What are you trying to achieve:
I would like to scan a JS project using
node:8-stretch or similar image due to the fact that SonarJS requires NodeJS to be on the path (I would not like to create & maintain my own pet image).
However when performing a scan against our instance, I need certain TLS certificates added to the
cacerts keystore. To do this, the sonar-scanner is lacking the
keytool executable in the zip file.
Would it be possible to release the
keytool along with the provided JRE in the zip?
did you try to use our docker image for scanner https://hub.docker.com/r/sonarsource/sonar-scanner-cli ?
Is there something why it’s not suitable for your use?
I’ve looked for such an image some time ago and didn’t find any. Great that there is one available now!
But it’s the same issue, to connect to our Sonar Enterprise instance I need a TLS certificate in the Java cert store. And the
keytool executable is unfortunately not in the Docker image.
I think a simple change like this would be sufficient?
Isn’t it much easier to simply prepare your
cacerts and mount it in the proper place inside the docker image?
No matter what, this is certainly not something that has anything to do with Sonar. Keytool is provided by Java.
@edu Yes, this works for a Docker environment. But in our K8s env we prevent mounting anything else beside the workspace for security reasons. And due to insufficient permissions I can’t copy the file from workspace into the jre folder.
@ChrisC the JVM is filtered & bundled by Sonar-Scanner-CLI, see here.
By now I use
node:lts and download the scanner on the fly. This way I can replace the
cacerts file in the JRE.
cacerts can be stored in a ConfigMap, no mounts needed: https://stackoverflow.com/questions/39420102/how-can-i-store-a-binary-file-in-a-kubernetes-configmap
@saberduck could I get a reply on sonar-scanner-cli#79 regarding this topic?
@CCFenner I pinged the team owning this repo
I found a proper workaround by copying a prepared
cacerts file into the Docker container and passing
SONAR_SCANNER_OPTS to the Sonar scanner.