Restrict Sonarqube User to see Secret leak in Findings

I am aware that Sonarqube will scan code to find any misconfiguration regarding hardcode secret in the code. But whenever i click the code, i can see the secret in plain text. Is there anyway to hide the secret from Sonarqube findings?

Hi,

Welcome to the community!

We haven’t built that in because by the time a secret makes it into SonarQube, it’s already exposed in your SCM and in need of replacing.

If you’re concerned that people who don’t have access to the project’s SCM can see it in SonarQube, that’s a SonarQube permissions problem.

 
HTH,
Ann

Hi,

Is the SonarQube permissions configuration can be configed using Free/Community Edition? or , should i buy the enterprise one?

Hi,

Yes, you can certainly configure permissions in all editions of SonarQube. Security is for everyone.

 
Ann

Hi,

I have use case.

Let say i have user_a , user_b , and user_c.
Also I have project_a, project_b, and project_c.

User_a can only see findings for project_a but can’t see project_b and project_c.
User_b can only see findings for project_b but can’t see project_a and project_c.
User_c can only see findings for project_c but can’t see project_a and project_b.

How can I bind this permiession in Sonarqube Free edition?

Hi,

Have you read the docs link I sent?

 
Ann

Hi,

Thanks for your reply. Yes, I have read the docs you sent… but i am still confused which section that indicates the permission can be configured for Project Binding? is it like attached?

Hi,

Did you read the section right after the section you screenshotted? The one about project permissions?

 
Ann