I would like to scan a JS project using node:8-stretch or similar image due to the fact that SonarJS requires NodeJS to be on the path (I would not like to create & maintain my own pet image).
However when performing a scan against our instance, I need certain TLS certificates added to the cacerts keystore. To do this, the sonar-scanner is lacking the keytool executable in the zip file.
Would it be possible to release the keytool along with the provided JRE in the zip?
I’ve looked for such an image some time ago and didn’t find any. Great that there is one available now!
But it’s the same issue, to connect to our Sonar Enterprise instance I need a TLS certificate in the Java cert store. And the keytool executable is unfortunately not in the Docker image.
I think a simple change like this would be sufficient?
@edu Yes, this works for a Docker environment. But in our K8s env we prevent mounting anything else beside the workspace for security reasons. And due to insufficient permissions I can’t copy the file from workspace into the jre folder.
@ChrisC the JVM is filtered & bundled by Sonar-Scanner-CLI, see here.
By now I use node:lts and download the scanner on the fly. This way I can replace the cacerts file in the JRE.
I found a proper workaround by copying a prepared cacerts file into the Docker container and passing -Djavax.net.ssl.trustStore=path/to/custom/cacerts within SONAR_SCANNER_OPTS to the Sonar scanner.