I am trying to integrate SonarQube with TFS 2013 builds. The SonarQube instance is configured to use https. For some reason, TFS throws the below error trying to reach out to SonarQube:
ERROR: Error during SonarQube Scanner execution <br /> ERROR: Unable to execute SonarQube ERROR: Caused by: Fail to get bootstrap index from server ERROR: Caused by: sun.security.validator.ValidatorException: PKIX path building failed:Sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR: Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR: Caused by: unable to find valid certification path to requested target
I found this SO post: "PKIX path building failed" and "unable to find valid certification path to requested target" and exported the certificate and used keytool to import it into java keystore. I am still getting the same error. It seems like sonarQube somehow does not pick up the certificate from the default java keystore.
I tried running sonar-scanner manually and passing the certificate information in the parameters but still it does not pick up the certificate.
C:\SonarScanner\sonar-scanner-3.2.0.1227\bin>sonar-scanner.bat -X -Djavax.net.debug="ssl,handshake" -Djavax.net.ssl.trustStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts" -Djavax.net.ssl.keyStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts"
Looking at the Debug messages, it hasn't recognized the additional parameters.

Any suggestions?
SonarQube is able to analyze any kind of Java source files regardless of the version of Java they comply to. We recommend using the Critical Patch Update (CPU) releases. 2019 (MSSQL Server 15.0) with bundled Microsoft JDBC driver. Express Edition is supported.
In the extracted folder navigate to Conf folder, edit sonar. properties file to change the default web port or you may need available port. By default SonarQube uses port 9000. Make sure to assign an available port for SonarQube, you may need to use the netstat command to check the currently in use ports.
You can now browse SonarQube at http://localhost:9000 (the default System administrator credentials are admin / admin ).
Setting "SONAR_SCANNER_OPTS" environment variable to -Djavax.net.ssl.trustStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts" -Djavax.net.ssl.keyStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts" did the trick for me.  
The debug log now shows that it is pointing to the keystore as set in the environment variable. It worked both from command line using Sonar-Scanner.bat and while running as part of the TFS 2013 build.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With