SonarQube 9.9 LTS Secrets Rules

SonarQube Server / Community Build
, , ,
1

Make sure to tell us:

  • What version are you upgrading from?
    8.9 LTS to 9.9LTS
  • System information (Operating system, Java version, Database provider/version)
    EC2 Linux, Java 17, Postgres

Question the GitHub code scanning alerts for security vulnerabilities set up are using only these 7 rules?

Screen Shot 2023-02-20 at 1.00.26 PM
Screen Shot 2023-02-20 at 1.00.26 PM3008×1298 320 KB

2

Hi,

No, it should be all the Vulnerability rules in your Quality Profile.

 
HTH,
Ann

3

Hi @ganncamp,

Thank you for the clarification.
Are the GitHub code scanning alerts set up for the individual repository? or once we set it up it applies to all the existing and new repositories?

Also, I am not getting this screenshot part what do I have to upload here? the same private key I have to upload which I get for PR decoration?

Screen Shot 2023-02-22 at 12.53.27 PM
Screen Shot 2023-02-22 at 12.53.27 PM1468×258 22.2 KB

4

Hi,

The docs should help.

 
Ann

5

I did not see those questions answers in the document, that’s why I asked those questions

6

HI,

On the GitHub side, you add a Webhook URL for your SonarQube instance, and configure a secret

  1. Set a Webhook secret (see GitHub’s webhook security recommendations).

Then you configure that secret into SonarQube

  1. Enter the webhook secret defined in your GitHub App.

 
HTH,
Ann