Sonarqube upload report 403 - sonarqube

I have a Sonar analysis job in Jenkins which was working fine. Suddenly last week it started throwing error when uploading the report to Sonarqube server.
11:47:31 06:17:31.409 INFO: Analysis report generated in /var/jenkins_home/workspace/projectdirmasked/sample/.scannerwork/scanner-report
11:47:31 06:17:31.409 DEBUG: Upload report
11:47:31 06:17:31.481 DEBUG: POST 403 https://sonarqubehostnamemasked.com/api/ce/submit?projectKey=Sonar_Test&projectName=Sonar_Test | time=72ms
11:47:31 06:17:31.486 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.486 INFO: EXECUTION FAILURE
11:47:31 06:17:31.486 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.486 INFO: Total time: 9.877s
11:47:31 06:17:31.621 INFO: Final Memory: 39M/421M
11:47:31 06:17:31.621 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.621 ERROR: Error during SonarScanner execution
11:47:31 You're not authorized to run analysis. Please contact the project administrator.
The user belongs to the token has admin access. As well execute-analysis permission. And basically the user has assigned all the available permission in Sonarqube. So definitely it is not permission issue on the user.
All other projects using the same token in the same jenkins are able to scan successfully and upload the report.
Version: Enterprise Sonarqube 8.9.6
csharp plugin version: 8.22.0, xml plugin version: 2.2.0 (as I am scanning cs and xml files)
Any leads on this will be helpful!

Related

is it possible to get sonarqube 8.6 exitcode from terminal based on analysis results?

Hi all I'm on linux and want to run sonarqube locally and based on the analysis result get exit code
So for example if 0 errors in code analysis then exit code 0
If it has 1 or more error in code analysis then exit code != 0
I run SQ server from docker-compose like this:
version: "3"
services:
sonarqube:
container_name: sonarqube
image: sonarqube:latest
ports:
- "9000:9000"
- "9092:9092"
and then with node I run sonarqube-scanner:
const sonarqubeScanner = require('sonarqube-scanner');
sonarqubeScanner({
serverUrl: 'http://localhost:9000',
options : {
'sonar.sources': '.',
'sonar.inclusions' : 'src/**',
}
}, () => {});
Finally I get success on console but no exit codes:
INFO: CPD Executor 4 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 3 files
INFO: CPD Executor CPD calculation finished (done) | time=11ms
INFO: Analysis report generated in 74ms, dir size=97 KB
INFO: Analysis report compressed in 46ms, zip size=21 KB
INFO: Analysis report uploaded in 34ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=foobar
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=example
INFO: Analysis total time: 18.668 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 19.616s
INFO: Final Memory: 12M/50M
INFO: ------------------------------------------------------------------------
[11:10:42] Analysis finished.
It isn't practical for the sonar-scanner to return the scan results, because there are many details that a client might want to see. At the completion of the scan in the sonarqube server, a background task is run that produces the basic statistics based on the guidelines in the quality gate set in the project.
Typically, the SonarQube project has a "Webhook" value that specifies a url to post the background task results to, and that url is usually in Jenkins.
In a Jenkins scripted pipeline job, the "waitForQualityGate()" pipeline step is used to wait for that webhook call to be received.

SonarQube 6.0 with Sonar-Scanner-2.6.1 Cofinguration with MYSQL

I was using SonarQube 5.1.2 with Sonar-runner-dist 2.4 but I have to upgrade my SonarQube to 6.0 along with Sonar-Scanner-2.6.1
I was using MySQL for SonarQube 5.1.2 but When I upgraded to SonarQube 6.0 I am getting this error , Can someone help me how to override the error and what changes required with SonarQube 6.0
Not Sure why I am getting
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
Complete Error Log
WARN: sonar-runner.bat script is deprecated. Please use sonar-scanner.bat instea
d.
D:\Softwares\SonarQube_old\sonar-scanner-2.6.1\sonar-scanner-2.6.1
Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true
INFO: Scanner configuration file: D:\Softwares\SonarQube_old\sonar-scanner-2.6.1
\sonar-scanner-2.6.1\conf\sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 2.6.1
INFO: Java 1.8.0_111 Oracle Corporation (32-bit)
INFO: Windows 7 6.1 x86
INFO: User cache: C:\Users\391007\.sonar\cache
INFO: Load global repositories
INFO: Load global repositories (done) | time=124ms
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. T
here is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
INFO: User cache: C:\Users\391007\.sonar\cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=9ms
INFO: SonarQube server 6.0
INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is
platform dependent)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2.553s
INFO: Final Memory: 40M/96M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Unable to register extension com.sonar.governance.task.A.A from plugin 'g
overnance'
ERROR: Caused by: Lorg/sonar/batch/bootstrap/BatchWsClient;
ERROR: Caused by: org.sonar.batch.bootstrap.BatchWsClient
ERROR:
ERROR: To see the full stack trace of the errors, re-run SonarQube Scanner with
the -e switch.
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging
I have referred below Answer but I am not getting solution to solve the problem
https://stackoverflow.com/a/35231407/3973543
"WARN: Property 'sonar.jdbc.url' is not supported any more " is not an error, just a warning, since 5.6 sonar.jdbc.url, sonar.jdbc.username and sonar.jdbc.password are not needed anymore in jenkins side. The sonarqube DataBase is only access from sonarqube instance, not from the clients as jenkins. So you should let them empty now. Just fill the sonarqube instance url for the WS connection.
Governance plugin is now commercial, you have to registry a license for using it

