Cached authenticators

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) Sonarqube 7.6
  • what are you trying to achieve: Stig the sonarqube application
  • what have you tried so far to achieve this:

I’m stigging the sonarqube application. I can’t find any documentation which address below issue. Can you take a look?


Check Text: Review application server documentation to ensure the application server prohibits the use of cached authenticators after an organization-defined timeframe.


Hi @nbislicense,

First of all, out of curiosity, when you say you are “stigging” the SonarQube application, do you mean you are working to meet the DoD Security Technical Implementation Guides?

If you look in your instance’s configuration file at <sonarqube install folder>/conf/, you’ll find all the available server configurations including documentation for each setting. I believe the item you’re trying to comply with would be addressed by the setting sonar.web.sessionTimeoutInMinutes.

As a final note, SonarQube 7.6 is beyond its end of life. We’d encourage all 7.x and earlier users to upgrade at least to the current 7.9 LTS release.

Hope this helps!

Yes. Stig means DoD [Security Technical Implementation Guides].
Thanks for the answer and the version recommendation. We will definitely upgrade as soon as possible.



FYI, from SonarQube 8.5 you’ll find new releases in the Iron Bank.