SonarCube Developer Edition 9.7
I would like to get a Vuln or Bug or Security Hotspot when when scanning a Nuget.conf file containing credentials.
The Nuget.conf file contains the configuration for the .Net package manager, and if such a file is checked in with a credential that is most likely a misstake that needs to be flagged or at least reviewed.
Currently we are getting no bug/vulnerability/Security Hotspot triggered with either sonarcube developer 9.7 or sonarcube lint.
<?xml version="1.0" encoding="utf-8"?> <configuration> <packageSources> <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" /> </packageSources> <packageSourceCredentials> <Something> <add key="Username" value="NuGetter" /> <add key="ClearTextPassword" value="xxxx" /> </Something> </packageSourceCredentials> </configuration>