Securing JDBC connections


We are using SonarQube 7.9.1 with Oracle 19c database.

For Securing JDBC connection,properties like “” needs to be set while getting the JDBC connection.

To my understanding, user cannot set any extra properties for JDBC connections in file.

Can you please clarify on below ?

  1. Are the JDBC connections already SSL enabled (at client side) in SonarQube ?
  2. Is it possible to provide extra properties for JDBC connections ?
  3. Any default encryption is used by SonarQube for JDBC connections and any recommendations from SonarQube ?

Thanks in advance.

With Regards,
Vara Prasad.

Hello, you can set properties in the JDBC url in the file. To answer your other questions, there is no SSL encryption by default, and i do not have specifics recommandations regarding that, expect “follow the database vendor recommandations”.

Hi Pierre,

Thanks for the reply.

Except sonar.jdbc.url,sonar.jdbc.username and sonar.jdbc.password, i cannot see any other properties which i can set in file.

Is there a way to set extra properties other than above in file for JDBC connections ?

Setting properties like is a client side setting recommended by vendor (for Oracle) and as per our understanding, user cannot set any such property explicitly in case of SonarQube JDBC connection. Is that correct ?

Thanks in advance.

With Regards,
Vara Prasad.


did you consult
already ?
Guess its configured via jdbc connection string as usual.
This might help also
According to this pdf - search for tcps - you have to use tcps protocol to activate ssl.
See page 7, how to activate ssl




yep sorry I realize my message was unclear: you should be able to set theses properties in the JDBC URL.

Hi Gilbert/Pierre,

Thanks for the pointers.

Apart from server side settings, we need to set client side settings (apart from changing the JDBC url).
For example, need to be set as part of JDBC connection properties.
Do you see any provision to set these to JDBC connection for SonarQube ?

With Regards,
Vara Prasad.

from what i read, can be set through environment variables, so you can put it to (you need to do both) :

  • sonar.web.javaAdditionalOpts
  • sonar.ce.javaAdditionalOpts