SonarQube integration with Azure DevOps Pipeline via Self-hosted Azure VM

SakthiSushmitha · November 29, 2022, 7:31pm

Trying to run SonarQube scan from Azure DevOps pipeline integrated to a SonarQube server (SonarQube running in a different server and different network where firewall been enabled) via Self hosted agent.

Created Agent pool in Azure DevOps where the Agent pool is Self-hosted Azure Virtual machine(windows).
Installed SonarQube extension from Azure DevOps Market Place.
Created Service connection for SonarQube in the Azure DevOps.
Established communication from Azure DevOps to VM, from VM to SonarQube .
Created sample pipeline in Azure DevOps to run SonarQube scan.
Also added required certificates in the Virtual Machine.

Getting this error:
##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_GET_ISSUER_CERT_LOCALLY”}

Need help to resolve this issue as soon as possible.

Thanks,
Sakthi

Colin · December 1, 2022, 8:24am

Hey there.

Your SonarQube server is probably using a self-signed certificate, which NodeJS (executing this web request) doesn’t automatically trust.

Take a look at this similar thread:

SakthiSushmitha · December 1, 2022, 7:29pm

Thank you Colin for sharing the thread link.

I have added the
NODE_EXTRA_CA_CERTS= C:\sonarqube.crt in the Self hosted VM environment variable and also in the Azure DevOps pipeline variable.

Still getting the same error. Need support to fix this issue.

SakthiSushmitha · December 1, 2022, 8:09pm

Colon we have the SonarQube Enterprise version and we didn’t find sonar account to create a ticket on the mentioned issue.

And through Community we seek support. If possible support us raising the ticket.

Colin · December 2, 2022, 10:44am

Hey there.

Unless you have access to Commercial Support (an add-on to certain commercial subscriptions)… this Community is where you can seek help.

I would really suggest going the route of this poster:

And creating a small node script to test that the NODE_EXTRA_CA_CERTS value is behaving as expected. This takes the scanner itself out of the equation for now.

SakthiSushmitha · December 9, 2022, 6:06am

Thanks.
But still the same error in the pipeline. Kindly share us solution.

error: ][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_GET_ISSUER_CERT_LOCALLY”}

Shikhar_Daniel · July 4, 2023, 8:58am

Hi
I am also facing exact same problem.

If you were able to get past this, could you please share your solution.

Topic		Replies	Views
VSTS - Publish Quality Gate Result: unable to get local issuer certificate SonarQube Server / Community Build tfs , ssl , azuredevops-server	10	6497	March 20, 2025
Https://sonarqube/api/server/version is not accessible from the azure devops pipeline. but, I am able to access the same with wget command from the build agent SonarQube Server / Community Build ssl	4	1256	June 28, 2021
API GET '/api/server/version' failed when connecting to https sonarqube SonarQube Server / Community Build azuredevops-services , ssl	0	615	February 4, 2021
Setting SSL Certificates in Microsoft Hosted Azure Pipeline SonarQube Server / Community Build azuredevops-services , ssl	3	1534	March 18, 2020
Certificate error when running SonarQubePrepare in azure devops SonarQube Server / Community Build azuredevops-services	1	125	December 6, 2024

SonarQube integration with Azure DevOps Pipeline via Self-hosted Azure VM

Related topics