- Operating system: Windows 10
- SonarLint plugin version: 3.9.0
- Is connected mode used: yes
- Connected to SonarQube: Data Center Edition - Version 8.9.3 (build 48735)
And a thorough description of the problem / question:
Since version 3.7, SonarLint, on a Windows platform, embed its own Java runtime… but this Java runtime does not know our SSL certificates to access our SonarQube environment, and failed to connect…
We have to install them manually.
And if a new version of the SonarLint extension is installed, you have to reinstall the certificates again…
We tried to declare our own Java runtime, (sonarlint.ls.javaHome setting). SonarLint insists on using its own Java runtime…
SonarLint must respect the sonarlint.ls.javaHome setting if it is provided in settings, and not using its own Java runtime.
Basically, we think it’s a bad idea to embed a Java runtime in the SonarLint extension, not to mention the security issues it poses, (our security team certainly wouldn’t like to learn that we’re running a other Java runtime than the one it validated).
We had the issue with other VS Code extensions that required a Java runtime.
We have developed a private extension that includes one or more Java runtimes of our choice, including the SSL certificates necessary for our context.
It is only used to deploy Java runtimes. It is intended to update the settings of other extensions according to the desired Java runtime.