Managing certificates with the embedded Java runtime in SonarLint

Please provide

  • Operating system: Windows 10
  • SonarLint plugin version: 3.9.0
  • Is connected mode used: yes
    • Connected to SonarQube: Data Center Edition - Version 8.9.3 (build 48735)

And a thorough description of the problem / question:

Since version 3.7, SonarLint, on a Windows platform, embed its own Java runtime… but this Java runtime does not know our SSL certificates to access our SonarQube environment, and failed to connect…
We have to install them manually.
And if a new version of the SonarLint extension is installed, you have to reinstall the certificates again…

We tried to declare our own Java runtime, (sonarlint.ls.javaHome setting). SonarLint insists on using its own Java runtime…

SonarLint must respect the sonarlint.ls.javaHome setting if it is provided in settings, and not using its own Java runtime.

Basically, we think it’s a bad idea to embed a Java runtime in the SonarLint extension, not to mention the security issues it poses, (our security team certainly wouldn’t like to learn that we’re running a other Java runtime than the one it validated).

We had the issue with other VS Code extensions that required a Java runtime.
We have developed a private extension that includes one or more Java runtimes of our choice, including the SSL certificates necessary for our context.
It is only used to deploy Java runtimes. It is intended to update the settings of other extensions according to the desired Java runtime.

Hello Denis, thank you for your feedback!

I agree that when the sonarlint.ls.javaHome property is set, it should be honored by SonarLint. I created a ticket to adjust this behavior in an upcoming version.

As a workaround until this ticket is done an shipped, you can:

  • Uninstall your current, platform-specific SonarLint from VSCode
  • Download the “Universal” VSIX from the marketplace

Screenshot from 2022-09-02 14-09-55

  • Manually install the downloaded VSIX
  • Restart VSCode

The “universal” VSIX does not embed a JRE and should honor the path you set in sonarlint.ls.javaHome.

Please note that the minimum requirement is still Java 11 at the time of writing this message.

Minimum requirement is still Java 11, and site certificats :slight_smile:

It should be remembered that in case of installation of a Java runtime, it may be necessary to install the certificates specific to the site and refer to a procedure to proceed with this installation, (coming from the mainframe world, we do not do not master Java well and it took us some time to understand our certificate problem, and find the procedure to solve it).

Thanks !