Authentiction protocol

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

The version is Sonarqube 7.6
I’m stigging the sonarqube application server.
I would like to know what protocol is used to provide the secure authentication. If SOAP is used, does the application server provide extension to the SOAP protocol that provide secure authentication?

Hi @nbislicense,

We do not use SOAP. All communication with SonarQube happens via HTTP (HTTPS being highly recommended). Authentication and authorization happen using one of the following methods:

  • A token generated by the user (mostly for analysing code, and third-party tool access)
  • A JWT session (for the UI)

FYI, from SonarQube 8.5 you’ll find new releases in the Iron Bank.