We are looking at running SonarQube behind CloudFlare Zero Trust and providing the Zero Trust Service Tokens HTTP headers as parameters to the Sonar Scanner.
The idea would be to allow a GitHub Action that is using sonarsource/sonarqube-scan-action or a developer running the scanner manually to securely connect to SonarQube.
It seems this could be achieved by:
- Providing custom headers as props, passed on command line
- Retrieving the headers in the Sonar Scanner API ServerConnection::create ServerConnection.java
- Adding the headers to the Sonar Scanner API ServerConnection::ResponseBody (ServerConnection.java)
Does this look like a possible solution?