Installing the server’s self-signed certificate into the scanner's truststore
If your SonarQube server is configured with HTTPS and a self-signed certificate (or more generally, an SSL certificate that is not signed by an authority trusted by Java) then you must install the self-signed certificate into the Java truststore of your CI/CD host machine otherwise the scanner will not be able to connect to the server and the analysis will fail.
JVM comes with a default truststore called
cacerts. It resides in
To install the certificate into the truststore, use the JVM tool
keytool. The instructions depend on your operating system and you will find many resources online, such as this one for Linux.
If you need to configure a self-signed certificate for the scanner to communicate with your SonarQube instance, you can use a volume under
/tmp/cacerts to add it to the containers java trust store:
Alternatively, you can create your own container that includes the modified
cacerts file. Create a
Dockerfile with the following contents:
Then, assuming both the
Dockerfile are in the current directory, create the new image with a command such as: