-
SonarCube Developer Edition 9.7
-
I would like to get a Vuln or Bug or Security Hotspot when when scanning a Nuget.conf file containing credentials.
The Nuget.conf file contains the configuration for the .Net package manager, and if such a file is checked in with a credential that is most likely a misstake that needs to be flagged or at least reviewed.
Currently we are getting no bug/vulnerability/Security Hotspot triggered with either sonarcube developer 9.7 or sonarcube lint.
Reference doc:
Example file.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
</packageSources>
<packageSourceCredentials>
<Something>
<add key="Username" value="NuGetter" />
<add key="ClearTextPassword" value="xxxx" />
</Something>
</packageSourceCredentials>
</configuration>
Thanks
David