How to secure traffic between SonarQube (server) and Sonar Scanner (client)

Hamza_Kamel · January 31, 2020, 11:12am

Hello,

I’m currently using ;

SonarQube 7.9.2 running on a docker.
Scanner ; Sonar Scanner (version 4.2.0).

what I’m trying to achieve ; Secure traffic between SonarQube and Sonar Scanner.

Current commandes used to launch the scan ;

sonar-scanner --debug --define sonar.login=“name-of-account” \
–define sonar.password=“my-password” \
–define sonar.analysis.mode=publish \
–define sonar.host.url=“http://172.17.0.1:9000/” \
–define sonar.sources=“project-name” \
–define sonar.sourceEncoding=“UTF-8” \

Issue : The credentials are sent not encrypted to SonarQube(server). As later I will have to deploy the solution (SonarQube) on a public server I want to know how I can secure (encrypt) the traffic ?
what have you tried so far ; This tutorial ;
https://docs.sonarqube.org/display/SONARQUBE53/Settings+Encryption

Thank you in advance for your help.

felipebz · January 31, 2020, 11:48am

Hi.

Two advices:

Put your server behind a proxy (like nginx) and enable HTTPS: https://docs.sonarqube.org/latest/setup/operate-server/
Use user tokens instead of user/password, so you can revoke the token when necessary: https://docs.sonarqube.org/latest/user-guide/user-token/

Topic		Replies	Views
Passing cert to sonarqube docker container SonarQube Server / Community Build scanner , docker , cert	1	819	September 30, 2020
Conenct to SonarQube behind teleport SonarQube Server / Community Build sonarqube , scanner	1	104	June 7, 2024
Sonarqube on HTTPS SonarQube Server / Community Build ssl	2	672	March 31, 2020
SONARQUBE - OVER HTTPS & SCANNER CLI USING HTTPS (Direct or Process) SonarQube Server / Community Build proxy	1	942	July 7, 2020
Communication between SonarScanner and SonarQube SonarQube Server / Community Build	2	691	September 3, 2020

How to secure traffic between SonarQube (server) and Sonar Scanner (client)

Related topics