If env variable ES_JAVA_OPTS is set when starting SonarQube, this variable will be picked up by the Elastic starting script, no matter what JVM options SonarQube defined, effectively allowing user to work around any safety check coded in SonarQube regarding Elastic command line arguments.
Env variable JAVA_TOOL_OPTIONS is ignored when starting elastic (see
SONAR-9773) and a warning displayed. The same should be done with env variable ES_JAVA_OPTS.
The goal is to have all command line options for Elastic be specified through SonarQube's sonar.search.javaOpts and sonar.search.javaAdditionalOpts in sonar.properties. This way, we can provide safety checks and be sure some command line we enforce can not be worked around.