Advanced configuration

HTTP configuration

To operate, SonarQube for IntelliJ needs to perform HTTP requests, especially in Connected mode. While SonarQube for IntelliJ will work out-of-the-box in most situations, some network infrastructure may require a custom configuration.

Passing SonarQube for IDE properties

In SonarQube for IntelliJ, properties should be added to the IDE JVM options. Please see the JetBrains documentation for more details.

Manage your configuration

HTTP Client timeouts

SonarQube for IDE supports various timeouts. Below you will find the properties added to control them:

sonarlint.http.connectTimeout

• Determines the timeout, in minutes, until a new connection is fully established.

• Default: 1 min

sonarlint.http.socketTimeout

• Determines the default socket timeout value, in minutes, for I/O operations.

• Default: infinite

sonarlint.http.connectionRequestTimeout

• The connection lease request timeout, in minutes, is used when requesting a connection from the connection manager.

• Default: 1 min

sonarlint.http.responseTimeout

• Determines the timeout, in minutes, until the arrival of a response from the opposite endpoint.

• Default: 10 min

Server SSL certificates

SonarQube for IDE manages its own TrustStore in addition to the OS and Java TrustStores. When encountering an untrusted certificate, SonarQube for IDE will ask the user if the certificate should be trusted. If the answer is yes, the certificate will be added to the TrustStore.

SonarQube for IDE depends on you to provide server certificates when required by your environment. Here’s a generalization of a few basic steps you can use to help make that easier. Note that these instructions are for server SSL certificates. If you're dealing with a client SSL certificate, you'll need to create and configure a "key store" instead.

keytool -import -keystore C:/<Your_Path_To_Your_Truststore> -storepass password -noprompt -alias sonarqube-ssl -file <Your_Certificate>.cer

-Dsonarlint.ssl.trustStorePath=C:/<Your_Path_To_Your_Truststore>

-Dsonarlint.ssl.trustStorePassword=<Your_Password>

-Dsonarlint.ssl.trustStoreType=PKCS12

TrustStore

sonarlint.ssl.trustStorePath

• Path to the keystore used by SonarLint to store custom trusted server certificates

• default: ~/.sonarlint/ssl/truststore.p12

sonarlint.ssl.trustStorePassword

• Password of the truststore.

• default: sonarlint

sonarlint.ssl.trustStoreType

• The format of the keystore file is found in the Oracle documentation.

• default: PKCS12

Client SSL certificates

Some servers or proxies may also require SonarQube for IDE to authenticate using client-side SSL certificates. This is a rare use case, and at for the moment, there is no UI to configure client-side SSL certificates. To properly authenticate client-side SSL certificates, you must manually create a keystore at the default location, or use the following properties:

KeyStore

sonarlint.ssl.keyStorePath

• Path to the keystore used by SonarQube for IDE to store client certificates.

• default: ~/.sonarlint/ssl/keystore.p12

sonarlint.ssl.keyStorePassword

• Password of the keystore.

• default: sonarlint

sonarlint.ssl.keyStoreType

• The format of the keystore file is found in the Oracle documentation.

• default: PKCS12

Using a custom JRE

By default, SonarQube for IntelliJ uses the JRE provided by your IDE. It’s possible to override this and define a custom JRE as long as it meets SonarQube for IntelliJ’s Requirements.

Please read the next section, Passing SonarQube for IDE properties, to add your custom sonarlint.jre.path system property.