How can i skip SONAR_SCANNER_OPTS in my Jenkins file

adithya_kambhampati · May 15, 2019, 3:35pm

I am calling sonarscanner from Jenkinsfile but every time i have to use
withsonarqubeenv{
withenv(‘SONAR_SCANNER_OPTS=-Djava****’){
//run sonarscanner
}
}

but i dont want to mention withenv for certificate location. what needs tobe done to skip this withenv in Jenkinsfile (so that certificate can automatically taken from jdk/lib/secrets/cacert instaed SONAR_SCANNER_OPTS)

Thanks in advance for the help

ganncamp · May 16, 2019, 7:56pm

Hi,

As shown in the docs the more usual case is to define a server at the global level and use the server definition name as the withSonarQubeEnv argument. I believe that’s what you’re looking for.

Ann

adithya_kambhampati · May 17, 2019, 5:19pm

even after mentioning the server name it still not able to get the certificates if i use scanner below form in pipeline it is still failing.

withSonarQubeEnv(‘sonardev’){
// run scanner
}

in this it is failing with certificate error the error is

PKIX patch building failed
error unable to find valid certificate path to requested target

but if i use
withSonarQubeEnv{
withenv(‘SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=****){
//run sonarscanner
}
}

with writing withenv and giving certificate path it is working fine.
i dont want to mention certificate path every time in scanner run. it is not able to get certificate from default path $JAVA_HOME/lib/security/cacerts

can you please mention any other way so that i dont mention certificate path for every run.

ganncamp · May 17, 2019, 7:29pm

Hi,

To make sure, you did set up exactly the same trustStore key/value in the server configuration, right?

Ann

adithya_kambhampati · May 20, 2019, 11:41am

Hello,
Yes i did setup same trustStore key/value in the server configuration.

Thank you very much for reply!

Julien_HENRY · May 20, 2019, 2:23pm

If the certificate is already imported in the truststore, there is no need to pass extra JVM parameters to the scanner. Just check that the scanner is using the right JVM.

adithya_kambhampati · May 20, 2019, 3:32pm

may i please know by default which JVM, scanner uses?
i have only one JVM on build server and my JAVA_HOME and PATH of build server are pointing to that JVM only which has cacerts, but still sonar scanner not able to detect certs from default JVM location.

when i use SONAR_SCANNER_OPTS and give this JVM location everything works fine

Julien_HENRY · May 20, 2019, 3:34pm

The scanner will use the JVM that is in the PATH.

adithya_kambhampati · May 20, 2019, 3:39pm

Thanks , i have certificate in the JVM that is mentioned in the PATH but still not working.

Julien_HENRY · May 22, 2019, 7:45am

You can debug SSL issues by adding -Djavax.net.debug=all to SONAR_SCANNER_OPTS. It may help to know why it doesn’t work when you don’t pass arguments.
See https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html for more details.

Teja · January 26, 2021, 5:19am

Any luck in skipping sonar_Scanner_Opts ? I’m facing the same issue. I don’t want to mention the path in Jenkinsfile eachtime I upgrade my java.