Connect Azure DevOps to SonarQube with Self-signed Certificates – Linux Build Agent

19 Oct, 2021

Scenario

You are running SonarQube on on-premise server using self-signed certificate for https access. SonarQube executes 3 steps in pipeline –
1. Prepare Analysis on SonarQube
2. SonarQube Analyze
3. SonarQube Publish

You are running your build agent on Linux box and you observe that it fails on first step in pipeline and throws this error

[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:”SELF_SIGNED_CERT_IN_CHAIN”}}

You have configured SonarQube scannerMode as ‘CLI‘ (Other (JavaScript, TypeScript, Go, Python, PHP, etc.))

Solution:

This error shows up due to missing PEM file which has all the certs. On Linux, certs are placed in /etc/ssl/certs folder.
Make sure you install certs using command-

export CERTS=/usr/local/share/ca-certificates

keytool -importcert -cacerts -noprompts -alias sonarqube -file $CERTS/sonarqube.pem -trustcacerts -storepass changeit && \
update-ca-certificates

Then set the variable NODE_EXTRA_CA_CERTS pointing to /etc/ssl/certs/sonarqube.pem in pipeline.

This will resolve the error.

Connect Azure DevOps to SonarQube with Self-signed Certificates – Linux Build Agent

Scenario

Solution:

Tools required to install to work with AWS EKS cluster

OAuth 2.0 Client Credentials Grant type flow

Creating custom Terraform providers and extending Terraform’s functionality

An introduction to Terraform and its use cases

Working and investigating issues with AWS ECS containers

What is Docker and how can I use it

Tag to a previous commit in a Git repository that you have cloned locally