SONARQUBE - OVER HTTPS & SCANNER CLI USING HTTPS (Direct or Process)

We are required to have all WEB access using HTTPS and CLIENT SIDE certs strongly encouraged. I have configured SONARQUBE with an IIS front end that uses HTTPS and CLIENTSIDE certs or authentication to the “PROXY” function. I would like to add two additional capabilities…
1: Direct login to SONARQUBE using the DOMAIN “AUTH_USER” environment variable.
2: Allow the CLI SCANNER to have direct access to provide scanning.

As a newbie to SONARQUBE, I figured I would ask here to see if I can get some pointers to reach my goal.

We are using Windows 2019 Server, JDBC Driver: 7.4.1, Windows Integrated Auth Driver: 8.2.2 (The latest). for the DB connection from the SERVER to the MS-SQL DB. So the DOMAIN Account is used for all database access by SonarQube.

Hi @Vonwinkle,

I’m not sure I understand your first point:

Direct login of who/what? You mention an environment variable, so I take it you’re not speaking of the web UI. You mention the scanner CLI in your next point, so I take it you’re speaking of something else here. Can you elaborate?

I’m not sure what you mean by “direct access”. The recommended way of using the scanner is by using a token, which you pass as an option via sonar.login. Often times, you’ll want to expose this token via some environment variable (say, SONAR_TOKEN), and pass it to -Dsonar.login. Ex:

sonar-scanner -Dsonar.host.url=https://my.sonarqube.instance -Dsonar.login="$SONAR_TOKEN"

As long as your certificates are correctly configured, the scanner should not have an issue connecting to your SonarQube instance via the HTTPS proxy.