newtmitch / docker-sonar-scanner Goto Github PK

Hi,
Not able to see the sonar-scanner binary while using the image in Kubernetes environment with jnlp slaves.
the directory /usr/local/bin/ doesn't have the binary or the link.
The Jenkinsfile looks like the one below.
pipeline {
agent none
stages {
stage('SQTest') {
agent {
kubernetes {
label 'sample-app'
defaultContainer 'jnlp'
yamlFile 'cloudprovider.yaml'
}
}
steps {
sh "sonar-scanner -Dproject.settings=testInputs/sonar-project.properties"
}
}
}
}

The cloudprovider.yaml has the image newtmitch/sonar-scanner:alpine and command['cat']

Any suggestions?
Thanks

For scanning shell scripts sonar is shellcheck to scan them.

Could you add

# Install ShellCheck
RUN apt-get install shellcheck

to the docker files?

I need to use sonar-runner.properties file in a path (that will be analyzed)

Hello, I'm getting the following warning when using your image

WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.

Thanks for these nice Docker containers!
I'm wondering if you would mind adding some permissive license, like MIT, to the code so I can use it in my project (at my company)?

Hi, not an issue per se, but I wanted to raise a warning for those who (like myself) use this image for Docker-based pipelines like Gitlab CI.

Since the split of entrypoint and cmd pipelines fail because the underlying engine is (probably) running bash -c $MYCOMMANDS as a custom CMD.

Since now we have sonar-scanner as the entrypoint, I get errors like ERROR: Unrecognized option: -c because it's passing it to sonar-scanner.

The solution is to override the image entrypoint in the pipeline, for example by setting (Gitlab CI syntax):

analysis:
  stage: analysis
  image:
    name: newtmitch/sonar-scanner:3.2-alpine
    entrypoint: ['']
  dependencies:
    - tests
  script:
    - sonar-scanner -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_TOKEN -Dsonar.projectBaseDir=.

I hope it can be useful to others.
Thanks for the image, btw!

Most users will run their docker containers on linux and therefore expect the IP to be 127.0.0.1 by default, if all containers are started on the same host.

sonar.host.url=http://192.168.99.100:9000
should be
sonar.host.url=http://127.0.0.1:9000

Dear,

It might be entirely me.

But I have a project which I try to analyse.

I tried to use your public image based on Dockerfile.sonarscanner-4.0.0-alpine

so far I got errors as when running the scan as:

docker run --rm -i -v $JENKINS_JOB_WORKSPACE:/usr/src --entrypoint= myregistry/docker-sonar-scanner:4.0.0 /usr/local/bin/sonar-scanner -Dsonar.host.url=https://sonar.mydomain.org -Dsonar.sources=src -Dsonar.projectKey=myproject -Dsonar.projectName=myproject

18:05:02 ERROR: Error: Cannot find module 'typescript'
18:05:02 ERROR: at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
18:05:02 ERROR: at Function.Module._load (internal/modules/cjs/loader.js:507:25)
18:05:02 ERROR: at Module.require (internal/modules/cjs/loader.js:637:17)
18:05:02 ERROR: at require (internal/modules/cjs/helpers.js:22:18)
18:05:02 ERROR: at Object. (/usr/src/.scannerwork/sonarts-bundle/node_modules/tslint/lib/language/walker/blockScopeAwareRuleWalker.js:20:10)
18:05:02 ERROR: at Module._compile (internal/modules/cjs/loader.js:689:30)
18:05:02 ERROR: at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
18:05:02 ERROR: at Module.load (internal/modules/cjs/loader.js:599:32)
18:05:02 ERROR: at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
18:05:02 ERROR: at Function.Module._load (internal/modules/cjs/loader.js:530:3)
18:05:02 ERROR: Failed to find 'typescript' module. Please check, NODE_PATH contains location of global 'typescript' or install locally in your project
18:05:02 ERROR: External process node --max-old-space-size=2048 /usr/src/.scannerwork/sonarts-bundle/node_modules/tslint-sonarts/bin/tsrunner returned an empty output. Run with -X for more information

We checked out the image and could see that typescript should be present on the box.

I tried manually changing or providing NODE_PATH by updating yours Dockerfile.sonarscanner-4.0.0-alpine

So far that did not work.

After hours of testing I finally managed to get rid of the error by adding

RUN npm install -g typescript
ENV NODE_PATH=/usr/lib/node_modules

to Dockerfile.sonarscanner-4.0.0-alpine and build by own.

