SonarQube Token With Host
#
Description#
General- Documentation: https://docs.sonarqube.org/latest/extend/web-api/
- Summary: SonarQube is an open-source platform for continuous inspection of code quality and detection of code vulnerabilities. SonarQube provides a web API to access its functionalities from applications. This detector focuses on detecting user, global analysis and project analysis tokens along with the hostnames used to authenticate API calls.
- IPs allowlist: This feature is not supported for SaaS instances. Note that SonarQube can be self-hosted and IP allowlisting can be enforced directly on the concerned machine.
- Scopes: Permissions associated to a SonarQube token depend on the type of token: - User Tokens: These tokens can be used to run analysis and to invoke web services, based on the token author's permissions. - Project Analysis Tokens: These tokens can be used to run analysis on a specific project. - Global Analysis Tokens: These tokens can be used to run analysis on every project.
#
Revoke the secretThe tokens can be revoked from the security tab of accounts. For On-Premise instances of SonarQube go to User > My Account > Security and click on the Revoke button.
#
Check for suspicious activityNo extensive logs are provided on the SaaS version of SonarQube. Yet, the "last used" date is available and can give insights on suspicious activities.
Sonarqube token prefixed with host
#
Details for Family: Api
Category: Code analysis
Company: SonarQube
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 65.0
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - sq[uap]_
#
Examples- text: | sonar.host=https://sonar.qube.io sonar.login=sqp_9a88f6493075e010f74cbdabeb24fe8c68fab6bd host: https://sonar.qube.io apikey: sqp_9a88f6493075e010f74cbdabeb24fe8c68fab6bd
- text: | sonar.host=https://sonar.qube.io:9000 sonar.login=squ_9a88f6493075e010f74cbdabeb24fe8c68fab6bc host: https://sonar.qube.io:9000 apikey: squ_9a88f6493075e010f74cbdabeb24fe8c68fab6bc