We are getting org.sonarsource.scanner.api.internal.ScannerException on shared gitlab runners

Here is my sonar job:

sonarcloud-check:
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner -Dsonar.qualitygate.wait=true
  rules:
    - if: '$bypass_sonarcloud_check == "true"'
      when: always
      allow_failure: true
    - when: always
      allow_failure: false

Normally, it works all of sudden we are getting this error for all our projects:

ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
	at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)


Caused by: java.lang.IllegalStateException: 
	at org.sonarsource.scanner.api.internal.cache.FileCache.newTempFile(FileCache.java:138)
	at org.sonarsource.scanner.api.internal.cache.FileCache.get(FileCache.java:83)
	at org.sonarsource.scanner.api.internal.JarDownloader.lambda$getScannerEngineFiles$0(JarDownloader.java:60)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
	at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:61)
	at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)


Caused by: java.nio.file.AccessDeniedException: 
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:380)
	at java.base/java.nio.file.Files.createFile(Files.java:658)
	at java.base/java.nio.file.TempFileHelper.create(TempFileHelper.java:136)
	at java.base/java.nio.file.TempFileHelper.createTempFile(TempFileHelper.java:159)
	at java.base/java.nio.file.Files.createTempFile(Files.java:878)
	at org.sonarsource.scanner.api.internal.cache.FileCache.newTempFile(FileCache.java:136)

Hi @seetharam :wave: Welcome to the GitLab community forum! :tada:

Since this error started occuring “all of a sudden”, I suspect there was some change to the sonarsource/sonar-scanner-cli:latest image, as the latest tag will always pull the newest version, which can break things or introduce backward-incompatible issues.

Looking at the error itself, it seems like the issue here is caused the result of an AccessDeniedException while attempting to create a temporary file during the SonarScanner execution. This might be due to insufficient permissions for the GitLab Runner to create files in the specified location.

Be default, it seems the sonarsource/sonar-scanner-cli:latest image runs as the scanner-cli user, while all files in ${CI_PROJECT_DIR} are owned by root. I also see that the sonarsource/sonar-scanner-cli:latest sets SONAR_USER_HOME to /opt/sonar-scanner/.sonar by default.

I suspect setting SONAR_USER_HOME to a custom folder owned by root is causing the issue you’re reporting.

Unless you need to change the SONAR_USER_HOME variable, I suggest leaving it unchanged. If you do need to change SONAR_USER_HOME to a custom location, you could try fiddling with permissions/ownership of the .sonar directory or use /tmp/.sonar instead of ${CI_PROJECT_DIR}, but first I’d suggest trying to get the job working without a custom SONAR_USER_HOME variable.

Hi all,

Same error here. I tried the changes you suggested @gitlab-greg, about removing SONAR_USER_HOME variable and changing it to another value, but nothing worked.

I had to lower the version from the latest to 5.0.1 as it is the last it is working fine, from version 10.x.x+ is not working anymore.

Hello,

I’m facing the same error since the last major image version upgrade to 6.x.
In my case the problem is on Node project, whereas for Java projects it works fine.

Any news on this topic?

Cheers