I am calling sonarscanner from Jenkinsfile but every time i have to use
withsonarqubeenv{
withenv(‘SONAR_SCANNER_OPTS=-Djava****’){
//run sonarscanner
}
}
but i dont want to mention withenv for certificate location. what needs tobe done to skip this withenv in Jenkinsfile (so that certificate can automatically taken from jdk/lib/secrets/cacert instaed SONAR_SCANNER_OPTS)
As shown in the docs the more usual case is to define a server at the global level and use the server definition name as the withSonarQubeEnv argument. I believe that’s what you’re looking for.
even after mentioning the server name it still not able to get the certificates if i use scanner below form in pipeline it is still failing.
withSonarQubeEnv(‘sonardev’){
// run scanner
}
in this it is failing with certificate error the error is
PKIX patch building failed
error unable to find valid certificate path to requested target
but if i use
withSonarQubeEnv{
withenv(‘SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=****){
//run sonarscanner
}
}
with writing withenv and giving certificate path it is working fine.
i dont want to mention certificate path every time in scanner run. it is not able to get certificate from default path $JAVA_HOME/lib/security/cacerts
can you please mention any other way so that i dont mention certificate path for every run.
If the certificate is already imported in the truststore, there is no need to pass extra JVM parameters to the scanner. Just check that the scanner is using the right JVM.
may i please know by default which JVM, scanner uses?
i have only one JVM on build server and my JAVA_HOME and PATH of build server are pointing to that JVM only which has cacerts, but still sonar scanner not able to detect certs from default JVM location.
when i use SONAR_SCANNER_OPTS and give this JVM location everything works fine