How to secure traffic between SonarQube (server) and Sonar Scanner (client)


I’m currently using ;

  • SonarQube 7.9.2 running on a docker.
  • Scanner ; Sonar Scanner (version 4.2.0).
  • what I’m trying to achieve ; Secure traffic between SonarQube and Sonar Scanner.

Current commandes used to launch the scan ;

sonar-scanner --debug --define sonar.login=“name-of-account” \
–define sonar.password=“my-password” \
–define sonar.analysis.mode=publish \
–define“” \
–define sonar.sources=“project-name” \
–define sonar.sourceEncoding=“UTF-8” \

Thank you in advance for your help.


Two advices:

  1. Put your server behind a proxy (like nginx) and enable HTTPS:

  2. Use user tokens instead of user/password, so you can revoke the token when necessary: