- ALM used: Azure DevOps
- CI system used: Azure DevOps
- Languages of the repository: Spanish
- Error observed:
I have a C# project in which one of the developers uploaded the burned connection string directly into the appsettings file as follows:
</>
“ConnectionStrings”: {
“Connection”: “Server=tcp:mt.db.windows.net,1433;Initial Catalog=Conect;Persist Security Info=False;User ID=example;Password=123456;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False ;ConnectionTimeout=30;”
“pers”: “”
}
</>
My question is why the SonarCloud analysis is not detecting this problem, the rule is activated and has always worked well, however this security point has not been detected by SonarCloud, is there a reason for this problem?
My second question is if SonarCloud has the option to notify the administrator when a quality gate fails in a general way in any of the projects of the organization
I know that it can be configured within each project, but I would like to do it in a general way for everyone, is this possible?