Hacked instance

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):
    Version :7.9 sonarqube, plugin gitlab
  • what are you trying to achieve:
    Searching for some advice.
  • what have you tried so far to achieve this:
    I want to know how deep i have to search for, in the case of one instance of sonarqube was hacked. If sonarqube store password data or only make referenced to the “external code”, if there information stored in sonarqube is encrypted or not… i want to know where can i found this information or if someone can tell me more.
    thnks in advice


I don’t think we published detailed information about security features of SonarQube. However, you can find some information and settings you can use here.
To answer your specific questions, code analyzed is stored in the database and passwords are encrypted.