Cannot access environment variables from a plugin in SonarQube 8

2019.10.22 08:43:46 ERROR ce[][] Compute Engine startup failed
java.lang.IllegalStateException: Fail to load plugin ShellCheck Analyzer [shellcheck]
	at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(
	at org.sonar.ce.container.ComputeEngineContainerImpl.startLevel4(
	at org.sonar.ce.container.ComputeEngineContainerImpl.start(
	at org.sonar.ce.ComputeEngineImpl.startup(
Caused by: access denied ("java.lang.RuntimePermission" "getenv.*")
	at java.base/
	at java.base/
	at java.base/java.lang.SecurityManager.checkPermission(
	at java.base/java.lang.System.getenv(
	at com.github.sbaudoin.sonar.plugins.shellcheck.ShellCheckPlugin.define(
	at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(
	... 5 common frames omitted
  • steps to reproduce: install a plugin that access an environment variable (System.getenv("XXX")) and start SQ 8.0
  • potential workaround: none found so far

The cause is the new security manager that do not grant access to the environment variables. The fix could be to add “getenv.*” to the allowed permissions. If this is not a suitable solution, can you give some guidance to a workaround, please?

Thanks for letting us know. We are evaluating the security restrictions and will come back to you shortly.

We’ll fix the problem in the next release of SonarQube 8.1: We don’t plan to do a bug fix release for v8.0 at this time.

As for possible workaround, you can read the value as a property.
Instead of reading an environment variable here, you can read a property from the configuration. For example:

You would then add the property in {SQ_install_dir/conf/}: