SonarQube通过https

Question

我正在尝试将SonarQube与TFS 2013构建集成。 SonarQube实例配置为使用https。出于某种原因，TFS尝试联系SonarQube时抛出以下错误：

ERROR: Error during SonarQube Scanner execution <br /> ERROR: Unable to execute SonarQube ERROR: Caused by: Fail to get bootstrap index from server ERROR: Caused by: sun.security.validator.ValidatorException: PKIX path building failed:Sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR: Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR: Caused by: unable to find valid certification path to requested target

我发现了这样的帖子："PKIX path building failed" and "unable to find valid certification path to requested target" 并导出了证书，并使用keytool将其导入到Java密钥库中。我仍然遇到相同的错误。 似乎sonarQube以某种方式无法从默认的Java密钥库中获取证书。

我尝试手动运行声纳扫描仪，并在参数中传递证书信息，但仍然无法获取证书。

C:\SonarScanner\sonar-scanner-3.2.0.1227\bin>sonar-scanner.bat -X -Djavax.net.debug="ssl,handshake" -Djavax.net.ssl.trustStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts" -Djavax.net.ssl.keyStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts"

在查看Debug消息时，它没有识别出其他参数。

有什么建议吗？

Answer 1

将环境变量“ SONAR_SCANNER_OPTS”设置为-Djavax.net.ssl.trustStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts" -Djavax.net.ssl.keyStore="C:/Program Files/Java/jre1.8.0_121/lib/security/cacerts"对我有用。

调试日志现在显示它指向环境变量中设置的密钥库。它既可以使用Sonar-Scanner.bat从命令行运行，也可以作为TFS 2013构建的一部分运行。