How can i skip SONAR_SCANNER_OPTS in my Jenkins file

(adithya kambhampati) #1

I am calling sonarscanner from Jenkinsfile but every time i have to use
withsonarqubeenv{
withenv(‘SONAR_SCANNER_OPTS=-Djava****’){
//run sonarscanner
}
}

but i dont want to mention withenv for certificate location. what needs tobe done to skip this withenv in Jenkinsfile (so that certificate can automatically taken from jdk/lib/secrets/cacert instaed SONAR_SCANNER_OPTS)

Thanks in advance for the help

(G Ann Campbell) #2

Hi,

As shown in the docs the more usual case is to define a server at the global level and use the server definition name as the withSonarQubeEnv argument. I believe that’s what you’re looking for.

 
Ann

(adithya kambhampati) #3

even after mentioning the server name it still not able to get the certificates if i use scanner below form in pipeline it is still failing.

withSonarQubeEnv(‘sonardev’){
// run scanner
}

in this it is failing with certificate error the error is

PKIX patch building failed
error unable to find valid certificate path to requested target

but if i use
withSonarQubeEnv{
withenv(‘SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=****){
//run sonarscanner
}
}

with writing withenv and giving certificate path it is working fine.
i dont want to mention certificate path every time in scanner run. it is not able to get certificate from default path $JAVA_HOME/lib/security/cacerts

can you please mention any other way so that i dont mention certificate path for every run.

(G Ann Campbell) #4

Hi,

To make sure, you did set up exactly the same trustStore key/value in the server configuration, right?

 
Ann

(adithya kambhampati) #5

Hello,
Yes i did setup same trustStore key/value in the server configuration.

Thank you very much for reply!

(Julien Henry) #7

If the certificate is already imported in the truststore, there is no need to pass extra JVM parameters to the scanner. Just check that the scanner is using the right JVM.

(adithya kambhampati) #8

may i please know by default which JVM, scanner uses?
i have only one JVM on build server and my JAVA_HOME and PATH of build server are pointing to that JVM only which has cacerts, but still sonar scanner not able to detect certs from default JVM location.

when i use SONAR_SCANNER_OPTS and give this JVM location everything works fine

(Julien Henry) #9

The scanner will use the JVM that is in the PATH.

(adithya kambhampati) #10

Thanks , i have certificate in the JVM that is mentioned in the PATH but still not working.

(Julien Henry) #11

You can debug SSL issues by adding -Djavax.net.debug=all to SONAR_SCANNER_OPTS. It may help to know why it doesn’t work when you don’t pass arguments.
See https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html for more details.