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:142)
[05:37:47.293+01:00] - at org.sonarsource.scanner.cli.Main.analyze(Main.java:76)
[05:37:47.293+01:00] - at org.sonarsource.scanner.cli.Main.main(Main.java:64)
[05:37:47.293+01:00] - Caused by: java.io.IOException: password supplied for keystore that does not require one
Debug logs doesn’t say much
[07:38:24.794+01:00] - 07:38:24.530 DEBUG Using truststore: c:\jenkins\tools\hudson.model.JDK\temurin-jdk-21\jdk-21+35\lib\security\cacerts
[07:38:25.083+01:00] - 07:38:24.991 DEBUG Loading OS trusted SSL certificates...
[07:38:25.083+01:00] - 07:38:24.991 DEBUG This operation might be slow or even get stuck. You can skip it by passing the scanner property 'sonar.scanner.skipSystemTruststore=true'
[07:38:25.371+01:00] - 07:38:25.192 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT] having [37] entries
[07:38:25.371+01:00] - 07:38:25.246 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT-LOCALMACHINE] having [37] entries
[07:38:25.371+01:00] - 07:38:25.293 DEBUG Successfully loaded KeyStore of the type [Windows-ROOT-CURRENTUSER] having [37] entries
[07:38:25.371+01:00] - 07:38:25.296 DEBUG Successfully loaded KeyStore of the type [Windows-MY] having [0] entries
[07:38:25.371+01:00] - 07:38:25.298 DEBUG Successfully loaded KeyStore of the type [Windows-MY-CURRENTUSER] having [0] entries
[07:38:25.371+01:00] - 07:38:25.299 DEBUG Successfully loaded KeyStore of the type [Windows-MY-LOCALMACHINE] having [0] entries
[07:38:25.371+01:00] - 07:38:25.308 DEBUG Loaded [111] system trusted certificates
[07:38:33.369+01:00] - 07:38:32.261 INFO EXECUTION FAILURE
[07:38:33.369+01:00] - 07:38:32.267 INFO Total time: 8.191s
[07:38:33.369+01:00] - 07:38:32.267 ERROR Error during SonarScanner CLI execution
It tell by some sonar.scanner.skipSystemTruststore property, which looks undocumented
Why SonarScanner is attempting to open a JVM trustore and providing a password when not needed ?
Regards,
