diff --git a/templates/gitlab-ci-sonar.yml b/templates/gitlab-ci-sonar.yml
index e5faa4d7ab43f6773d2bc93848f367dcd16c99f6..656b46c3f626adaf4c83aa1a4a70c71e98330960 100644
--- a/templates/gitlab-ci-sonar.yml
+++ b/templates/gitlab-ci-sonar.yml
@@ -147,15 +147,17 @@ stages:
     then
       return
     fi
+    # creat a writable folder for the keystore and certs
+    mkdir -p /tmp/certs
 
     # import in system
-    if echo "$certs" >> /etc/ssl/certs/ca-certificates.crt
+    if echo "$certs" >> /tmp/certs/ca-certificates.crt
     then
-      log_info "CA certificates imported in \\e[33;1m/etc/ssl/certs/ca-certificates.crt\\e[0m"
+      log_info "CA certificates imported in \\e[33;1m/tmp/certs/ca-certificates.crt\\e[0m"
     fi
-    if echo "$certs" >> /etc/ssl/cert.pem
+    if echo "$certs" >> /tmp/certs/cert.pem
     then
-      log_info "CA certificates imported in \\e[33;1m/etc/ssl/cert.pem\\e[0m"
+      log_info "CA certificates imported in \\e[33;1m/tmp/certs/cert.pem\\e[0m"
     fi
 
     # import in Java keystore (if keytool command found)
@@ -167,6 +169,10 @@ stages:
       keystore=${JAVA_KEYSTORE_PATH:-$(ls -1 $javahome/jre/lib/security/cacerts 2>/dev/null || ls -1 $javahome/lib/security/cacerts 2>/dev/null || echo "")}
       if [[ -f "$keystore" ]]
       then
+        # copy keystore into writable folder
+        cp -L -r --no-preserve=mode "$keystore" /tmp/writable_keystore
+        # set writable keystore as keystore
+        keystore="/tmp/writable_keystore"
         storepass=${JAVA_KEYSTORE_PASSWORD:-changeit}
         nb_certs=$(echo "$certs" | grep -c 'END CERTIFICATE')
         log_info "importing $nb_certs certificates in Java keystore \\e[33;1m$keystore\\e[0m..."
@@ -427,8 +433,19 @@ sonar:
         log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)'
         export SONAR_TOKEN="$SONAR_AUTH_TOKEN"
       fi
+    - |
+      if [[ -z "$CUSTOM_CA_CERTS" ]]
+      then
+        log_info '$CUSTOM_CA_CERTS not set: using default keystore'
+      else
+        log_info '$CUSTOM_CA_CERTS variable detected: using writable keystore path (/tmp/writable_keystore)'
+        export CUSTOM_KEYSTORE_PATH="/tmp/writable_keystore"
+        export CUSTOM_KEYSTORE_PASSWORD="changeit"
+      fi
     - >-
-      sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args 
+      sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args
+      ${CUSTOM_KEYSTORE_PATH:+-Dsonar.scanner.truststorePath=$CUSTOM_KEYSTORE_PATH}
+      ${CUSTOM_KEYSTORE_PASSWORD:+-Dsonar.scanner.truststorePassword=$CUSTOM_KEYSTORE_PASSWORD}
       ${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN} 
       ${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD} 
       ${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY}