Hands-onLesson 9

Troubleshooting

ELI5 Explanation

This lesson is a cheat sheet for when things go wrong: scan won't run, gate keeps failing, pipeline results don't match the UI, or nothing shows up at all.

Common Problem Categories

SonarQube problems fall into four categories: authentication & connectivity, scan failures, quality gate mis-configuration, and integration issues. Each has a distinct diagnosis path.

Issue: Scan Fails With Authentication Error

Error: Not authorized. Please check the property sonar.login.

Verify token validity

# Test the token manually
curl -u $SONAR_TOKEN: http://localhost:9000/api/authentication/validate
# Expected: {"valid":true}
# If false: token is expired, revoked, or the variable is empty

# Check the token has "Execute Analysis" permission in SonarQube
# Admin → Security → Global Permissions → Execute Analysis

Issue: Scan Runs But No Project Appears

Diagnose missing project

# Confirm the task completed on the server
curl -u $SONAR_TOKEN: \
  "http://localhost:9000/api/ce/activity?component=my-app&ps=5"

# If task is in FAILED state, get the task ID and check logs
curl -u $SONAR_TOKEN: \
  "http://localhost:9000/api/ce/task?id="

# Check server logs for the scanner analysis log
grep "ERROR" /opt/sonarqube/logs/ce.log | tail -20

Issue: Coverage Shows 0% Despite Tests Passing

Fix coverage report path

# Confirm coverage report exists before scan
find . -name "jacoco.xml" 2>/dev/null
find . -name "lcov.info" 2>/dev/null

# Add correct path in sonar-project.properties
sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml

# For JS/TS (Jest)
sonar.javascript.lcov.reportPaths=coverage/lcov.info

# Re-run scan and verify coverage node appears in analysis logs

Issue: Quality Gate Always Fails on New Code

Investigate gate conditions

# Get full gate status with failed conditions
curl -u $SONAR_TOKEN: \
  "http://localhost:9000/api/qualitygates/project_status?projectKey=my-app" \
  | python3 -m json.tool

# Conditions with status FAILED show the metric, operator, threshold, and actual value
# Example: coverage < 80 (actual: 62.3)

# Check which lines are counted as new code
# Project settings → New Code → change period if needed

Issue: Pipeline Fails But SonarQube UI Shows PASSED

Root cause: the pipeline step is checking the wrong project key, or the quality gate check step is running before the SonarQube server has finished analysis (async). Increase the timeout on the quality gate check step and confirm SONAR_HOST_URL and project key match exactly.

Issue: PR Decoration Not Appearing

Check PR parameters in scan

# Required parameters for PR decoration
sonar-scanner \
  -Dsonar.pullrequest.key=$PR_NUMBER \
  -Dsonar.pullrequest.branch=$HEAD_BRANCH \
  -Dsonar.pullrequest.base=$BASE_BRANCH \
  -Dsonar.pullrequest.provider=github

# Also verify ALM integration is configured in:
# Admin → DevOps Platform Integrations

Diagnostic Checklist

Token is valid and has Execute Analysis permission
sonar.projectKey matches the key in SonarQube UI
fetch-depth: 0 is set in checkout
Coverage report path is correct and the file exists
Quality gate is correctly assigned to the project
New code period is configured (default: previous version)
CE task completed successfully (check api/ce/activity)
Firewall/proxy allows scanner to reach SonarQube server

Interview Questions

Beginner

What is the first step when a SonarQube scan fails?
How do you check if a SonarQube token is valid?
Why might coverage show 0% despite all tests passing?
Where do SonarQube server logs live?
What does CE mean in SonarQube logs?

Intermediate

How do you diagnose a CE task that is permanently stuck in PENDING?
A scan finishes but no issues appear. How do you trace what happened?
How do you debug mismatch between pipeline gate result and SonarQube UI?
What permissions are needed at the project level for a scanner token?
How do you enable debug logging on the scanner?

Scenario-based

Scanner worked yesterday and fails today with a 401. What changed?
Coverage decreases every merge even though new code is covered. What is happening?
Quality gate passes on main but fails on every feature branch. How do you investigate?
SonarQube server is slow and CE tasks are queued 20+ minutes. What do you tune?
You need to onboard 30 repos quickly. How do you automate project creation?

Real-world Use Case

A platform team created a shared troubleshooting runbook in Confluence mapping each error pattern to a root cause and fix. Onboarding time for new teams dropped from 3 days to half a day.

Summary

Systematic diagnosis using the SonarQube API, logs, and a structured checklist resolves most operational issues quickly. The final lesson prepares you for interview questions across all SonarQube topics.

PreviousReal-world Scenarios NextInterview Preparation