I have tried before, but IMO this needs to be pushed further and the real urgency has not been sufficiently appreciated - the forum has a bunch of related postings.
We run a central Sonarqube instance that is accessed from multiple network areas in a very restrictive environment, which means there are a lot of proxies, web gateways and content security scans involved.
We have a LOT of Jenkins setups (one controller and several agents) for special purposes, i.e.
some Jenkins unit does only .Net builds, another only Android builds, another iOS builds … etc.
Also some special Jenkins units running in Docker containers that are destroyed afterwards.
I know there is a caching meachnism, but i just don’t get it why ALL plugins are downloaded to
EVERY scanner, i.e. also plugins like the monitoring Java Melody plugin
We’re hit regularly by socket timeouts at multiple Jenkins units because of downloading ALL plugins when only the Sonarqube core plugins and i.e. the Kotlin plugin is needed, as we’ve decided to always go with Sonarqube latest to be able to use the latest features and suppport of the latest syntax … we must also edit multiple docker files.
The scanner has access to the Sonarqube server settings, so if only java sources to be scanned, it should be sufficient to only download the Sonar core and Java plugin !?
I don’t know if this Jira ticket already goes in the right direction, as Jira insight got murky
since switching from prem to cloud, and the ticket has no details
The plugin api must provide a flag scanner download yes | no.
This is a design decision that has unfortunately been neglected so far.
At first it would already helpful to only download the core and language related plugins.