Sonnar-scanner with self signed certificate sonarqube instance

Hi all ,

My current config is the following
I have a kubernetes cluster wich i deploy docker container into.
I have deployed the sonarqube:community docker container version with a postgresql:9.5 database.
I use gitlab for code versionning and one to analyse one of my branch using gitlab cicd pipeline.
As such, i use the sonarsource/sonnar-scanner:latest image to execute my analysis.

For now i have to use a self signed certificate for my sonarqube instance

I tried to configure the sonar-scanner to accept self signed certificate based on the documentation here : SonarScanner | SonarQube Docs on the " Using self signed certificate" section

On the first step using this command :

docker pull sonarsource/sonar-scanner-cli
docker run \
    --rm \
    --entrypoint cat sonarsource/sonar-scanner-cli /opt/java/openjdk/lib/security/cacerts > cacerts

i get a cat: can’t open ‘/opt/java/openjdk/lib/security/cacerts’: No such file or directory

What i did instead is the linux64 bits version of sonar scanner and get the cacert from there in /sonar-scanner-4.6.2.2472-linux/jre/lib/security/

then did this :

docker run \
    --rm \
    -v `pwd`:/tmp/certs \
    sonarsource/sonar-scanner-cli \
    bash -c 'cd /tmp/certs && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias mycert -file mycert.cer'

based on the mycert.cer certificate that i have retrieved from kubernetes.

and finaly run a scan with :

docker run \
    --rm \
    -e SONAR_HOST_URL="http://${SONARQUBE_URL}" \
    -v `pwd`/cacerts:/opt/java/openjdk/lib/security/cacerts \
    sonarsource/sonar-scanner-cli

unfortunately i still get this error when trying to run a scan :

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any help on this will be more than appreciated :slight_smile:

Kind regards