Summary:
Our sonarcloud is using webhooks with secret to send notifications to our respective messaging channels.
However since 26 Jun, it start to get 401 error code due to HMAC generated by sonarcloud not match with our endpoint (tested also on HMAC generator online tool)
Observation:
Secret: abcd
Payload:
{"serverUrl":"https://sonarcloud.io","taskId":"AXsLovEfMvebYh7bttKk","status":"SUCCESS","analysedAt":"2021-08-03T10:50:14+0000","revision":"48049bff8ee67d4f06b0ed691d5d0a99467bd52a","changedAt":"2021-08-03T10:50:14+0000","project":{"key":"sonar-monitoring","name":"sonar-monitoring","url":"https://sonarcloud.io/dashboard?id=sonar-monitoring"},"branch":{"name":"sonar-reporter-monitoring","type":"SHORT","isMain":false,"url":"https://sonarcloud.io/dashboard?id=sonar-monitoring&branch=sonar-reporter-monitoring"},"qualityGate":{"name":"High Tolerance","status":"OK","conditions":[{"metric":"new_reliability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"2"},{"metric":"new_security_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"},{"metric":"new_maintainability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"2"},{"metric":"new_coverage","operator":"LESS_THAN","value":"100.0","status":"OK","errorThreshold":"50"},{"metric":"new_bugs","operator":"GREATER_THAN","value":"0","status":"OK","errorThreshold":"3"},{"metric":"new_code_smells","operator":"GREATER_THAN","value":"3","status":"OK","errorThreshold":"20"},{"metric":"new_security_hotspots","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"3"}]},"properties":{}}
HMAC from sonarcloud
3e7c92c95839e0e1cfae0955eca50cd70121957e56b9e68b8f150c0757fc13e9
Expected HMAC
0405428f767463df702e8cda973a084ec866dc9e3bb32ca19d4069ca27a12e66