which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension) : Sonar Qube Version: v9.9.5 (build 90363)
how is SonarQube deployed: zip, Docker, Helm: : We use SonarQube Developer Edition, hosted on Azure Windows VM.
Error: 2024-12-09T13:02:03.8285493Z ##[section]Starting: Prepare Code Analysis
2024-12-09T13:02:03.8293483Z ==============================================================================
2024-12-09T13:02:03.8293644Z Task : Prepare Analysis Configuration
2024-12-09T13:02:03.8293729Z Description : Prepare SonarQube analysis configuration
2024-12-09T13:02:03.8293839Z Version : 6.3.4
2024-12-09T13:02:03.8293916Z Author : sonarsource
2024-12-09T13:02:03.8293989Z Help : More Information
2024-12-09T13:02:03.8294162Z ==============================================================================
2024-12-09T13:02:05.9237181Z ##[warning]Error while executing SonarQube:Prepare task: [SQ] API GET ‘/api/server/version’ failed, error is request to https://rhs-sq.alight.com/api/server/version failed, reason: unable to get local issuer certificate
2024-12-09T13:02:05.9241004Z ##[error][SQ] API GET ‘/api/server/version’ failed, error is request to https://rhs-sq.alight.com/api/server/version failed, reason: unable to get local issuer certificate
2024-12-09T13:02:05.9375479Z ##[section]Finishing: Prepare Code Analysis
It looks like your SonarQube server uses some self-signed certificates to serve itself over HTTPS. You’ll need to pass your certificate to the Node process. Here’s some advice already offered int his community:
so cert is mandatory to resolve this issue, we are using Azure VMSS Agent for the pipeline do we have any documentation for the process to place the files and use it in the pipeline.
It sounds like you may need to customize your scale set so that the cert is available on all agents.
While doing this, you can even set NODE_EXTRA_CA_CERTS on the VM so that it applies to all jobs, and you don’t have to handle any config in your pipeline.
How do you handle this for other services in your CI/CD job that are hosted-on prem with self-signed certificates? Or is SonarQube the only one? If so, it might be good to question whether or not using a self-signed cert is really a good idea here.
Yes ultimately, if you continue to use a SonarQube server with a self-signed certificate, that cert will somehow need to be recognized within your agent VM. Please see my previous post.
Can I install the Service certificate the Host cert which I installed on the Sonar Qube server or need to generate the self signed cert again or can I use the cert I used in SAML configuration.
SAML configuration probably isn’t relevant here. If you’re not sure how to find your cert, I suggest downloading it using a command line tool like openssl.
