Hacked instance

pucara · July 4, 2021, 10:23pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):
Version :7.9 sonarqube, plugin gitlab
what are you trying to achieve:
Searching for some advice.
what have you tried so far to achieve this:
I want to know how deep i have to search for, in the case of one instance of sonarqube was hacked. If sonarqube store password data or only make referenced to the “external code”, if there information stored in sonarqube is encrypted or not… i want to know where can i found this information or if someone can tell me more.
thnks in advice

dmeneses · July 8, 2021, 6:46pm

Hi,

I don’t think we published detailed information about security features of SonarQube. However, you can find some information and settings you can use here.
To answer your specific questions, code analyzed is stored in the database and passwords are encrypted.

Topic		Replies	Views
sonarQube Monitoring SonarQube Server / Community Build sonarqube	1	366	January 14, 2019
Can SonarQube be able to do Security check for sensitive data stored eg password as plain text in xml files SonarQube Server / Community Build security	7	3687	July 16, 2020
DB encryption at rest support SonarQube Server / Community Build sonarqube , encryption	2	434	June 8, 2023
Remove export cipher SonarQube Server / Community Build sonarqube , security	1	438	April 23, 2020
Sonarqube SQL server connection encryption in transit SonarQube Server / Community Build sonarqube	0	410	April 18, 2019

Hacked instance

Related topics