So far this got rid of the problem but I feel like a retard.

Is there something I absolutely am doing wrong. Can't believe I fixed it just found a work around.

Looking forward to your response!

Best regards, OImo

SonarScanner has an official Docker image available, and has for a while. See here and here for details. Although I'm happy to keep my project alive, I'd love to hear from consumers and contributors of this repo about whether the official image is the Better Way™ or if what I've done here has some distinct and specific value that the official image doesn't.

• why do you use the image from this repo?
• why do you use the official sonar image instead?

Please leave responses to this issue with your thoughts on using either image.

Hello and thank your for your work on this.

I want to report an issues with a likely relation to #28 .

I have the following sonar-project.properties

sonar.projectKey=Foo
sonar.projectBaseDir=/var/www/html
sonar.sources=.
sonar.project.home=/var/www/html
sonar.php.tests.reportPath=/var/www/html/log/phpunit/logfile.xml
sonar.php.coverage.reportPaths=/var/www/html/log/phpunit/coverage.xml

The docker run command is

docker run -ti \
-v $(pwd):/var/www/html  \ 
-v $(pwd)/sonar-project.properties:/root/sonar-scanner/conf/sonar-scanner.properties \
--net proxy_default \
--workdir /var/www/html \
newtmitch/sonar-scanner

Which results in the error:

Project home must be an existing directory: /var/www/html/src

It seems for some reason the scanner always expects /src to be in the path.

In my attempt to find a working config.

I created an empty src directory in /var/www/html/ and and did set sonar.sources to ../
which starts the scan but ignores all files because they are not in the project directory.

... It is not located in project basedir '/var/www/html/src'

TL;DR

• I (currently) need the files to reside in /var/www/html because otherwise the scanner fails to parse the coverage.xml file. Which generates the paths with the absolute path
• When the docker container is started with the project put to /var/www/html/ and the sonar-project.properties reflect that, the scan fails because the scanner seems to expect src in the project path.

When using your image, the scan crashes with the following error whenever it tries to scan Typescript files:

ERROR: Failed to get Node.js version.No TypeScript files will be analyzed. You can exclude TypeScript files from analysis with 'sonar.exclusions' property

I was able to fix it by creating a custom image from your image and installing node. Not sure if that's something you might consider adding to this image.

Dockerfile.sonarscanner-3.3.0-alpine still has "WORKDIR /root", should've been changed to "WORKDIR /src" as part of pull request #27

could node.js as well be added to the alpine-based image? currently it's only included in the full version.

To support JS/TS scanning.

follow up to #9

Hi !

We're trying to upgrade our sonarqube which is running on our kubernetes cluster to the latest version. With elasticsearch embedded (can't wait to see the new features!) it can't start (without further tweaking) because of the (documented) sysconf calls one should make.

Is there any way to use an external elasticsearch ? (we have one running outside of our kubernetes cluster) ?

like the question above...Could it be used to other git repository like gitee or gitlab ?

Scanner failed to build for me on MacOS X Sierra (10.12.5). Changing Dockerfile line 1 to
FROM: java:8
allowed a successful build.

Hello,

We would like to know if we can secure the sensitive information i.e., credentials and other values that we pass in sonar-runner.properties file. Could you please help?

Thanks.

Per work here: #10

This fix needs to:

• Update all Dockerfiles
• Update README paths referencing root

The line to exclude node modules from the scan ("sonar.exclusions=/node_modules//*") means that server-side configuration of ignored files will never be used since there's an existing scanner-level property

Thanks for this image - we are using the older "alpine" images up to now and were trying to switch to the newer 4-version.

Tried latest version of image "4" but it fails with error message because its using a "ea" (early adoptor) version of Java12 not allowed for sonar-qube scanner.
And Java12 is EOL for some time now, therefore not getting any updates since two years.

