Skip to main content

SonarQube Token With Host

Description

General

  • Documentation: https://docs.sonarqube.org/latest/extend/web-api/
  • Summary: SonarQube is an open-source platform for continuous inspection of code quality and detection of code vulnerabilities. SonarQube provides a web API to access its functionalities from applications. This detector focuses on detecting user, global analysis and project analysis tokens along with the hostnames used to authenticate API calls.
  • IPs allowlist: IP allowlisting can be enforced directly on the concerned machine.
  • Scopes: Permissions associated with a SonarQube token depend on the type of token: - User Tokens: These tokens can be used to run analysis and to invoke web services, based on the token author's permissions. - Project Analysis Tokens: These tokens can be used to run analysis on a specific project. - Global Analysis Tokens: These tokens can be used to run analysis on every project.

Revoke the secret

The tokens can be revoked from User > My Account > Security and click on the Revoke button.

Check for suspicious activity

The "last used" date is available and can give insights on suspicious activities.

Details for SonarQube Token Prefixed with Host

  • Family: token

  • Category: code_analysis

  • Company: SonarQube

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 13.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - sq[uap]_

Examples

- text: |
    sonar.host=https://sonar.qube.io
    sonar.login=sqp_9a88f6493075e010f74cbdabeb24fe8c68fab6bd
  host: https://sonar.qube.io
  apikey: sqp_9a88f6493075e010f74cbdabeb24fe8c68fab6bd

- text: |
    sonar.host=https://sonar.qube.io:9000
    sonar.login=squ_9a88f6493075e010f74cbdabeb24fe8c68fab6bc
  host: https://sonar.qube.io:9000
  apikey: squ_9a88f6493075e010f74cbdabeb24fe8c68fab6bc
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status