Sometimes when we are running analysis on our code we may get an error like the below one. The error is mostly due to certificate of the server in which SonarQube is installed and which is not trusted by the Java version.

[SQ] API GET ‘api/server/version/’ failed, error was : {“code”:”UNABLE_TO_GET_ISSUER_CERT_LOCALLY”}

If you are using Azure DevOps or Github extensions to run SonarQube there are 2 ways to solve the issue as shown below.

Setting Node option: Setting “NODE_TLS_REJECT_UNAUTHORIZED” to “0” make node.js to even accept non trusted certificates as this issue is mainly due to certificate for the SonarQube or the local server. This is one of the easiest options if you are trying to make SonarQube work within a corporate environment and if you are behind the proxy.

Adding certificates and Sonar Scanner OPTS: This solution involves adding the SonarQube certificate on the Azure DevOps Build agent as the pipeline variables. The 1st step involves adding a pipeline variable called “NODE_EXTRA_CA_CERTS” in the pipeline which will point to the correct location of the .pem file for the SonarQube server and 2nd option will involve adding “SONAR_SCANNER_OPTS” which will point to the correct location of cacerts files under JDK folder.

You may need to copy cacerts to the JDK path under E:\Java\jdkversion\lib\security\ and then add then add these values to the SONAR_SCANNER_OPTS (Both of them should be added without any space to this variable)

-Djavax.net.ssl.trustStore=”E:\Java\jdkversion\lib\security\cacerts”
-Djavax.net.ssl.keyStore=”E:\Java\jdkversion\lib\security\cacerts”

Once you have added this, the SonarQube task will work without any issues.