Enterprise Edition, Version 8.9.3 (build 48735)
GitLab plugin version is 4.1.0
When I add an
sonar.gitlab.user_tokenin the Admin UI, it is shown in “Project Settings/Background Tasks/Scanner Context” of a project in plain text
In the Admin UI I am unable to see the value, I may only change it there. It is somehow marked as password.
When a plugin does mark something as a password, I would assume that it will be hidden or replaced by asterisks in “Scanner Context” as well.
You are mentioning here a GitLab plugin. Are you using a community plugin?
GitLab integration comes out of the box with SonarQube.
yes, thanks for coming back on this.
sonar.gitlab.user_token is probably from GitHub - gabrie-allaigre/sonar-gitlab-plugin: Add to each commit GitLab in a global commentary on the new anomalies added by this commit and add comment lines of modified files.
For the current default ALM integration there would need to exist a user which has at least reporter access to all projects (we have about 1500 projects and appr. for every 50 projects different permission may exist, the plugin allows to specify a token during analysis).
So more in General: if a plugin “hides” a password/field set on the server side, I would expect that the scanner does not show it in it’s log? Does that make sense?