Sonarqube-scanner-npm can't download binaries when using truststore for custom ca

Must-share information (formatted with Markdown):

  • SonarQube Server 9.9.3.79811
  • sonarqube-scanner npm: 4.2.6
  • how is SonarQube deployed: helm
  • what are you trying to achieve

Hi,
thanks for your work on sonar.

I’m trying to use the sonarqube-scanner-npm (https://github.com/SonarSource/sonar-scanner-npm).

The scan fails downloading the sonar-scanner-cli (not using jre provisioning) because I set the truststore (sonar.scanner.truststorePath) to allow communication to our sonarqube, which uses self-signed certificates. It seems, that axios would only use the ca’s parsed from the truststore which are then passed to the httpagent via httpsAgentOptions.ca.

“Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-linux-x64.zip
“An error occurred: Error: unable to get local issuer certificate”

I also added the amazon root ca to the truststore and now its working. So for my setup I have to create a merge truststore.

It would be much easier to set the custom certs as pem or in a store which extrends the system-wide one, which is used when I don’t set the truststore.

Other things I recognized:

Best regards