Hi @leo.geoffroy thanks for opening the ticket.
In my opinion the direction of the ticket is a bit reversed:
- Please make at least the liveness (1) and readiness (2) endpoints accessible without any authentication.
- You do not need to expose any information in the body, a 20x response is sufficient and indicates:
- whether the Java process itself does “live” resp.
- the service is ready/able to handle requests and should now answer “real” requests of users.
- As said, you can achieve a liveness check by accessing the homepage of SonarQube and if any HTML is rendered, it is alive. And if you see a login box and not a starting up message it is ready. Parsing HTML is cumbersome.
(BTW: we run an 10 million lines enterprise edition but without support)