We are using SonarQube 8.9 LTS in our customer environment.
We are trying to setup the test environment for SonarQube. We could able to setup it with MS SQL 2019 developer version as database, with Bitbucket server as project repository and SonarScanner on the same server. We are using default webserver provided with SonarQube installation. We could able to run the scanning on test project repositories.
Upon testing this environment for security, we got two observations which goes as follows.
-
Unencrypted communications - As as solution we are going to install SSL certificate for this.
-
TLS Cookie (Set-Cookie) without Secure flag set - For this issue, we need help on understanding where to set this secure flag? Is it on default webserver on SonarQube or on SonarQube environment variables? If so, please let us know how to do this?
Please help.
Thanks,
Sankar.