SonarQube Build Breaker plugin: Report processing did not complete successfully: FAILED

I am trying to upload reports generated by Istanbul to Sonar dashboard using a gulp task and it fails with the below error. Looks like the Build Breaker plugin in SonarQube is timing out before it can upload the report to Sonar. Any way that i can tweak this plugin?
I am using Sonar 5.3.
15:42:43.411 INFO: Analysis report generated in /workspace/{project}/.sonar/report
15:42:43.430 INFO: ------------------------------------------------------------------------
15:42:43.430 INFO: EXECUTION FAILURE
15:42:43.430 INFO: ------------------------------------------------------------------------
15:42:43.430 INFO: Total time: 5:06.287s
15:42:43.609 INFO: Final Memory: 57M/2603M
15:42:43.609 INFO: ------------------------------------------------------------------------
15:42:43.609 ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Report processing did not complete successfully: FAILED
at org.sonar.plugins.buildbreaker.QualityGateBreaker.getAnalysisId(QualityGateBreaker.java:152)
at org.sonar.plugins.buildbreaker.QualityGateBreaker.execute(QualityGateBreaker.java:108)
at org.sonar.plugins.buildbreaker.QualityGateBreaker.executeOn(QualityGateBreaker.java:95)
at org.sonar.batch.phases.PostJobsExecutor.execute(PostJobsExecutor.java:65)
at org.sonar.batch.phases.PostJobsExecutor.execute(PostJobsExecutor.java:55)
This is a known invalid issue: #14 (he problem occurs on the server side, not in Build Breaker mechanism/logic).
Matthew DeTullio's comment:
This is because the server side background task for your project is
failing. You need to check the logs there and fix that problem first.
The report processing step is when SQ computes the quality gate
status. This plugin simply checks the status computed there, so if
processing fails this plugin will mark the analysis a failure.
In my company we found on the server side:
java.lang.OutOfMemoryError: GC overhead limit exceeded
The reason could be any error in the SonarQube processing of background task.
And the error is very generic like below
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Report processing did not complete successfully: FAILED
In my case, the server on which SonarQube is installed, ran out of disk space hence it was not able to write the logs.
So, the idea is to check sonar.log to understand whats wrong and rectify it, restart SonarQube service.
less <SONAR_INSTALL_DIR>/logs/sonar.log
2021-03-28 01:13:25,124 elasticsearch[sonarqube][management][T#3] ERROR An exception occurred processing Appender file_es org.apache.logging.log4j.core.appender.AppenderLoggingException: Error writing to stream /apps/sonarqube-8.3.0.34182/logs/es.log
Reboot the Sonar service
cd <SONAR_INSTALL_DIR>/bin
./sonar.sh stop
./sonar.sh start