Please switch back to Java 11 LTS (supported by sonar-scanner).
Current Java 16 is no LTS release either (will be out of support in 6 months and next LTS version 17 is not release by now.

reference at sonarsource about !"ea" releases: https://community.sonarsource.com/t/java-12-support/11864

Thanks,
Stefan Seide

Execption running sonar-scanner on latest imge with tag "4"

04:52:37.142 INFO: Load/download plugins
04:52:37.142 INFO: Load plugins index
04:52:37.159 DEBUG: GET 200 http://digihub-ai-rpa-wbench.psst.t-online.corp:9000/sonar/api/plugins/installed | time=17ms
04:52:37.170 INFO: Load/download plugins (done) | time=28ms
04:52:37.174 INFO: ------------------------------------------------------------------------
04:52:37.174 INFO: EXECUTION FAILURE
04:52:37.174 INFO: ------------------------------------------------------------------------
04:52:37.174 INFO: Total time: 1.254s
04:52:37.191 INFO: Final Memory: 5M/24M
04:52:37.191 INFO: ------------------------------------------------------------------------
04:52:37.191 ERROR: Error during SonarScanner execution
java.lang.ExceptionInInitializerError
	at com.google.gson.internal.reflect.ReflectionAccessor.<clinit>(ReflectionAccessor.java:36)
	at com.google.gson.internal.ConstructorConstructor.<init>(ConstructorConstructor.java:51)
	at com.google.gson.Gson.<init>(Gson.java:205)
	at com.google.gson.Gson.<init>(Gson.java:185)
	at org.sonar.scanner.bootstrap.ScannerPluginInstaller.listInstalledPlugins(ScannerPluginInstaller.java:104)
	at org.sonar.scanner.bootstrap.ScannerPluginInstaller.loadPlugins(ScannerPluginInstaller.java:76)
	at org.sonar.scanner.bootstrap.ScannerPluginInstaller.installRemotes(ScannerPluginInstaller.java:60)
	at org.sonar.scanner.bootstrap.ScannerPluginRepository.start(ScannerPluginRepository.java:59)
	at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
	at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
	at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
	at org.picocontainer.behaviors.Stored.start(Stored.java:110)
	at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.NumberFormatException: For input string: "12-ea"
	at java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:68)
	at java.base/java.lang.Integer.parseInt(Integer.java:658)
	at java.base/java.lang.Integer.parseInt(Integer.java:776)
	at com.google.gson.util.VersionUtils.determineMajorJavaVersion(VersionUtils.java:28)
	at com.google.gson.util.VersionUtils.<clinit>(VersionUtils.java:24)
	... 32 more
04:52:37.194 ERROR: 
04:52:37.194 ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

Hi,
i'm trying to use the sonar-scanner image with openjdk:12 (not alpine), but i have this error during sonar scanner startup when i run the container:

A fatal error has been detected by the Java Runtime Environment:
 SIGILL (0x4) at pc=0x00007f1357a859bc, pid=7, tid=19
JRE version: OpenJDK Runtime Environment (12.0+29) (build 12-ea+29)
Java VM: OpenJDK 64-Bit Server VM (12-ea+29, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
Problematic frame:
v  ~StubRoutines::updateBytesCRC32
An error report file with more information is saved as:
/tmp/hs_err_pid7.log
Compiled method (c1)    1477  119       3       java.util.zip.CRC32::update (51 bytes)
total in heap  [0x00007f1358041e10,0x00007f1358042610] = 2048
relocation     [0x00007f1358041f88,0x00007f1358042000] = 120
main code      [0x00007f1358042000,0x00007f13580423e0] = 992
stub code      [0x00007f13580423e0,0x00007f13580424a8] = 200
metadata       [0x00007f13580424a8,0x00007f13580424b8] = 16
scopes data    [0x00007f13580424b8,0x00007f1358042538] = 128
scopes pcs     [0x00007f1358042538,0x00007f13580425f8] = 192
dependencies   [0x00007f13580425f8,0x00007f1358042600] = 8
nul chk table  [0x00007f1358042600,0x00007f1358042610] = 16
Could not load hsdis-amd64.so; library not loadable; PrintAssembly is disabled.

Any ideas about this problem?
Thank you so much

I mounted my source code correctly and the scan is picking up some of the exclusions etc. However when it looks up the sonar.projectKey in said file it ignores it completely and just generates its own project name by default. Is it simply not adhering to these sonar-project.properties?

