The error still happens after the JGit upgrade when git cli is not installed on the system.

It comes from the sonar-text plugins, which also use JGit when git cli is not found. The JGit version in the analyzers needs to be updated as well.

After further investigation and debugging, we can find that the root cause of the JGit cleanup failure is:
java.lang.NoClassDefFoundError: org/eclipse/jgit/internal/JGitText
Then the method tries to log with logback, which in turn throws:
java.lang.NoClassDefFoundError: ch/qos/logback/classic/spi/ThrowableProxy

With JGit 6.10, the JGitText issue is fixed:

• jgit-36 CleanupService: preload JGitText if not running in OSGi

So the cleanup in the shutdown hook will no longer fail.

Note that if it was still failing, we wouldn’t have the logback NoClassDefFoundError anymore, as they also removed the logging message. However, in that case, we should have the exception printed to stderr.

In the end, we can remove the previous workaround and update JGit to 6.10.

It seems that the previous fix was not enough. We still have some users affected by the issue, even if we can’t reproduce it. It might be a race condition between the moment we close the scanner engine classloader, the moment the GC runs, and the moment the Shutdown hook is executed.

JGit released a new version (6.10) with a change that allows the problem to be fixed, but it is made for OSGi. With a little bit of hack, we could reuse it to have a more robust fix.

The long-term plan is to use the Scanner CLI 6.0, and in general new scanners supporting the JRE provisionning.