Metric 'it_lines_cover' should not be computed by a Sensor

I've got an error during phpunit coverage report parsing with SonarQube Scanner 2.8 with following message :
Metric 'it_lines_to_cover' should not be computed by a Sensor
Thanks in advance,
Versions :
10:42:57.262 INFO: SonarQube Scanner 2.8
10:42:57.262 INFO: Java 1.8.0_111 Oracle Corporation (64-bit)
10:42:57.262 INFO: Linux 3.13.0-103-generic amd64
10:43:08.803 DEBUG: * PHP 2.9.1.1705 (php)
Error log :
10:43:18.046 INFO: Sensor PHP sensor
10:43:18.420 INFO: 78 source files to be analyzed
10:43:21.533 INFO: 78/78 source files have been analyzed
10:43:21.543 INFO: PHPUnit xml test report not found: tests/build
/logs/junit_unit.xml
10:43:21.544 INFO: PHPUnit xml unit test coverage report not found:
tests/build/logs/clover-unit.xml
10:43:21.544 INFO: Analyzing PHPUnit integration test coverage report:
tests/build/logs/clover-integration.xml with PHPUnit IT Coverage Result Parser
10:43:21.544 DEBUG: Parsing file: /home/travis/build/armadito
/glpi/plugins/armadito/tests/build/logs/clover-integration.xml
10:43:23.079 DEBUG: Coverage metrics have not been set on 'index.php':
default values will be inserted.
------------------------------------------------------------------------
10:43:23.084 INFO: EXECUTION FAILURE
10:43:23.084 INFO:
------------------------------------------------------------------------
10:43:23.515 ERROR: Error during SonarQube Scanner execution
java.lang.UnsupportedOperationException: Metric 'it_lines_to_cover' should not be computed by a Sensor
at org.sonar.scanner.sensor.DefaultSensorStorage.saveMeasure(DefaultSensorStorage.java:240)
at org.sonar.scanner.sensor.DefaultSensorStorage.store(DefaultSensorStorage.java:213)
at org.sonar.api.batch.sensor.measure.internal.DefaultMeasure.doSave(DefaultMeasure.java:93)
at org.sonar.api.batch.sensor.internal.DefaultStorable.save(DefaultStorable.java:43)
at org.sonar.plugins.php.phpunit.PhpUnitCoverageResultParser.saveMeasureForMissingFiles(PhpUnitCoverageResultParser.java:129)
at org.sonar.plugins.php.phpunit.PhpUnitCoverageResultParser.parseFile(PhpUnitCoverageResultParser.java:102)
at org.sonar.plugins.php.phpunit.PhpUnitCoverageResultParser.parse(PhpUnitCoverageResultParser.java:84)
at org.sonar.plugins.php.phpunit.PhpUnitService.parseReport(PhpUnitService.java:74)
at org.sonar.plugins.php.phpunit.PhpUnitService.execute(PhpUnitService.java:60)
at org.sonar.plugins.php.PHPSensor.processCoverage(PHPSensor.java:142)
at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:132)
This message will disappear once https://jira.sonarsource.com/browse/SONARPHP-658 is implemented. It is scheduled for next release of the PHP plugin.

Authenticate sonar-runner via basic auth

Our sonarqube server is behind http basic authentication and local runner fails with 401 error. Is it somehow possible to provide credentials to it? AOfficial docs shows how to provide sonarqube's internal user...
UPD #1:
sonarqube: v5.3,
sonar-runner: v2.5
Debug log of runner:
INFO: Scanner configuration file: /Users/user/Documents/Projects/Project1/sonar-scanner-2.5/conf/sonar-runner.properties
INFO: Project configuration file: /Users/user/Documents/Projects/Project1/sonar-project.properties
INFO: SonarQube Scanner 2.5
INFO: Java 1.8.0_45 Oracle Corporation (64-bit)
INFO: Mac OS X 10.11.3 x86_64
INFO: Error stacktraces are turned on.
DEBUG: cache: /Users/user/.sonar/ws_cache/https%3A%2F%2Fexample.com%2Fsonar%2F/global
INFO: User cache: /Users/user/.sonar/cache
DEBUG: Extract sonar-runner-batch in temp...
DEBUG: Get bootstrap index...
DEBUG: Download: https://example.com/sonar/batch_bootstrap/index
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.171s
INFO: Final Memory: 5M/245M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
org.sonar.runner.impl.RunnerException: Unable to execute SonarQube
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:100)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:66)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
at org.sonar.runner.impl.Jars.download(Jars.java:70)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
... 9 more
Caused by: java.lang.IllegalStateException: Status returned by url [https://example.com/sonar/batch_bootstrap/index] is not valid: [401]
at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:186)
at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
... 12 more
No it doesn't look like sonar-runner supports proxy authentication. SonarQube has built-in access control so I'm not sure why you'd need proxy authentication on top of that. Maybe you could disable proxy authentication for SonarQube's URL.
The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.
More details about my working setup in my answer here: https://stackoverflow.com/a/60132667/1838233
I've tried that setup with the runner and a sonar-project.properties file containing:
sonar.host.url=https://myserver/sonar/
sonar.login=${env.SONARUSER}
sonar.password=${env.SONARPWD}
and could access Sonar behind Apache basic auth that way.
I have been looking for this too and failed to find any options to allow this. One use case I can think of for needing this is you have the sonar client running on the far end of a GCP IAP away from the sonar server. You'd need to have the client pass through the initial proxy to get to the sonar server. Even if the sonar server supports this auth natively you need some way for the client to pass an auth header.
This is for scenarios where you either don't trust sonar or you don't trust the deployment of sonar by some novice, but you do trust a zero-trust protected proxy by gcp's platform

Resources