diff --git a/cmd/sonarExecuteScan.go b/cmd/sonarExecuteScan.go
index 45bf019b2e..8384bd3409 100644
--- a/cmd/sonarExecuteScan.go
+++ b/cmd/sonarExecuteScan.go
@@ -415,13 +415,23 @@ func loadSonarScanner(url string, client piperhttp.Downloader) error {
 	return nil
 }
 
+func addSonarScannerOpts(opts string) {
+	tmpOpts := os.Getenv("SONAR_SCANNER_OPTS")
+	if len(tmpOpts) > 0 {
+		log.Entry().Debug("SONAR_SCANNER_OPTS already set. Appending to existing value: " + tmpOpts)
+		sonar.addEnvironment("SONAR_SCANNER_OPTS=" + tmpOpts + " " + opts)
+	} else {
+		sonar.addEnvironment("SONAR_SCANNER_OPTS=" + opts)
+	}
+}
+
 func loadCertificates(certificateList []string, client piperhttp.Downloader, runner command.ExecRunner) error {
 	truststorePath := filepath.Join(getWorkingDir(), ".certificates")
 	truststoreFile := filepath.Join(truststorePath, "cacerts")
 
 	if exists, _ := fileUtilsExists(truststoreFile); exists {
 		// use local existing trust store
-		sonar.addEnvironment("SONAR_SCANNER_OPTS=" + keytool.GetMavenOpts(truststoreFile))
+		addSonarScannerOpts(keytool.GetMavenOpts(truststoreFile))
 		log.Entry().WithField("trust store", truststoreFile).Info("Using local trust store")
 	} else if len(certificateList) > 0 {
 		// create download temp dir
@@ -451,7 +461,7 @@ func loadCertificates(certificateList []string, client piperhttp.Downloader, run
 				// return errors.Wrap(err, "Adding certificate to keystore failed")
 			}
 		}
-		sonar.addEnvironment("SONAR_SCANNER_OPTS=" + keytool.GetMavenOpts(truststoreFile))
+		addSonarScannerOpts(keytool.GetMavenOpts(truststoreFile))
 		log.Entry().WithField("trust store", truststoreFile).Info("Using local trust store")
 	} else {
 		log.Entry().Debug("Download of TLS certificates skipped")
diff --git a/cmd/sonarExecuteScan_test.go b/cmd/sonarExecuteScan_test.go
index 0031d0f524..1c7159bbfb 100644
--- a/cmd/sonarExecuteScan_test.go
+++ b/cmd/sonarExecuteScan_test.go
@@ -176,6 +176,7 @@ func TestRunSonar(t *testing.T) {
 			PullRequestProvider:       "GitHub",
 		}
 		fileUtilsExists = mockFileUtilsExists(true)
+		os.Setenv("SONAR_SCANNER_OPTS", "-Xmx42m")
 		// test
 		err := runSonar(options, &mockDownloadClient, &mockRunner, apiClient, &mock.FilesMock{}, &sonarExecuteScanInflux{})
 		// assert
@@ -184,7 +185,7 @@ func TestRunSonar(t *testing.T) {
 		assert.Contains(t, sonar.options, "-Dsonar.organization=SAP")
 		assert.Contains(t, sonar.environment, "SONAR_HOST_URL="+sonarServerURL)
 		assert.Contains(t, sonar.environment, "SONAR_TOKEN=secret-ABC")
-		assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
+		assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Xmx42m -Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
 	})
 	t.Run("with custom options", func(t *testing.T) {
 		// init