SONAR_SCANNER_OPTS is not being used for .NET analysis

We have a special scenario, where we need to use the java keystore to do the request to Sonar.
It works well when I use:
sonar-scanner.bat -X -D"sonar.projectKey=projkey" -D"sonar.login=mytoken" -D"sonar.host.url=myURL"

Then it executes and get the SONAR_SCANNER_OPTS with the params:
-Djavax.net.ssl.keyStore=cert.pfx -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=mypw

Then, when I tried
dotnet C:\Temp\Sonar\SonarScanner.MSBuild.dll begin /k:“projkey” /v:1.1 /d:sonar.login=“mytoken” it fails with SSL issue, as my pfx is not being considered and seems that SONAR_SCANNER_OPTS is being completely ignored.

It also happens from Azure DevOps Pipelines with hosted agents.

So my problem here is to understand if dotnet scanner can consider that SONAR_SCANNER_OPTS, and how I make it work, or if it was really something that was ignored when the runner was created.

IF there is no solution to use the OPTS variable, is there a way to scan .net projects with sonar-scanner.bat directly? Now my runs in fact do nothing, I added the src and that’s the only thing available in sonar.

For those curious about the implementation, we have done a MTLS authentication in our server to allow public connection using a certificate to authenticated based in our CA.

SonarScanner for MSBuild 5.1
Using the .NET Core version of the Scanner for MSBuild
Default properties file was found at C:\Temp\Sonar\SonarQube.Analysis.xml
Loading analysis properties from C:\Temp\Sonar\SonarQube.Analysis.xml
sonar.verbose=true was specified - setting the log verbosity to 'Debug'
Pre-processing started.
Preparing working directories...
Using environment variables to determine the download directory...
13:56:16.465  13:56:16.455  Loading analysis properties from C:\Temp\Sonar\SonarQube.Analysis.xml
13:56:16.467  13:56:16.465  sonar.verbose=true was specified - setting the log verbosity to 'Debug'
13:56:16.472  Updating build integration targets...
13:56:16.478  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\4.0\Microsoft.Common.targets\ImportBefore
13:56:16.479  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\10.0\Microsoft.Common.targets\ImportBefore
13:56:16.48  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\11.0\Microsoft.Common.targets\ImportBefore
13:56:16.48  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\12.0\Microsoft.Common.targets\ImportBefore
13:56:16.481  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\14.0\Microsoft.Common.targets\ImportBefore
13:56:16.481  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\15.0\Microsoft.Common.targets\ImportBefore
13:56:16.482  The file SonarQube.Integration.ImportBefore.targets is up to date at C:\Users\XX\AppData\Local\Microsoft\MSBuild\Current\Microsoft.Common.targets\ImportBefore
13:56:16.486  Installed SonarQube.Integration.targets to C:\Users\XX\.sonarqube\bin\targets
13:56:16.491  Creating config and output folders...
13:56:16.493  Creating directory: C:\Users\XX\.sonarqube\conf
13:56:16.494  Creating directory: C:\Users\XX\.sonarqube\out
13:56:16.515  Downloading from https://MYURL/api/server/version...
13:56:16.931  Failed to request and parse 'https://MYURL/api/server/version': The SSL connection could not be established, see inner exception.
13:56:16.938  The SSL connection could not be established, see inner exception.
13:56:16.941  Pre-processing failed. Exit code: 1

Checking the sonarqube source code, I can find that the env variable is supposed to be read in the method ExecuteJavaRunner in SonarScanner.Wrapper.cs - maybe can it be considered a bug?

It is a bug.

                if (!await server.IsServerLicenseValid())

TeamBuildPreProcessor.cs, line 128, it is trying to check my license using the URL that is protected by a mTLS connection. It is not considering the java OPTS env variables. At least I cannot find them, can someone really help here? Maybe the sonarqube runner development team may know how to help.

Hi @fabbios

Java cert store is intended to be used on java-based programs, such as the SonarScanner CLI. This Scanner is called by the SonarScanner for .NET as an underlying wrapper.

As you can see, SonarScanner for .NET is programmed in C#, which is not compatible with those java-based properties and cert store.

So the only way i see is to install the certificated in the Windows store of the machine you are executing the Scanner on.

HTH,
Mickaël

1 Like

Ok, I fixed the code and I submitted the PR today :slight_smile:

Any chance of it be incorporated in the release version soon? Otherwise I will have to create my own extension, deploy in azure devops and so on…

Hi Fabio,

we had a similar issue, maybe that helps also us Do proxy settings work with MSBuild Sonar Scanner??

Regards,
Günter