Must-share information (formatted with Markdown):
- SonarQube Server 9.9.3.79811
- sonarqube-scanner npm: 4.2.6
- how is SonarQube deployed: helm
- what are you trying to achieve
Hi,
thanks for your work on sonar.
I’m trying to use the sonarqube-scanner-npm (https://github.com/SonarSource/sonar-scanner-npm).
The scan fails downloading the sonar-scanner-cli (not using jre provisioning) because I set the truststore (sonar.scanner.truststorePath) to allow communication to our sonarqube, which uses self-signed certificates. It seems, that axios would only use the ca’s parsed from the truststore which are then passed to the httpagent via httpsAgentOptions.ca.
“Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-linux-x64.zip”
“An error occurred: Error: unable to get local issuer certificate”
I also added the amazon root ca to the truststore and now its working. So for my setup I have to create a merge truststore.
It would be much easier to set the custom certs as pem or in a store which extrends the system-wide one, which is used when I don’t set the truststore.
Other things I recognized:
- I’m also missing a noproxyhost configuration.
- The default path for the truststore wasn’t working for me - also couldn’t find it in the sourcecode $SONAR_USER_HOME/ssl/truststore.p12 (mentioned here: https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/scanner-environment/manage-tls-certificates/
Best regards