JRE autoprovisioning - disable global

Azure Devops with our own build & deployment agents on our Azure hosted VM’s, SonarQube Enterprise Edition 10.7 running on Azure hosted VM (Windows Server 2019).

Using the latest SonarQube extension (7.0.3) v7 tasks in our builds with ‘Integrate with .NET’ I want to disable JRE auto-provisioning globally. We want to use the installed JRE because this is configured for our own certificates (we use our own CA)

• With v6 tasks and ‘Integrate with MSBuild’ the installed JRE is used.
• With v7 tasks and using sonar.scanner.skipJreProvisioning=true the installed JRE is used. However we have hundreds of builds and it is no solution to modify every one of these.
• JAVA_HOME is set on de buildserver(s) and points to the installed JRE. Based on https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/scanner-environment/general-requirements/#azure-devops I understand this should work as an override for auto-provisioning

So I know with v6 tasks and v7 with skipJreProvisioning SonarScanner can find the installed JRE.

How do I disable JRE auto-provisioning globally in a .NET, Windows based build environment?

Cheers,
Donnie

Hi there, @droos_rdw and welcome to the community.

There is no global flag to disable JRE provisioning, no.
We are aware of the difficulties with private certificates and are working on a solution for the Scanner for .NET. Unfortunately, I do not have a timeline yet for the solution.

Just to make sure, since you are using the Scanner for .NET, I imagine your certificates are installed in the OS trust store?

Denis

Thanks for the update.
Yes on “your certificates are installed in the OS trust store”.
So this is regarding the SonarScanner CLI. It would be nice if an (environment) option could be added for the Scanner for .NET to not use auto-provisioning. The logic for finding and using the installed JRE is working fine.

For the time being I will advise our developers to continue using the v6 tasks (and ignore the deprecated warning)

Donnie