You can add in readme a description about use sonar-scanner without a local sonarQube. So --link sonarqube become useless in run of docker sonar scanner

The readme contains an error
This line need to be change
-v $(pwd)/sonar-runner.properties:/root/sonar-scanner/conf/sonar-runner.properties \
to
-v $(pwd)/sonar-runner.properties:/root/sonar-scanner/conf/sonar-scanner.properties \

With this change, the sonar-runner.properties will be taken with good properties

The readme file has the following example text:

docker run -ti -v $(pwd):/root/src --link sonarqube mitch/sonarscanner sonar-scanner \
  -Dsonar.host.url=http://sonarqube:9000 \
  -Dsonar.jdbc.url=jdbc:h2:tcp://sonarqube/sonar \
  -Dsonar.projectKey=MyProjectKey \
  -Dsonar.projectName="My Project Name" \
  -Dsonar.projectVersion=1 \
  -Dsonar.projectBaseDir=/root \
  -Dsonar.sources=./src

Note that the docker image it loads is mitch/sonarscanner sonar-scanner. Ever other example in the readme uses newtmitch/sonar-scanner. If you try to use the former text you get an error about docker unable to find the image. Presumably this is just out of date and needs updating?

However, even when I update the text I'm still unable to get the configs to load properly.

docker run -ti -v $srcDir:/root/src --link sonarqube newtmitch/sonar-scanner \
  -Dsonar.projectName="example" \
  -Dsonar.projectKey=example \
  -Dsonar.host.url=http://localhost:9000 \  
  -Dsonar.login=123ijfepajfpafeapfjapfjexample

Error message:

docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "exec: \"-Dsonar.projectName=example\": executable file not found in $PATH".

I thought it might be bash / argument parsing error, but the issue persists regardless if I break the config options into new lines or put them all on one line.

I'm relatively new to docker, so it's possible the error is my fault and unrelated to docker-sonar-scanner. I'm still working on it and will update when I have info.

P.S. - Thanks for working on this docker sonar scanner project, it's exactly what we needed and I really appreciate the time you've put into it. Thanks for keeping open source kickin'. :)

edit: So, upon closer reading of the readme it looks like i) updating the name of the image is addressed in the readme ii) but, the old image is still non-existant.

Lastly, when trying this command from the readme I continue to get the same error:

$ docker run -ti -v $srcDir:/root/src --link sonarqube newtmitch/sonar-scanner -Dsonar.host.url="http://localhost:9000"

docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "exec: \"sonar.host.url=http://localhost:9000\": stat sonar.host.url=http://localhost:9000: no such file or directory".

The presence of -Dsonar.host.url=http://localhost:9000 is enough to cause the error.

  inflating: sonar-scanner-3.3.0.1492-linux/jre/THIRDPARTYLICENSEREADME.txt  
  inflating: sonar-scanner-3.3.0.1492-linux/jre/bin/java  
  inflating: sonar-scanner-3.3.0.1492-linux/lib/sonar-scanner-cli-3.3.0.1492.jar  
  inflating: sonar-scanner-3.3.0.1492-linux/conf/sonar-scanner.properties  
  inflating: sonar-scanner-3.3.0.1492-linux/bin/sonar-scanner-debug  
  inflating: sonar-scanner-3.3.0.1492-linux/bin/sonar-scanner  lchmod (file attributes) error: Not supported

finishing deferred symbolic links:
  sonar-scanner-3.3.0.1492-linux/jre/lib/amd64/server/libjsig.so -> ../libjsig.so

lchmod (file attributes) error: Not supported

Heya, quick improvement request.

Using $PWD instead of $(pwd) solves two problems.

1. Best practice and faster according to https://unix.stackexchange.com/questions/173916/is-it-better-to-use-pwd-or-pwd
2. $(pwd) could break a CI pipeline. For example, running Jenkins using one shot slaves gives this as the directory --> PWD=/home/jenkins-slave/workspace/<repo name>@2 --> and this causes the error message below.

java.io.IOException: Failed to run image 'newtmitch/sonar-scanner:3.2.0-alpine'. Error: docker: Error response from daemon: create $(pwd): "$(pwd)" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed. If you intended to pass a host directory, use absolute path.
See 'docker run --help'.

Versions used:

newtmitch/sonar-scanner:3.2.0-alpine

docker version
Client:
Version: 18.09.6
API version: 1.39
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 02:35:27 2019
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 18.09.6
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 01:59:36 2019
OS/Arch: linux/amd64
Experimental: false

As per Dockerhub (Java) usage of the java:x images is discouraged:

DEPRECATED
This image is officially deprecated in favor of the openjdk image,
and will receive no further updates after 2016-12-31 (Dec 31, 2016).
Please adjust your usage accordingly.

It is recommended to switch to OpenJDK which should be pretty trivial.